Belkasoft Case Study

 

The Challenge

 

One of the biggest challenges forensic examiners and investigators face daily is the speed at which they can sort and process evidence and its data. When at a scene, law enforcement can find dozens of pieces of hardware containing evidence that all need to be processed and analyzed for possibly relevant data. They require computers for this analysis and processing.

Around the world, sometimes agencies have existing contracts with larger computer manufacturers such as Dell, Lenovo, and HP, or through habit, have just always used these companies to meet their computing needs. These companies make perfectly acceptable hardware for many fields and types of work, but in the field of digital forensics, specialized hardware is not only encouraged but is sometimes required to make a real impact. These contracts mean that these examiners and investigators are sometimes required to make use of these generalized computers and have no additional options for other hardware. While for many agencies, this is perfectly acceptable, there do exist many cases where time is a major factor, and each lost day, hour, and a minute is another where a case is not being solved, and potentially someone’s life is in jeopardy. Do better solutions exist that can both satisfy an examiner’s need for speed and also compete with these bigger companies’ lower prices?

 

The Solution

 

SUMURI’s line of TALINO forensic workstations, laptops, and more are specifically designed to process data significantly faster than the more general computers that so many forensic examiners are paired up with. With an emphasis on tailored specifications, high-end components, and virtually unlimited customization choices, TALINOs have the means to shred casework and can process data significantly faster than other competing solutions. In addition, SUMURI prides itself on creating excellent hardware that meets the budgets of agencies around the world using their proprietary chassis that isolates electrically and heat-sensitive components, extending the life of the workstation long past the point of your usual upgrade timeline.

TALINO workstations and laptops almost exclusively run Windows, which means any Windows- a based forensic tool that exists can be used with it. Many tools exist out there which include powerful functionality designed to make a forensic examiner’s job simpler, more effective, or find evidence other tools simply miss. One such tool is Belkasoft Evidence Center X, which features a robust list of functions to streamline the list of tools needed during an exam, and was used for this case study.

 

The Results

 

We set up a test environment where both computers would be processing the same data in Belkasoft Evidence Center X and comparing the length of time saved by the TALINO, if any. To start, we ran a simpler initial test of analyzing a single forensic image, selecting all possible artifacts, but only a few of the additional options, such as facial recognition and detection of guns. From this, we can see that the TALINO ripped through the casework, completing the analysis in less than half the time!

But this was a light test, with only a single image. The vast majority of cases examiners face will involve multiple images, usually from multiple sources found while on scene. They do this because while on the scene, there isn’t always a great way to know what evidence will and won’t be relevant to a case, so they sometimes pick up other drives or devices, just in case it’s valuable to the investigation. To get a better picture of what the impact a TALINO can have on an examiner’s casework, another test was run, this time with four images, all directed to process inside Belkasoft Evidence Center X simultaneously.

For this second test, we used the same image, but also added in three additional images, two of which were for mobile phones, which have become so commonplace in today’s society, and as a result, in forensic labs when working on a case. In this instance the gap seen previously has only gotten bigger, widening significantly in favor of the TALINO! The difference between them is almost two entire average work days. This could mean the difference between life and death for law enforcement and the people, they protect every day.

This result helps to exemplify why having a dedicated forensic workstation is so important. Could an examiner just use whatever computer was assigned to them and finish their casework? Certainly. But with this much room for improvement, it’s trivial to imagine this saving month of time for an agency in any given year, and countless hours spent just waiting for their casework to finish processing. This helps save the agency significant money as well, as they can then close cases faster, allowing examiners and investigators to focus their attention on new cases that come into their lab, saving potential priceless lives in the process.

 

About SUMURI Forensics

 

SUMURI develops forensic computers and software that can be used in investigations of crimes committed on computers. SUMURI’s end-user customers are forensic examiners and investigators around the world. SUMURI manufactures both hardware workstations and portable software packages to aid investigations and recovery of sensitive information on computers. It is headquartered in the Center of the Universe, AKA Magnolia, Delaware.

 

About Belkasoft

 

Belkasoft develops forensic software for Windows that is used to serve a variety of purposes in today’s law enforcement and incident response world. This includes Belkasoft T for triaging data, Belkasoft N for investigating hacking attempts of Windows computers, Belkasoft R for remote acquisitions, Belkasoft RAM Capturer for capturing the contents of RAM or memory running on a live computer, and of course Belkasoft X Evidence, which is the forensic suite used for this case study. They are headquartered in Sunnyvale, California.

 

About Belkasoft
TALINO KA-L Omega

Designed to be the ultimate in portable power. Featuring a 11900K CPU, up to 128GB of RAM, 4 M.2 NVMe drive slots, and an RTX 3080 with 16GB of VRAM, it is the only solution for this kind of power that exists.

“Other” Forensic Laptop

Given out for use with forensic casework during a SUMURI employee’s training. There are many forensic examiners in the world who are assigned something like this as part of their normal duties and they get little choice to anything else, or, simply don’t know of anything else. The branding has been covered to protect the innocent.

Belkasoft Evidence Center X Forensic Edition

A powerful forensic tool, it’s capable of acquisition, examination, review, and analysis, as well as reporting. It also sports a fast and easy-to-use interface with support for extracting evidence from a myriad of sources such as:

  • Computer operating systems such as Windows, MacOS, and Unix-based systems
  • Disk images
  • Virtual machines
  • Memory
  • Mobile phones running Android and iOS
  • Cloud sources such as Google Cloud, iCloud, email, and more