±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 1 Overall: 33802
New Yesterday: 6 Visitors: 182

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

Raspberry Pi Dissertation

Discussion of forensic workstations, write blockers, bridges, adapters, disk duplicators, storage etc. Strictly no advertising of commercial products, please.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Raspberry Pi Dissertation

Post Posted: Tue Oct 03, 2017 9:19 am

Hi All,

This is my first post here on the forum, so a small bit of background. I am a final year Computer Forensic student who has just started on the dissertation for my final year.

The topic I will be undertaking is to use a SBC such as a Pi in order to aid with a forensic investigation.

My idea for this topic is to create a portable & simple to use device primarily aimed at small labs, the devices will be used to triage USB devices e.g. memory sticks (probably) and compare the contents against a known set of files. If the stick contains any of the known files then they will be flagged and can be analysed further.

My Question is, has anyone out there ever used a device like a Pi for anything forensic related, or does anyone have any comments that can be used in order for me to gauge an audience or to include as part of my initial research?

Thanks

Luke  

L_F123
Newbie
 
 
  

Re: Raspberry Pi Dissertation

Post Posted: Tue Oct 03, 2017 10:41 am

If you look at several portable (luggable) forensic devices, they have SoC with some embedded OS.
Disk duplicators, cell phone collecting devices, and many more work this way.

A RasPi solution would be acceptable. Caveat - the RaspPi is truly for prototyping, not for production. A more fine tuned system would be less costly and most likely faster than a generalist solution.  

jhup
Senior Member
 
 
  

Re: Raspberry Pi Dissertation

Post Posted: Tue Oct 03, 2017 3:15 pm

- L_F123
The topic I will be undertaking is to use a SBC such as a Pi in order to aid with a forensic investigation.


Consider a system which has SATA support, so you can image to a sufficient amount of storage.

Performance of these computers is very low, of course, and in most cases resides in the GPU. Maybe you can get a reasonable hash rate to hash the image or create a file set (xml/csv) for each image, if you implement an algorithm on the GPU.  

C.R.S.
Senior Member
 
 
  

Re: Raspberry Pi Dissertation

Post Posted: Wed Nov 08, 2017 8:49 am

Thank you all for the posts. I have looked further into the project and have found a couple of SBC's which may be more suited to the project, the first being the ODroid XU4 with its usb 3 ports or the Banana Pi M2 ultra/ M3.

I have decided to create a simple tool which will compare the files on a device eg HDD, USB, possibly mobiles(Need to do additional research)

Does anyone have an example hash list they would be able to provide in order to save me from recreating a whole new hash set of documents, pictures, applications etc?

Any other considerations anyone could add would be a great help.

Thanks in advance,

Luke  

L_F123
Newbie
 
 
  

Re: Raspberry Pi Dissertation

Post Posted: Wed Nov 08, 2017 10:58 am

- L_F123
Does anyone have an example hash list they would be able to provide in order to save me from recreating a whole new hash set of documents, pictures, applications etc?


You can download a large set of hashes from

www.nist.gov/itl/ssd/s...-hash-sets

However, ... managing large hash collections may lead you away from your primary goal: it may be easier to stick to a small sample set that you create yourself, say, from a default Linux or FreeBSD installation.  

athulin
Senior Member
 
 

Page 1 of 1