Monolith Forensics
  • Monolith Resources
    • Accessing Monolith
  • Monolith Features
    • 🏁Getting Started
      • Basic License Terms
      • Monolith Desktop Setup
      • Login & 2FA
      • SSO Login
      • First Steps
    • On-Premises Deployments
      • Managing Licensing
      • Requirements
      • Monolith Containers (Docker)
      • Deployment
        • .env
        • docker-compose.yml
        • Docker Installation
        • How to Deploy
        • Useful Commands
      • Monolith Data
      • Backups
        • Restoring Backups
      • Updates
      • Custom Domains and TLS
      • Connecting to File Shares
      • Update MySQL Container
      • Using External MySQL Database
      • Manually Update User Email
    • Monolith UI Features
      • Tables
      • Query Filter
      • Global Search
    • Cloud Security
      • Security Overview
      • Single Sign On (SSO)
    • Hardware Integrations
      • Dymo Label Printers
      • Printer Recommendations
      • Scanner Recommendations
      • Signature Tablets
    • Case Reports
      • Report Templates
        • Template Variables
        • Template Examples
      • Monolith Case Reports
    • Storage Items
    • Audits
      • Creating Audits
      • Viewing and Accessing Audits
      • Audit Features & Layout
      • Auditing Items
      • Using a scanner
    • People
      • Clients
        • Client Page
    • Lab Management
      • Forensic Software
      • Equipment
    • Settings
      • System
      • Email Notifications
      • Organization Info
      • Editor Templates
      • Relay Settings
        • Basic Details
        • User Management
        • Relay Instructions
        • Custom Field Options
      • Item Number Formats
      • Case Types
      • Case Statuses
      • Case Progress
      • Evidence Types
      • Evidence Progress
      • Item Labels
      • Custom Fields
      • Task Templates
      • Time Entry Categories
      • QA Checklist Items
      • QA Issue Types
      • Admin Log
      • Integrations
  • Monolith API
    • API Access
      • API Endpoints
      • Authentication
    • Info API
    • Cases API
      • Get Cases
      • Create Case
    • Evidence API
      • Get Evidence
      • Create Evidence
      • Update Evidence
      • Delete Evidence
      • Migrate Evidence
    • Locations API
      • Get Locations
    • Chain of Custody API
      • Get COC Records
      • Create COC Records
    • Clients API
      • Get Clients
      • Create Client
    • Inquiries API
      • Get Inquiries
      • Create Inquiries
    • Tasks API
      • Get Tasks
      • Create Task
    • Monolith Endpoints
  • About Monolith Forensics
    • Support
    • Privacy Policy
    • End User License Agreement
Powered by GitBook
On this page
  • What are storage items?
  • Examples of storage devices include:
  • Examples of stored data include:
  • What is the difference between Evidence Items and Storage Items?
  • What is a "General" storage item?
  • Assigning Storage Items
  • Create an Item
  • Assign an Item
Export as PDF
  1. Monolith Features

Storage Items

What are storage items?

In Monolith, storage items are considered to be devices that are used for the purpose of storing forensic data that has either been collected, processed, or provided.

Examples of storage devices include:

  • External Hard Drives

  • USB Drives

  • Network Attached Storage devices

  • FTP Servers

  • Cloud Storage Systems (AWS, Google Drive, etc...)

Examples of stored data include:

  • Forensic Images

  • Smartphone Extractions

  • Case Data

  • Forensic Reports

What is the difference between Evidence Items and Storage Items?

First, everything in Monolith is considered evidence, but for the purposes of organization and management Monolith tracks evidence and storage items separately.

Evidence typically represents the original source of forensic evidence or data. Usually, this includes hard assets like smartphones or laptops and soft assets like emails or cloud accounts. You should track anything that is considered as the original or "best" evidence as an evidence item.

Storage represents the vessel that collected forensic data is stored on. So when tracking storage items in Monolith, you are essentially tracking all the device you use to store forensic data.

What is a "General" storage item?

Monolith tracks two categories of storage items: "General" and "Assigned".

General storage items are meant to represent large storage arrays that are used as a permenant cache for all case data. This is typically a NAS array that stores pristine copies of all your case data and forensic images. It is also a fixed asset that usually stays in the lab and does not move.

Assigned storage items represent storage that is associated with a specific case and stored very specific data. These devices are usually smaller and portable devices that move around a lot and may even be wiped, destroyed, or recycled at the end of a case or matter.

General Item Rules:

  • Cannot be assigned to a case.

  • Monolith does not track chain of custody for these items.

  • Tracks data from multiple cases.

Assigned Item Rules:

  • Must be assigned to a case to use.

  • Can only track data from one case.

  • Chain of custody is only logged when assigned to a case.

  • Can be removed from a case and reused/re-assigned.

  • Removing from a case will destroy its chain of custody and unlink any tracked acquisitions.

Assigning Storage Items

There are two ways to assign a storage item to a case: Create or Assign.

Create an Item

You an create a storage item from the "Storage Items" tab of a case. This will both create the new item and assign it to the case at the same time.

Assign an Item

You can also assign a storage item that already exists to the current case. This option is available in the "Storage Items" tab of a case and in the "Actions" menu as shown in the screenshot below.

PreviousMonolith Case ReportsNextAudits

Last updated 22 days ago

Assigning Storage Items