Building a Forensic...
 
Notifications
Clear all

Building a Forensic Analysis Machine

23 Posts
12 Users
0 Likes
1,512 Views
(@vrocco)
Posts: 33
Eminent Member
Topic starter
 

I am interested in thoughts and experience of this forum on building my own forensic analysis machine. This would be a non-portable, lab machine for analyzing forensic images, cell equipment, memory cards, etc.

What (by current standards) would you recommend for hardware requirements?

 
Posted : 16/05/2006 9:21 pm
(@digitalexodus)
Posts: 10
Active Member
 

start here Computer Forensic Systems

In my opinion, the critical areas are Alot of HDD space, and very fast disks. But when taking images, you can only pull as fast as the source drive spins. But remember once you've got an image the faster your disks are that hold the image, the faster you can manage the image (when using forensic software to analyze it) Also i would want a good bit of memory 1-2GB would be ideal. (the more the better though) And i would assume the faster the cpu can crunch numbers the better off you'll be. I would shoot for the dual core p4's. and then a motherboard that can handle this powerhouse and bring it all together with room for expansion to say the least. But be sure you have a device such as a 6-in-1 card reader, or something, just be sure you have the capability to read from almost any type of media (usb, sata, IDE, SCSI, etc.. you get the point)

 
Posted : 16/05/2006 10:58 pm
 Andy
(@andy)
Posts: 357
Reputable Member
 

Whatever you get it needs plenty of speed (dual processor), many forensic tools are processor and RAM hungry (EnCase, etc), also a large amount of storage space (Terabyte RAID).

 
Posted : 17/05/2006 12:26 am
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

I agree with the other guys.
I finally got enough money last year to build a solid system. Cost me around $3k.

Tyan K8WE -Dual opteron MOBO - dual core capable
Dual Opteron 246's (2.0ghz)
6GB Patriot ECC ram
1.2TB array (WD 400GB Raid class SATA drives)
4 removable drive bays (2 IDE, 2 SATA)
Firewire 800 PCI-X 16 adapter
Digital Intel T335 forensic drive bay controller(new addition)

 
Posted : 17/05/2006 3:27 am
(@armresl)
Posts: 1011
Noble Member
 

WD are the absolute worst hard drives made.

I see more failed WD's than any other drive and the 250's and up are the worst offenders.

If speed is an issue get a very small SCSI drive and load your OS's to that drive. Pretty sure you would run a multiple OS boot with different flavors including some Linux.

 
Posted : 17/05/2006 4:34 am
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

to each his own..I've been running this class of hard drive for a few years in servers and never had a single problem. The "consumer" grade drives are junk..no matter which manufacturer you use.

 
Posted : 17/05/2006 6:06 am
(@rkamens)
Posts: 36
Eminent Member
 

deleted

 
Posted : 17/05/2006 5:15 pm
(@armresl)
Posts: 1011
Noble Member
 

There is a known firmware problem with several lines of WD drives and while you can get them to give you another drive, unless you have the equip to rewrite firmware then you are out of luck on the data.

MHDD is good for HD problems but has a really high learning curve.

If anyone has bad drives they were going to throw away, I will gladly pay something for those drives.

 
Posted : 17/05/2006 8:55 pm
(@vrocco)
Posts: 33
Eminent Member
Topic starter
 

Back on topic…..anyone else willing to post a profile of their forensic machine to give me a better idea where to start?

 
Posted : 17/05/2006 9:20 pm
(@jimmyw)
Posts: 64
Trusted Member
 

Tyan K8WE -Dual opteron MOBO - dual core capable
Dual Opteron 246's (2.0ghz)
6GB Patriot ECC ram
1.2TB array (WD 400GB Raid class SATA drives)
4 removable drive bays (2 IDE, 2 SATA)
Firewire 800 PCI-X 16 adapter
Digital Intel T335 forensic drive bay controller(new addition)

I use a similar setup on my machines Tyan 2895 with 2 dual core Opterons, 6-8GB RAM. Concerning my RAID 5, I highly recommend Broadcom's 4852 controller. I build a 2TB array with Broadcom's distributed sparing, which costs an extra drive's worth of space, but adds performance and safety. My system dual boots with XP 32/64. After I'm done working a case, I move the images to a storage machine. My newest system uses 500 GB WD SATAs, and I've used Hitachis in the past. (I've had more problems with Maxtors than any other brand. I think it's somewhat luck.) I also suggest a Lian Li V-2000 case with plenty of coolong!

 
Posted : 19/05/2006 8:54 am
Page 1 / 3
Share: