Notifications
Clear all

Building a new PC

13 Posts
11 Users
0 Likes
2,057 Views
(@artee)
Posts: 13
Active Member
Topic starter
 

Happy New Year all.

I'm about to start building a desktop PC for my university course in forensic computing and just wanted to know if i should be prioritizing any particular part of the hardware?

Thanks in advance.

 
Posted : 01/01/2015 7:04 pm
(@mscotgrove)
Posts: 938
Prominent Member
 

Lots of disk storage space. All modern PCs are pretty good speed wise. Choose 64 bit operating system.

Software is you big area for investigation

 
Posted : 01/01/2015 10:17 pm
(@lpforensic)
Posts: 18
Active Member
 

Lot of RAM

 
Posted : 01/01/2015 11:33 pm
Bulldawg
(@bulldawg)
Posts: 190
Estimable Member
 

If you can afford it, lots of FAST storage and plenty of RAM are your priorities. CPU isn't that critical unless you're going to be doing a lot of password cracking. The same goes for the GPU.

Minimum–get a small-ish SSD for your OS. 250 MB should be plenty and you can probably get by with a 120GB if you're good. Then use a cheaper spinning disk for all your analysis. A 4TB Western Digital Black drive should do. Better, put a few of those spinning disks in a RAID 0 (make sure you back up often), or RAID 10 (4 disks required). RAID 5 is okay too, but only with hardware RAID cards. Best would be lots of big SSDs, but that's cost prohibitive for most students.

RAM–32GB minimum. 64 GB will leave you more room for VMs.

CPU–Don't go for the latest and greatest Intel. The X99 chipset's RAM requirements bump up the price significantly, and DDR4 RAM isn't significantly faster in the real world than the DDR3 used by the Z97/Z87 chipsets. The CPUs are cheaper too. Hyperthreading isn't necessary, IMO. You can stick with an i5 of similar clock speed rather than paying for an i7.

 
Posted : 02/01/2015 9:32 pm
(@bithead)
Posts: 1206
Noble Member
 

^^^^ That and an SSD for \Temp

 
Posted : 03/01/2015 3:49 am
(@athulin)
Posts: 1156
Noble Member
 

I'm about to start building a desktop PC for my university course in forensic computing and just wanted to know if i should be prioritizing any particular part of the hardware?

Display(s), keyboard and mouse that's what you'll be facing most of the time. You don't want your problems to be with these devices. Make sure keyboard and mouse works also at boot time – you don't want to find yourself with a keyboard that is dead until the OS had loaded USB drivers. (This is not much of a problem anymore, but if you decide to use older equipment, you may want to double-check.)

Fans, and other noise-generating equipment avoid them. (Go for a higher-speced power supply that won't need to spin up its fans because it never heats up, for instance. But quiet computing is a craft of its own. Consider avoiding extreme CPUs, if they require noisy cooling.)

Fast I/O channels – that goes both for memory and storage units. This may mean looking at server/workstation platforms rather than consumer platforms, though top-of-the line client platforms may have an edge in certain circumstances. (Hot graphics is of limited use – on-board graphics usually does the job, though graphics cards can be useful for cracking passwords.)

Robust device connectors. You're likely to plug in all kinds of devices – you don't want connectors placed where they're difficult to get at, or where you can't keep cabling neat. And you don't want connectors that die on you with the first hard tug on the wrong cable.

Support for hot-swapping disks may be important – but it depends more on your work habits than anything else. Room to grow (free PCI slots, free disk bays, free memory slots, …) may be important. If you blow your entire budget on one system, it will be very important (and that also means you need to get a power-supply with enough headroom for that extra growth).

Apart from that, follow the recommendations for the particular software you're going to use. If your forensic-toolkit-of-choice doesn't support multi-core systems, the benefit of having a multi-core CPU will be limited. And if it can't make use of more than X Gb of user memory, again, loads and loads of memory may not be your best choice.

If you don't know what software you'll be running, spend around half of your budget on a middle-high gaming platform with some additional memory and disks. Keep the other half for your first upgrade once you've learned what is important to your particular circumstances. You'll need it.

If you can definitely say that you'll be mainly using EnCase or FTK or … whatever, you would probably get more specific recommendations.

 
Posted : 03/01/2015 11:44 am
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

OK so firstly, designing a "forensic workstation" for home/uni use is very different to an industry spec system. Usually the image files provided are a fraction of the size of the "normal" image files that investigators deal with everyday. Also universities tend to like you to go more in depth into low level tools to give you that understanding of what you are doing (not a bad thing by any means).

As such, I will recommend the following to you

Find out what forensic software the course is going to have you use, I imagine it will be one of the following
Encase 6 - Outdated now but still used because it is preferable to the new version
Encase 7 - Utter S**t, used on some courses because it is the latest version
FTK - not sure if this is used as much on uni courses because of the server - client approach it seems to take
Open source tools - Many universities advocate the use of open source/free utilities (even if a commercial tool is used).

Which ever one the have will slightly alter the build you want. For instance, Encase 6 requires more memory (at least 32gb), however Encase 7 requires an SSD (and some anti-depressants to stop you topping yourself). Also nowhere did you state a budget.

However for the most part, I would be looking at something like this
CPU Solid i5 (4690 is a good call)
RAM 16GB (32 if Encase 6 is to be used)
Hard Disk 240 SSD plus 2 TB storage drive. Consider 500gb SSD or extra hdd if you want to install Linux.
Graphics card Doesn't really matter. Pick something in £50 - 100 ranage if you want one.
Power supply 550 -600W should do. Your not running that much stuff!
Ensure you have Sata 3 ports (should be standard on any new machine).
The tower itself in this scenario was coming out at about £900 (With OS) from www.scan.co.uk (look under 3xs systems). These come with a warranty )

2 monitors is preferable as you will want to have things easily view-able.

Software - Go for Windows 7 Pro (allows more than 16GB of Ram), some things don;t like running on Windows 8.

Second OS - I would install Linux for many reasons as a second OS. Firstly it allows you to use a lot of the open source tools and inbuilt functions of Linux (DD for imaging etc). If you want you can install a forensic build of Linux (I recommend Deft 8 as a 64 bit version) which comes with a lot of these tools. Also if you do need imaging capability, it removes the need for Write blockers.

If you have a budget, please state it and can probably help tailor the above.

 
Posted : 03/01/2015 6:36 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 


Which ever one the have will slightly alter the build you want. For instance, Encase 6 requires more memory (at least 32gb), however Encase 7 requires an SSD (and some anti-depressants to stop you topping yourself).

D

… are they included in the yearly dongle license or you need to pay for them separately (and having them prescribed by your family doctor)? ?

wink

jaclaz

 
Posted : 03/01/2015 7:53 pm
minime2k9
(@minime2k9)
Posts: 481
Honorable Member
 

D

… are they included in the yearly dongle license or you need to pay for them separately (and having them prescribed by your family doctor)? ?

wink

jaclaz

No but they're offering a special buy Encase portable and two free bottles containing 30 pills each - enough for 2 whole weeks p

 
Posted : 03/01/2015 8:17 pm
jhup
 jhup
(@jhup)
Posts: 1442
Noble Member
 

If this is forensics class build, I would only consider FOSS tools and X-Ways from the commercial side. I have seven classrooms set up for various digital forensics.

We go for
- display area (bigger screens and more monitors),
- fast and lots of memory,
- hot swap, front access bays (at least 3)
- a non-removable forensic bridge, something like a Tableau T35689iu is plenty fine
- lots of USB 3 ports,
- exteral eSATA port(s)
- three drives
- wired keyboard and mouse (get the keyboard/mouse plug versions, not USB - less likely to get "lost")

Do not forget to get at least one powerstrip (3+ open power sockets) per workstation if you get into mobile device.

We use a 3 drives in our rooms. One for the OS and application, one for the evidence, and one for the student results.

For educational purposes you do not need anything more.

Do

NOT

use SSD for student build. They will die faster and will be more headache then a box of 1TB HDDs.

 
Posted : 05/01/2015 10:48 pm
Page 1 / 2
Share: