IntaForensics Lima Forensic Case Management
Strengths: The most solid, complete digital forensics case management tool available.
Weaknesses: Installation requires some IT knowledge beyond the average digital forensic analyst.
Verdict: This is a must-have for any serious digital forensic lab. We designate it SC Lab Approved.
This tool has been one of our favourites since we first reviewed it a couple of years ago. Lima is the only case management tool in this month's group and to our knowledge the only competent digital forensic case management tool available. This should be in every digital forensic lab, especially those that need to track evidence for use in court. Additionally, it has many functions that do necessary housekeeping, such as tracking costs, tracking analyst hours for billing, and developing a more efficient set of analysis procedures.
Implementing Lima is not for the faint-hearted. Most forensic analysts will have trouble deploying it. This really is a task for the IT department. However, it can be installed with a bare minimum of database entries by the IT shop allowing lab supervisors the ability to flesh out the database to suit the way the lab runs.
The first step in deploying Lima is to implement the administrator module. This is a separate application that contains the backend database and through which that database is managed. The backend is a slimmed-down version of Microsoft SQL Server and it must be installed first. However, if you already are using the full version of SQL Server, that will work as well.
Once the database is installed, Lima customises the schema and data dictionary for its use. Once that is done, you must make initial entries in each table. That includes a lot of information - such as team members, who outside suppliers are, how much you charge per unit of lab time, what types of devices you work on, etc. There are many initial fields to initialise and the best way to do it is to start with a single, rather generic, entry at install time and then customise it once it is installed and working correctly. After you have the administrator application installed you install the separate client application. That is how users interface with the database.
It took us the better part of half a day to get the initial implementation up and running. It took another half day to customise it for our lab. However, once finished we cannot see how we will do without it after a year of use. Everything one needs to make a lab run efficiently, bill clients if a consulting business and track analyst time even if not. Evidence tracking is built in and preparing for court is made a lot easier with the tools management and reporting functions. Users even can track the outcome of cases.
There is 12 months of basic support included in the Laboratory and Enterprise editions, and extended support costs 20 percent of the license cost. Assistance includes both phone and email as well as software updates. Because Lima is based in the UK, it is likely that you will want to use the email option. However, compensating for the time difference, the company reps are quite responsive. There also is online support available.
We like this product and we believe it is a good fit for just about any digital forensic lab. It is compliant with just about all of the applicable standards - such as best practices published by NIST, ACPO, ISO 9001, ISO 17025 and ISO 27037. If you are seeking accreditation for your lab, you cannot afford to be without a tool such as this.
Documentation is in the form of complete help files on both the client and the administrator programmes. We look forward to using this tool over the coming year and, of course, we'll report on it in next year's group review.