+44 (0)845 125 4400
Frequently asked questionsDo I need any special equipment to have this solution?
One of the key strengths of Remote Forensics is that you can use ANY computer on ANY network from ANYWHERE in the world to access a Remote Forensic POD. Can we buy just one or two PODs?
Yes, you can start with a hosted FIMS account and just one POD. Alternatively, for organisations who want to host their own FIMS server, there is no minimum number of PODs you need to buy.What skills do I need at the POD location?
Remote forensics maximises the utilisation of your existing forensic staff by avoiding travel to remote locations. All you need at the POD location is a person we call a "1st Responder" who has basic technical support skills- someone who knows how to take a disk out of a machine. For every job, FIMS generates detailed instructions and evidential continuity paperwork which is then emailed to the 1st responder, via FIMS, by the forensic analyst. Do I access the remote PODs from special computers?
No, the beauty of this solution is that with the 74k VPN client installed, you can use any machine you wish that has an internet connection. You can perform imaging and analysis securely from your forensic lab, a computer in an airport lounge, from a computer in your home, a coffee shop that has a wireless network or even from a mobile phone. How secure is this system?
Remote Forensics employs the industry standards for VPN security by using OpenVPN and OpenBSD to provide an incredibly robust security layer. OpenVPN is implemented using SSL/TLS + certificates together with 128 bit BlowFish cyphers and SHA1 for message digests. Need enhanced security? Although totally secure, we recognise the requirement of some clients for enhanced network encryption capabilities which we can provide using technologies with formal approval from the UK Government CESG Assisted Products Scheme at Enhanced Grade, a security rating for the protection of classified information recognized across Europe. Does it run on my company network?
Not unless you want it to. By default, our special VPN component in the POD uses any IP network connection provided the IP is publically addressable. This means it can be connected to any convenient network such as a wireless, wired ADSL or 3G.
However, if you want to be able to run e-discovery tools or even enterprise forensic tools such as Encase Enterprise Edition from Guidance Software, FTK Enterprise from Accessdata or P2 Commander from Paraben you can. Using Virtual Machine technology, simply build a VM on the POD that contains your favourite tools, allocated that VM a connection to the corporate LAN and your away! Connect to the POD from anywhere using FIMS, our case management system, and once authenticated onto the POD, mount the Virtual machine and use your enterprise tools remotely. The real power is that, by using the POD you are now able to use these tools much more efficiently because they are capturing data across THEIR local network and not across the internet or corporate WAN, potentially speeding up remote forensic imaging by days!
One of the key strengths of Remote Forensics is that you can use ANY computer on ANY network from ANYWHERE in the world to access a Remote Forensic POD. Can we buy just one or two PODs?
Yes, you can start with a hosted FIMS account and just one POD. Alternatively, for organisations who want to host their own FIMS server, there is no minimum number of PODs you need to buy.What skills do I need at the POD location?
Remote forensics maximises the utilisation of your existing forensic staff by avoiding travel to remote locations. All you need at the POD location is a person we call a "1st Responder" who has basic technical support skills- someone who knows how to take a disk out of a machine. For every job, FIMS generates detailed instructions and evidential continuity paperwork which is then emailed to the 1st responder, via FIMS, by the forensic analyst. Do I access the remote PODs from special computers?
No, the beauty of this solution is that with the 74k VPN client installed, you can use any machine you wish that has an internet connection. You can perform imaging and analysis securely from your forensic lab, a computer in an airport lounge, from a computer in your home, a coffee shop that has a wireless network or even from a mobile phone. How secure is this system?
Remote Forensics employs the industry standards for VPN security by using OpenVPN and OpenBSD to provide an incredibly robust security layer. OpenVPN is implemented using SSL/TLS + certificates together with 128 bit BlowFish cyphers and SHA1 for message digests. Need enhanced security? Although totally secure, we recognise the requirement of some clients for enhanced network encryption capabilities which we can provide using technologies with formal approval from the UK Government CESG Assisted Products Scheme at Enhanced Grade, a security rating for the protection of classified information recognized across Europe. Does it run on my company network?
Not unless you want it to. By default, our special VPN component in the POD uses any IP network connection provided the IP is publically addressable. This means it can be connected to any convenient network such as a wireless, wired ADSL or 3G.
However, if you want to be able to run e-discovery tools or even enterprise forensic tools such as Encase Enterprise Edition from Guidance Software, FTK Enterprise from Accessdata or P2 Commander from Paraben you can. Using Virtual Machine technology, simply build a VM on the POD that contains your favourite tools, allocated that VM a connection to the corporate LAN and your away! Connect to the POD from anywhere using FIMS, our case management system, and once authenticated onto the POD, mount the Virtual machine and use your enterprise tools remotely. The real power is that, by using the POD you are now able to use these tools much more efficiently because they are capturing data across THEIR local network and not across the internet or corporate WAN, potentially speeding up remote forensic imaging by days!
More FAQ
What tools can I use?
Remote forensics is designed to leverage your existing investment in forensic, e-discovery and data recovery tools so you decide what tools to deploy on the remote PODs. Fore example, ff you use Encase, Remote Forensics is specifically designed to take advantage of Guidance Software's SAFE technology which means that you only need one dongle, typically installed on the FIMS Server, with licences that can be accessed on demand by any POD. Can I share my screen with colleagues?
Yes, it is a feature of Remote Forensics that an analyst can share a screen view with a colleague perhaps to seek advice or to show particular data for language translation. It might also be to review the case prior to handing control over to the second analyst. Does the data under examination travel across the network?
No. Remote Forensics uses Remote Desktop Protocol (RDP) via the dynamically created and encrypted VPN to transmit just the bitmap changes created by a changing view. This also means that there are no recoverable artefacts left on the analyst's machine.
What tools can I use?
Remote forensics is designed to leverage your existing investment in forensic, e-discovery and data recovery tools so you decide what tools to deploy on the remote PODs. Fore example, ff you use Encase, Remote Forensics is specifically designed to take advantage of Guidance Software's SAFE technology which means that you only need one dongle, typically installed on the FIMS Server, with licences that can be accessed on demand by any POD. Can I share my screen with colleagues?
Yes, it is a feature of Remote Forensics that an analyst can share a screen view with a colleague perhaps to seek advice or to show particular data for language translation. It might also be to review the case prior to handing control over to the second analyst. Does the data under examination travel across the network?
No. Remote Forensics uses Remote Desktop Protocol (RDP) via the dynamically created and encrypted VPN to transmit just the bitmap changes created by a changing view. This also means that there are no recoverable artefacts left on the analyst's machine.