Here is a challenge for the digital forensics and legal discovery gurus out there.

How do you forensically capture over 20 Terabytes of data including 1200 optical discs and dozens of hard disk drives containing around 100 million individual files, and then accurately identify only the relevant material? Let's hear your digital forensic software and hardware tool, processing and procedural solutions. How long would you estimate it would take to both capture and analyse the results? Most importantly, how much coffee do you think you would have consumed?

How did we do it at @SECMON1 ? We first ensured we utilized our most experienced team. All had at least 20 years of experience in digital forensics and legal discovery in both the law enforcement, corporate and consulting environments.

Planning -?Planning was key. We wanted to finish the process as we had started it and not change direction, process or procedures half way through. Chain of custody and carefully tracking each piece of evidence as well as the naming conventions utilized were key aspects to success.

Forensic Imaging - We started by forensically imaging every piece of evidence using either Encase Forensic Imager or FTK Imager.?Each individual piece of evidence was photographed and logged prior to forensic imaging.

Analysis and production - First we built a server with massive processing power and a huge amount of storage. For processing this case we utilized Vound Software Intella. We chose Intella as multiple persons were required to review and redact the potentially responsive data. We were able to quickly refine, review and redacted the dataset. Export of the relevant items was simple and efficient.

Success - The result was a resounding success for SECMON1 and the client. Our robust process, which we demonstrated to the opposing forensic expert, resulted in a high level of confidence in the process and the resulting output.

So how would you have approached this challenge?

#digitalforensic #legaldiscovery