Digital Investigation Manager (D.I.M)
DFLabs Digital Investigation Manager (D.I.M.) has been designed and developed to be used in IT environments during Incident Response or Forensic Acquisition operations. The application allows the user to catalogue all pertinent information gathered during the above operations and to generate reports. D.I.M. is available in three versions:
- Stand-Alone
- Workgroup
- Enterprise
With the Stand-Alone version, users work using a local database on the computer running D.I.M., and thus only one user at a time can work with the database. The tool automatically numbers the items of evidence and hosts for a given case on the basis of the information contained in the database.
The Workgroup and Enterprise versions differ from the Stand-Alone version in that they use a remote shared database. (D.I.M. currently uses a MySQL (Database License not included) database but Oracle capabilities will soon be added.) A number of users can be connected to this centralised database and work simultaneously on the same or different cases. All evidence entered at the different workstations is catalogued coherently in the shared database.
A dedicated module allows synchronisation of local databases (used by the Stand-Alone version) with the central database (upload) so that a global and updated copy is maintained of all the operations carried out at the individual workstations. Each investigator can also synchronise and update his or her local database (download) with the case information contained on the remote database.
The Supervisor Module allows the operations supervisor to monitor all work done by the investigators and to conduct complex search operations on the central database.
The Enterprise version includes the Supervisor Module as standard equipment and allows for an unlimited number of workstations.
The Workgroup version offers the option of adding the supervisor module but the maximum number of workstations is limited to ten.
D.I.M. allows the investigation process to be organised on a case basis. Each case may contain one or more hosts. By ‘host’ we mean any system (workstation, laptop, PDA, etc.) that is the object of an investigation. Each host may be associated with one or more items of evidence obtained through the forensic acquisition process:
D.I.M. allows the investigation process to be organised on a case basis. Each case may contain one or more hosts. By ‘host’ we mean any system (workstation, laptop, PDA, etc.) that is the object of an investigation. Each host may be associated with one or more items of evidence obtained through the forensic acquisition process:
- Media (hard disk, floppy disk, flash card, zip drive, etc.)
- Network Dump
- Log File (binary or text)
Special detailed forms are compiled for each of these host or media when they are acquired.
Please call 01296 621121 if you require a demo copy or email sales@dataduplication.co.uk