Microsoft Surface P...
 
Notifications
Clear all

Microsoft Surface Pro Tablet for Incident Response

9 Posts
3 Users
0 Likes
637 Views
(@gentekkresearch7)
Posts: 25
Eminent Member
Topic starter
 

I have a novel approach to easing the weight and amount of gear I bring to certain incidents. I was thinking of purchasing a Microsoft Surface Pro tab which has a i5 processor and 4gb of ram in it. I was going to load F-Response Consultant, FTK Imager, Cellebrite UFED Physical Analyzer to name a few.

I am looking for opinions and maybe suggestions on other software to add to the device.

Tom

 
Posted : 15/03/2013 11:29 pm
(@gilly_uk)
Posts: 23
Eminent Member
 

What you hoping to use the tablet for? A quick triage, imaging or a full blown investigation??

 
Posted : 16/03/2013 12:12 am
(@gentekkresearch7)
Posts: 25
Eminent Member
Topic starter
 

Triage and imaging to a my CRU RTX array. Thought it was a nice idea because it has a a decent processor for a tablet and it's Windows.

 
Posted : 16/03/2013 12:15 am
(@gilly_uk)
Posts: 23
Eminent Member
 

maybe give Encase Imager a go. I have downloaded it but yet to have a play around with it.

Maybe see if you could run the Sans SIFT kit in a VM from it. That has some good free tools that could be useful i.e Volatility, BulkExtractor and foremost.

AD Registry viewer.

A internet browser tool like IEF5 or Netanalysis etc

List is endless but thats what I would play around with especially the potential to run a VM on it.

 
Posted : 16/03/2013 12:28 am
(@gentekkresearch7)
Posts: 25
Eminent Member
Topic starter
 

Is the Encase Imager a open download like FTK Imager? The reason I ask is because we are a FTK house and do not have licenses for log ins for Encase. I like the idea of using IEF. Any other things that you would toss on there?

Tom

 
Posted : 16/03/2013 12:45 am
(@gilly_uk)
Posts: 23
Eminent Member
 

Its free to use, no dongle needed. I haven't tried it but someone posted about it in the Software section of this forum. It might be good it might be rubbish.

Maybe XRY if you have it, incase you encounter a phone that Cellebrite doesn't support.

 
Posted : 16/03/2013 1:06 am
(@gentekkresearch7)
Posts: 25
Eminent Member
Topic starter
 

Where would I download it?

 
Posted : 16/03/2013 1:37 am
(@athulin)
Posts: 1156
Noble Member
 

Thought it was a nice idea because it has a a decent processor for a tablet and it's Windows.

In general, you usually want decent I/O throughput – does it provide that? It doesn't seem obvious that it should, so I'd probably test it first.

 
Posted : 16/03/2013 10:59 am
(@gentekkresearch7)
Posts: 25
Eminent Member
Topic starter
 

It is surprisingly quick. It recovered an iPhone pin in short time and f response we able to download a gmail box I. About 15 min. The box contained about 4000 emails. Is there any way to get my hands on encase imager? The link provided in other forums gave me access denied issues? Also , what else do you think should go on it?

 
Posted : 16/03/2013 2:42 pm
Share: