±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36595
New Yesterday: 0 Visitors: 167

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Recommended forensic hardware

Discussion of forensic workstations, write blockers, bridges, adapters, disk duplicators, storage etc. Strictly no advertising of commercial products, please.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2, 3 ... 10, 11, 12  Next 
  

jamie
Site Admin
 

Recommended forensic hardware

Post Posted: Dec 02, 07 16:26

Following on from one or two earlier discussions, I'd like to develop a page devoted to forensic workstation suggestions/recommendations. The aim would be to provide a quick reference to anyone considering buying or building a workstation - for imaging and analysis - and to keep the page updated at regular intervals.

Cost is as much a factor as performance in many of our purchasing decisions and I'd like the focus of the recommendations to be on hardware which gets the job done but also represents value for money. In other words, I'm not really looking for expensive, bleeding edge solutions which would be very nice to have but are unlikely to be approved for purchase. Think more along the lines of something you'd be comfortable talking about at your next forensic get together but wouldn't expect to make anyone jealous!

My initial thoughts are it would be nice to have a generic recommendation for each category of hardware (for "build your own" machines) and then list two or three specific products per category. For ready built machines, perhaps we could simply have a few price range categories and list two or three recommended options in each.

With regard to hardware categories for those considering a a self-build, these immediately spring to mind - please feel free to suggest any others:

Case and power supply
Motherboard
CPU
RAM
Hard drive(s)
IDE/SCSI/Firewire controllers
CD/DVD writer
Hardware write blocker
Memory card reader
Video card
Sound card
Network interface(s)
Removable drive bays
Floppy drive
Speakers
Backup storage (e.g. tape drive)
Keyboard & Mouse

Monitor


Perhaps a separate section for mobile solutions (e.g. laptops/notebooks, travelling cases, etc) is also worthwhile?

I know that asking for recommendations has the potential to be somewhat chaotic but let's give it a go, hopefully the end result will be of real use to those either starting a new forensics section or upgrading from older kit.

Thoughts, comments but most of all suggestions for the above categories are very welcome...  

Last edited by jamie on Jan 04, 08 19:16; edited 3 times in total
 
  

armresl
Senior Member
 

Re: Forensic workstation recommendations - can you help?

Post Posted: Dec 02, 07 23:52

For mobile stations.

I like the Dell M1710 and the Sager 98 series. One is a desktop replacement the other is a lighter laptop with a strong graphics card.

For actual workstations I have liked getting server cases on wheels, so if I need to for some reason take it somewhere it wheels right out of the office, and server cases have so many free slots, you would be hard pressed to fill them all.

I would add that SCSI card would be good to have, maybe an IDE expansion card.

Cooling would be important as we let our cases index for hours and sometimes days. Spreaders for the memory would be nice.

At least 2 of every item you would put in an expansion bay. Much easier to copy floppies, CD's, DVD's,

3.5 and 5,25 floppy bays will come in handy.

I like to have one of whatever the largest drive on the market is for compression of the cases (backup)

Software to be able to multiboot Vista, Linux, XP. As many of you know Vista is not the easiest to multiboot with.

I would refrain from a network card and for sure disable it in the bios. A large number of cases we have require that there be no network or internet connection on the examination machine.

Updates for windows, and other software can be made via a thumbdrive.
_________________
Why order a taco when you can ask it politely?

Alan B. "A man can live a good life, be honorable, give to charity, but in the end, the number of people who come to his funeral is generally dependent on the weather. " 
 
  

azrael
Senior Member
 

Re: Forensic workstation recommendations - can you help?

Post Posted: Dec 03, 07 15:50

Would it be too much to ask for specialist hardware to be included as well ?

When faced with having to chose a writeblocker for example - which one would people reccommend, or possibly more importantly, which would they avoid ?

In the UK, Rock make quite decent desktop replacement "portable" machines - they also have some interesting features, such as RAIDed drives that makes them quite well suited to business jobs. Apple MacBook Pro laptops are both very portable, and very powerful. They have excellent screens and graphics & can dual ( triple ) boot any combination of Windows/MacOS X/Linux ...

I find that the Dell LCD monitor range offer excellent quality/value, and in all the time I've used them in a corporate environment, I have not known a single one either arrive dead or fail in use, unlike both Sony and Samsung monitors that I have seen ...
_________________
--
Azrael
-- 
 
  

steve862
Senior Member
 

Re: Forensic workstation recommendations - can you help?

Post Posted: Dec 03, 07 16:33

Hi all,

If we're going to get really specific we might want to look at how the processor divides its secondary cache memory between the data banks of RAM. For example a Xeon CPU with 4MB depending on it's desgnation might allocate 2MB to each of 2 banks of RAM. Therefore if you frequently only use half the installed RAM you may also be losing half the secondary cache of the CPU. So you might decide to spend more money on a better CPU and less on memory. It all depends on the type of work you get your machine to do.

In more general terms we are looking seriously at Mac Pro machines now as these seem to run core tasks in FTK and EnCase quicker than similar spec PCs. It has the added advantage of being both your Mac and your PC. They run into the very high spec and I believe this past week saw the release of the new Intel CPUs.

On the cheaper side of things we have a few Intel Core 2 Duo machines in the lab as secondary work machines and these are surprisingly good.

The bottleneck is frequently read/write access from the hard drive on which the evidence is stored. Externally connected hard drives containing evidence ideally should be connected via Firewire B, as this performs roughly on a parl to internal SATA. We found USB 2 resulted in tasks running at roughly half the speed of IDE 100. An alternative might be to have an i-scsi card in your PC and an i-scsi external data store. Not the cheapest again though.

Bare in mind where you put your pagefile (if you have one). A separate disk on a separate channel is better than on the OS partition or worse still on the OS drive but a different partition.

As for wite blockers we have been using Tableau ones for a while. They are easy to manage with firmware updates etc and offer Firewire A and B and USB 2 connections. Writeable versions are also available and are quite good for doing a restore of an image.

Just a few thoughts.

Steve
_________________
Forensic Computer Examiner, London, UK 
 
  

jamie
Site Admin
 

Re: Forensic workstation recommendations - can you help?

Post Posted: Dec 04, 07 05:13

Excellent comments guys, thank you.

I really would like to encourage anyone else to chime in too, even if its only to share your thoughts on one particular piece of hardware. I'll start to put up a preliminary list of recommended components shortly but more input from other members would be very useful.  
 
  

jamie
Site Admin
 

Re: Forensic workstation recommendations - can you help?

Post Posted: Dec 06, 07 04:44

OK, just to nudge this on a little bit I'm going to suggest we stick with Intel's Core 2 Duo as a sensible CPU choice ("sensible" being a good compromise between cost and performance). That being the case, any recommedations out there for specific motherboards or chipsets?  
 
  

BitHead
Senior Member
 

Re: Forensic workstation recommendations - can you help?

Post Posted: Dec 06, 07 10:09

I have had good success with the ASUS boards with NVIDIA chipset with the Intel chipset coming in a close second. Right now I am building a system with one of the new "energy efficient" P5E3 boards.  
 

Page 1 of 12
Page 1, 2, 3 ... 10, 11, 12  Next