What I love about my job, being in Public Sector, is the chance to make a positive difference to the lives of others. Whether it’s healthcare, police, local government or education, a true technologist thrives on the sense of purpose associated with these fields and genuinely feels elated at being able to have an impact on the society.

Not a long time ago, I designed a solution for a High tech Crime Unit / Digital Media Investigation Unit / eForensic (HTCU / DMIU) Solution for a major Police Force and in their own words, this solution was going to transform how DMIU operated and would set a standard for the rest of the Police forces in the UK.

The said Police force has already acknowledged some business benefits, impact on public and Criminal Justice system. A specific example is that of remote image transfer from one of their remote sites to Head Quarter (HQ). This used to take at least a day previously (first image the mobile device, store locally, burn into DVD, find a person who can travel to HQ and finally travel to HQ). With the new solution (they have benched marked it), it took five minutes and HQ team were able to access and process the image instantly. Other benefits, they have noted, include huge reduction of processing time for forensic images (18 hours in legacy, 7 hours in the new system and 22 hours Vs 9 hours during acquisition) are just few of the highlights

The above translates into more cases being processed in a week and therefore, quicker access to processed evidence in the court room, leading to faster decision on cases. Safer community! I say it’s a win, win!!

Before I dig deep into the solution, for those who are reading and not familiar with HTCU or DMIU, I would like to, very briefly, mention the aims and objectives. HTCU or DMIU or eForensic departments provides the ability to combat both “Digital & Cybercrime” elements that are now encountered frequently in day to day Policing. Majority (I wont be wrong in saying approximately 90%) of the UK Police Forces have one of the following workflows.

Potential disadvantages of the above mentioned workflow include individual dedicated workstations with local attached storage, lots of manual human intervention, potential security breaches and finally, data retention on media which don’t provide a platform for analytics, along with uncertainty that data will be saved for future use in ‘xx’ years.

In contrast to above, the transformational solution which we implemented recently at a UK Police Force (can’t be named for obvious reasons) fulfills all the building blocks that Police Forces require to achieve their mandatory accreditation.

The solution is also a depiction of Dell EMC’s portfolio strength where such a complex solution was built ‘end-to-end’. It included workstations, Servers, SAN Storage, Evidential repository (Isilon), Switches, Firewalls, Intrusion Prevention/Detection, Anti-malware, End Point Security, Backup, Professional Services, Training and Project Management.

Very briefly, the main highlight of solution is the introduction of a new Virtualization in DMIU/HTCU/eForensic solution and Central Evidential repository where all processing is carried out rather than being performed on individual workstations. The DMIU solution was completely segregated from the rest of the Police infrastructure with its own AD, Exchange and other infrastructure services such as DNS, DHCP etc.  Right from the start, various steps have been automated and silos of data have been completely removed. Security was the most important feature and the solution provided with different levels of security, client, virtualization, forensic data store and networks.

Architecting the solution was the easy part; the biggest challenge was to make those existing forensic software work in the new virtualized world. The softwares we come across in this implementation were ENCASE, GriffEye and Magnet Axiom. Unfortunately, these softwares have been written to work in physical workstation environment. As it is, it was very challenging to get them to work, but then to get the most of high speed network, NAS storage and various security solutions turned out to be the most stressful period in the 14 years of my career. I have had to make changes at a level such as block size, pre fetching, Cache size. Interestingly, there were parameters that even application vendors were not aware that their software can be configured in such manner. I know, few of you must be thinking that its risky but in absence of such virtualized setup, someone has to bite the bullet and do the needful!

The new virtualized world was completely different from the previous physical setup and all the best practices / recommended settings from application vendors were bases upon physical workstations. Configuring ‘like for like’ (physical: virtualized) would have defeated the purpose of new solution and hence in the absence of such virtualized recommended configuration we have had to carry out performance analysis at process, threads, parallelism, kernel etc. and come out with recommended size of VMs that is not only provides the benefits of virtualization but also an immense performance boost. As stated earlier, the solution has decreased the processing time by half and in some processing steps by 3 or 4 folds.

I would end this episode with a quote from The superintendent, Head of IT, said , “ it’s not the closure of project instead beginning of a modern DMIU/eForensic department in UK”.

For more information on this solution, drop me a message and will be happy to share details of the solutions.

Happy New year , 2019 !!!