Where we are now:

So I know this might be a boring topic because everyone wants to know were we are going but we have covered so much ground in the last few months that I think it is worth a quick blog to talk about the current state of affairs and the architecture of Quin-C. For those of you that disagree, just ignore this blog and my next entry will talk about where we are going in 2018. But for those of you that made it past that last sentence lets talk about where we are now. The current situation, in my view, is that we have what I believe is a reasonably well tested product that I am very proud of. I am not saying it is bug free. There is no way that is true. But I can say that I don’t know of any meaningful bugs and that is about as good as it gets in software. We are holding off on the official release a few more weeks to allow for the incorporation of some new design elements but I believe the product is ready in almost every respect. It will be posted on the website this week for anyone to download and take for a spin with a free 30 day license.

As for architecture and how it works it really couldn’t be a more dramatic departure from the status quo of our other web based products. Summation and eDiscovery run on an architecture that is extremely services heavy and in my opinion overly complex. Quin-C on the other hand is built directly off of FTK and doesn’t require any services to run, though there are services required to use certain features of the viewer. In addition, Summation and eDiscovery are dependant on IIS, which again is a technology that is considered too complex by many of our users. Quin-C gets way from IIS by abandoning the web server entirely. In its place Quin-C uses OWIN middleware, which allows Quin-C to run as a desktop application while still serving up web pages to remote users. This is why after installing Quin-C you will see two icons, one called Quin-C server and one just called Quin-C. To use the product you need to first start the Quin-C server. Once that is up and running you can run the Quin-C product, though that link is nothing more than a tricked out browser bookmark.

Given this architecture to run Quin-C the hardware specs are, not surprisingly, the exact same specs that FTK uses. This is true because for all intensive purposes Quin-C is FTK. Quin-C uses the exact same DB as FTK and runs jobs with the exact same processing engine (EP). In fact if you go into Quin-C’s install folder (usually found at c:\Program Files\Accessdata\QuinC) you will see every file that FTK uses plus a few more. Because both products are the same under the hood, if the hardware can support FTK it can also support Quin-C. Of course if you are going to do more with Quin-C than you did with FTK then the specs would alter accordingly but in general they are largely the same product..

Given the similarities in Quin-C and FTK, it is worth address the question of redundancy? Meaning can Quin-C use FTK’s EP instead of using its own EP and if not will the two EP’s conflict. The answer to the first question is technically yes but you shouldn’t do it. There are slight difference in the code that enable Quin-C’s expanded capabilities so if you have Quin-C using FTK’s EP you are likely to have problems. As for conflict, while they are basically the same code they are ignorant of each other and will not conflict. You should have no issue running the two systems at the same time, though I would encourage careful planning and a segregation of duties to ensure you don’t ever “cross the streams” to quote Egon from the original ghost busters. I will write a more detailed blog on best practices for using the two systems together but for now just now you really shouldn’t have any problem particularly if you are in a small or single user environment.

Desipte their similarities there are some key difference between the architectures of Quin-C and FTK that are worth focusing on because they are key to enabling a number of powerful Quin-C features.

l The first is that Quin-C is database version agnostic. Given how long forensics cases can last (5-10 years) and give how often Quin-C is released (2-3 weeks) the idea that you would need to upgrade cases every time you move from one version of Quin-C to another, as you do with FTK, was simply not viable. In addition, the idea of forcing people to keep old versions of Quin-C lying around they way they often do with FTK, just in case a really old case needs to be opened, was also and unacceptable idea. To resolve these issue and put this entire issue to bed Quin-C has been made DB version agnostic. Meaning the same version of Quin-C can open a 6.0 DB and 6.1 DB or 7.X DB. If the DB scheme has changed meaningfully between versions certain features many not work but the system will still run and you will still be able to view the data and the work that was done.

l Second, Quin-C is multi-case aware. While this may seems like a feature and not an architectural issue, it is in fact core to the design of Quin-C. As a multi-case aware solution Quin-C needs to be ready for users to open up hundreds of cases containing millions and millions of items. In that context pulling large amounts of data into memory as FTK does simply won’t work. Features like the lazy loading of facets, the database lock, and grid sizing are all features that accommodate this idea of a multi-case aware system facing potentially massive scale.

l Finally, Quin-C has completely embraced the idea of an open solution that has an accessible API, is largely open source, and can integrate a wide variety of third party products. Quin-C is not designed to be a portal into a wide range of capabilities that many or many not be provided by Accessdata. Notable integrations like what we have with Belkasoft, Compelson, and image recognition are all obvious examples of this but there are actually a really wide range of less obvious examples that are all over the product. Our viewers are almost all open source or third party products, our visualizations are open source, our SQL viewing is open source, and the list goes on. In fact if you are ever feeling brave go to c:\Program Files\Accessdata\QuinC\app\features and there you will find Quin-C. Each widget has its own folder and each folder contains open source code that you can play with. Frankly if you want you can even add your own widget (call me and I will show you how - I will also post a blog on it).

tleehealey Saturday 03 February 2018 - 11:14 pm | | Default
Used tags: , ,

No comments

(optional field)
(optional field)
Remember personal info?
Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.