How to Configure and Use SQL with EnCase Products Introduction
How to Configure and Use SQL with EnCase Products 5/20/2013 How to Configure and Use SQL with EnCase® Products www.ceicconference.com #CEIC2013 #CEIC2013 Introduction Databases for Guidance Software Enterprise Products: ▫ EnCase® eDiscovery ▫ EnCase ® CyberSecurity Best Practice for EnCase ® Applications ▫ Currently v5.2.1 Tools Required ▫ Guidance Software Database Utility ▫ Microsoft ® : SQL Server Management Studio ▫ EnCase ® Case Connection Editor #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. Page 2 1 How to Configure and Use SQL with EnCase Products 5/20/2013 Database Life-Cycle • Prepare the Systems • Configure SQL • Create Databases ▫ GSI Database Utility • The Upgrade • If you have to Troubleshoot • Always Backup • Maintenance & Recovery #CEIC2013 System Preparation Systems Requirements: SQL Server Supports the entire application Minimum configuration Scale resources up Prioritize Memory and Disk IO first Stores all casework and reporting data Database Utility System User system which is designated to run the database utility User must have SQL Server permissions in order to create databases #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 2 How to Configure and Use SQL with EnCase Products 5/20/2013 System Preparation: SQL Server Installation of SQL Server Database Engine Reporting Services SQL Server Management Studio Optional to install on SQL Server itself ▫ Recommended Resources Preparing SQL Server: ▫ Install Recommended Packages ▫ Ensure Database Administrator has requirements and GSI Resources - Start at SQL Configuration Manager ▫ Check that SQL Server is available from all EnCase Systems ▫ Backup SQL Server Master Key and other important Database Resources #CEIC2013 System Preparation: Software Required Server Version: Specific Systems Settings Required: Microsoft SQL Server ▫ Min: SQL2005 sp4 ▫ Max: SQL2008r2 Packages: SQL Server Database Instance Reporting Service Complete Management Studio GSI Database Utility Provided by Guidance Software Install SQL resources on Database Utility Machine ▫ SQL Server Management Studio ▫ [OR] SQLCMD + SQL Native Client SQL Server ▫ Server Settings and Permissions ▫ Accounts and Roles Machine designated to run Database Utility ▫ Permissions for SQL Components ▫ Permission to run PS Scripts #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 3 How to Configure and Use SQL with EnCase Products 5/20/2013 System Preparation: Start with SSMS SSMS (Sql Server Management Studio) Management Studio: ▫ SQL Permissions ▫ Maintenance Schedules ▫ Modifying Catalog Properties ▫ Scripts, Queries, Configuration ▫ Performing Manual Backups - In addition to… GSI Database Utility ▫ Creating or Upgrading eDiscovery or CyberSecurity databases ▫ Running Application-specific diagnostics *Optional whether to install SSMS on SQL Server itself* #CEIC2013 Configure SQL: Installation If you must install SQL Server, these options are recommended: Run SQL Services via System Account, - no need to run via AD Account Include Windows Authentication-Mode - This option alone is more secure - Mixed-mode also suitable Server Collation: - SQL_Latin1_General_CP1_CI_AS - Latin1_General_CI_AS Allow traffic through Firewall #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 4 How to Configure and Use SQL with EnCase Products 5/20/2013 Configure SQL: Catalog Settings Running the Application, Two users should be created (minimum) 1. EnCase_Service Account: Account that is used by the application to service users ▫ All databases should use the EnCase Account or [sa] for the ‘File’ DB Owner ▫ Must be either a SQL or AD User account; AD Groups will not work ▫ Should not change database owner once the tables are created 2. EnCase Enterprise Desktop Users: access to the application databases for importing data, creating criteria/jobs, etc. ▫ Case Role: DB_Owner ▫ If the system administrator is file owner, map the EnCase_Service account to this role as well Database Administrator may grant a team member the ability to create databases. This user will need the server-level permission: ‘DB_Creator’ Record information on all accounts used when building the ECC Database set. Keep this information! #CEIC2013 Lab Break 1 Open SSMS and examine configuration Get briefly familiarized with the application’s areas Open SQL Configuration Manager Services and Settings for the MSSQL Service itself Examine Enterprise Configuration Settings in SSMS User and Catalog Properties #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 5 How to Configure and Use SQL with EnCase Products 5/20/2013 Creating Databases: The Database Utility Guidance Software Database Utility Introduced in v5.1.0 The only method to create databases This means: ▫ Advanced functions ▫ Easier to manage ▫ Creating multiple catalogs atonce ▫ Not necessary for DB Creator to access SSMS on a regular basis #CEIC2013 Creating Databases: Completing DataBase Utility Database Name: Must be unique in the SQL Server. Do not reuse names for Global or Case catalogs Database Master Keys: Create Tables operation within Global requires entering a Database Master Key. Diagnostic Results: Critical errors will prevent further action Warnings Can be skipped Once Database creation completes, can be checked in Management Studio and Connected in EnCase® Enterprise #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 6 How to Configure and Use SQL with EnCase Products 5/20/2013 Creating Databases: Connecting Desktop If creating a new Global/Case set: Run EnCase Enterprise Desktop ▫ Open Enterprise Applications ▫ Click eDiscovery or CyberSecurity Configure Database Connection If switching the database connection in Desktop Run EnCase Enterprise Desktop ▫ Navigate to Settings ▫ Select Change Database Configure Database Connection #CEIC2013 13 Creating Databases: Connect in ECC Connecting to ECC for the first time, will open the ODBC dialog: ‘Microsoft OLE DB SQL Provider for SQL Server’ required Connect to Global Database Navigate to cases which have been created Each new Case or Investigation created in the Database Utility will automatically appear in Desktop and the Web Application #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 7 How to Configure and Use SQL with EnCase Products 5/20/2013 Creating Databases: Service Master Key Stored connection stings are encrypted by : Database Master Key + SQL Service Master Key ▫ Best Practice to store: ▫ Master Key Passwords ▫ SQL Service Master Key · Key File · Decryption Password Connection strings is the only field which is encrypted by default ▫ http://technet.microsoft.com/en-us/library/bb964742.aspx Important during SQL Migration #CEIC2013 15 Upgrading: Prerequisites AD or SQL User logon which initiates upgrade DB_Owner and DB_Creator on the Global and Case catalogs ▫ To allow the script to backup the existing database ▫ To drop unused signatures and broker features ▫ To modify the schema When upgrading to v5: SQL05sp4 or SQL08r2 Server Edition Database version should be 4.4 or 5.1 Select the group of cases which will be upgraded ▫ May deactivate cases to be skipped in previous version. #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 8 How to Configure and Use SQL with EnCase Products 5/20/2013 Upgrading: Pathways Certain mandatory upgrade pathways from recent ECC Versions. Version 3: ▫ <= . v3.7 v3.8.1 v4.1 v4.2.4 v4.3.0+ Version 4: ▫ . <= v4.2.3 Version 5: NEW v5 Global Upgraded v5 Catalogs <= v4.4.2 ORIGINAL v4 Global Remaining v4 Catalogs #CEIC2013 Upgrade: GSI Database Utility Database provides the facility to upgrade any candidate Global Database version (4.4.1 and 5.1.0) Complete Diagnostic before the actual upgrade proceeds Choose the Databases to be Upgraded ▫ Can elect to leave some behind in the old Global Upgraded Databases will be deactivated in the old global Strongly recommended to backup catalogs prior to Upgrade #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 9 How to Configure and Use SQL with EnCase Products 5/20/2013 Upgrading: logging & backups Upgrade creates a log for each database in the Current User AppData Directory ▫ %userprofile%\AppData\Roaming\EnCase Applications\Database Utility“ ▫ Run Command + “%appdata%” Upgrade will attempt to create a backup for each database upgraded If there is an error with the Global or any Case databases, the log can be used to troubleshoot ▫ Look near the end of the *.log file #CEIC2013 Lab Break 2 #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 10 How to Configure and Use SQL with EnCase Products 5/20/2013 Troubleshooting Common issues: Unsupported operations: Jobs not executing: ▫ Check the status of Examiner Service first ▫ Check SQL Logs for error messages Create tables issue: ▫ Check Database Names for special/illegal characters ▫ Duplicated Database Names will not work Other common issues ▫ Re-check permissions/ownership accounts ▫ Running stored procedures ▫ Queries which INSERT data or ALTER tables/schema ▫ Deleting Tables ▫ Removal of records (case ids, custodians, etc…) ▫ The Utility does a complete upgrade check before it will proceed; invalid databases cannot be upgraded ▫ Never alter databases outside ECC ▫ Moving files causes ‘broken links’ to stored paths #CEIC2013 Troubleshooting: Apps that depend on SQL Enterprise Applications that connect to databases: EnCase Desktop Web Components Site Cyber/API Sites Data Service Site Examiner Services EnCase WebServer Visit: http://localhost:8888/config #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 11 How to Configure and Use SQL with EnCase Products 5/20/2013 Troubleshooting: Service Broker In previous versions of the software, it is sometimes necessary to troubleshoot Service Broker Issues. Versions: v4.3.0 – v5.1.3 User permission issues cause disabled Queues: dbo.CTQ dbo.Notify Properties of dbo.CTQ ▫ EnQueue not enabled Notify Queue is also down Queues must be re-enabled. Check SQL Logs, use permission scheme in v5.1 Admin Guide. #CEIC2013 Troubleshooting: Logs, Configuration Manager Locate the SQL Logs to get information on: Messages, Service Messages, User Actions, Server Information, Login Failures, …and more! Open Sql Server Configuration Manager to check the instance & services Protocols: TCP/IP, Named Pipes, Shared Memory (local) SQL Service: service account, start-up parameters Default and Named Instance Services running and their running condition. #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 12 How to Configure and Use SQL with EnCase Products 5/20/2013 Troubleshooting: System Health Sql Commands: sp_who Sp_Who2 sp_configure SQL Server: SQL Activity Monitor Windows System: Task Manager = Run + “Taskmgr” Resource Monitor = Run + “Resmon” #CEIC2013 Backups: Recommendations Consistent Database Backup is Critical Use Full backup capability in Ssms. - Never copy mdf/ldf to another directory, create a full *.bak file for each catalog. - Specify backup options, defaults may not fit your workflow. For manual backups, it is recommended to define a complete new backup each time, avoid append or overwrite options in case this will be confusing to manage. - For automated backups, manage available disk-space and retention accordingly. Back Up Often. In addition to regular backups, initiate additional backups if important work has been performed, new Cases initiated, or if system maintenance will be undertaken. If necessary to restore, check the MS SQL Documentation for standard procedures. - If moving the database set, additional steps will be necessary, see maintenance and recovery in the admin guide. Work with Database group if not managing ECC’s instance of SQL. #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 13 How to Configure and Use SQL with EnCase Products 5/20/2013 Backup: SQL Folder Locations Each SQL Instance has a backup folder, this can be customized by admins to point to another location. ▫ The Utility will attempt to use this location to auto-backup, Backup manually in addition to be certain! Each SQL Instance has a Data folder, this will contain the mdf, ldf. ▫ Data, Logs, Backup, etc. may be specially mapped by your DBA ▫ Putting files in these locations requires special rights, check with DBA #CEIC2013 Lab Break 3 #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 14 How to Configure and Use SQL with EnCase Products 5/20/2013 Maintenance: Keep Info up-to-date Critical items of information which should be saved/updated Global/Case Catalog information: Server Access: ▫ Instance-specific information ▫ DBOwner, SQL users, AD users, Service Accounts ▫ SQL Passwords stored in a secure location If SQL configuration is non-default, record this information and submit to your DBA. ▫ DBA can better assist if they are aware of ECC requirements and behavior · Data/Backup directories · Instance Address · Backup Instance Service Master Key ▫ ECC Database Master Keys ▫ Connection strings ▫ Case Database mapping information (Catalog and Friendly Name) #CEIC2013 Maintenance: Database Integrity Workflow for database integrity tasks How to set up & execute maintenance scheduler Recommended Tasks: Database & Transaction Log Backup Integrity checks Rebuild Index Reorganize Index (db defrag) Task Useful Interval Backup DB & Transaction Log Yes Frequently Database Integrity Check Yes Periodically Rebuild Index Yes Before/After running job Reorganize Index Yes Before/After running job Shrink Database No Only on de-activated, archived cases Shrinking Databases Only on closed/archived cases, do not shrink active production cases #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 15 How to Configure and Use SQL with EnCase Products 5/20/2013 Maintenance: Automating with Maintenance Plans Maintenance Plan Wizard: Setup Maintenance Plan Elements by selecting from default options Maintenance Plan Diagram: Map Maintenance Workflow via Plan Diagram. #CEIC2013 Recovering: Can be complicated A complicated workflow exists for moving databases Moving Databases should not be a common occurrence However, it is sometimes vital to bring systems up-to-date ▫ Diagram explains the overall process Break down the process into manageable steps! Planning for much more than just SQL ▫ · Moving Data, Server OS and Account Management, Etc… #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. Alter Master Key* *If Database Master Keys have not been stored ECC DB.bak Open DB Master Key Sync to New SQL SMK Restore Previous SQL SMK Restore Users, permissions & enable Broker Adjust Global DB connection strings Connect to restored DB with ECC 32 16 How to Configure and Use SQL with EnCase Products 5/20/2013 Recovering: Simplified Steps for Moving Databases If you must move databases and restore to a New SQL Server for any reason. Use the simplified steps: 1. Backup all the databases 2. Restore them to the new server 3. Rework the keys to they can communicate 4. Modify Global so it knows all the cases are on the new server 5. Connect with ECC #CEIC2013 33 Recovering: Sample Commands on DB Keys • • It is recommended to backup the service master key from SQL ▫ Whether you plan to move dbs or not ▫ Is a disaster-recovery measure If moving databases to a shared SQL instance ▫ Use the Master Key entered in the GSI Utility to sync to the new SQL Instance #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 34 17 How to Configure and Use SQL with EnCase Products 5/20/2013 Restoring: Case Connection Editor After all the recovery work is completed in the new SQL, Create a new connection string for the new SQL Instance: Strings Stored in Global Database Also displays the Catalog and ECC name information Can Export the table of cases for records. Only use the provided editor! It will validate the Case Identity to prevent errors in mapping connections #CEIC2013 35 Lab Break 4 #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 18 How to Configure and Use SQL with EnCase Products 5/20/2013 Questions #CEIC2013 Jessica Bair, Guidance Software, Inc. Aaron Bennett, Guidance Software, Inc. 19
© Copyright 2024