Hi All,
This is my first post here on the forum, so a small bit of background. I am a final year Computer Forensic student who has just started on the dissertation for my final year.
The topic I will be undertaking is to use a SBC such as a Pi in order to aid with a forensic investigation.
My idea for this topic is to create a portable & simple to use device primarily aimed at small labs, the devices will be used to triage USB devices e.g. memory sticks (probably) and compare the contents against a known set of files. If the stick contains any of the known files then they will be flagged and can be analysed further.
My Question is, has anyone out there ever used a device like a Pi for anything forensic related, or does anyone have any comments that can be used in order for me to gauge an audience or to include as part of my initial research?
Thanks
Luke
If you look at several portable (luggable) forensic devices, they have SoC with some embedded OS.
Disk duplicators, cell phone collecting devices, and many more work this way.
A RasPi solution would be acceptable. Caveat - the RaspPi is truly for prototyping, not for production. A more fine tuned system would be less costly and most likely faster than a generalist solution.
The topic I will be undertaking is to use a SBC such as a Pi in order to aid with a forensic investigation.
Consider a system which has SATA support, so you can image to a sufficient amount of storage.
Performance of these computers is very low, of course, and in most cases resides in the GPU. Maybe you can get a reasonable hash rate to hash the image or create a file set (xml/csv) for each image, if you implement an algorithm on the GPU.
Thank you all for the posts. I have looked further into the project and have found a couple of SBC's which may be more suited to the project, the first being the ODroid XU4 with its usb 3 ports or the Banana Pi M2 ultra/ M3.
I have decided to create a simple tool which will compare the files on a device eg HDD, USB, possibly mobiles(Need to do additional research)
Does anyone have an example hash list they would be able to provide in order to save me from recreating a whole new hash set of documents, pictures, applications etc?
Any other considerations anyone could add would be a great help.
Thanks in advance,
Luke
Does anyone have an example hash list they would be able to provide in order to save me from recreating a whole new hash set of documents, pictures, applications etc?
You can download a large set of hashes from
https://
However, … managing large hash collections may lead you away from your primary goal it may be easier to stick to a small sample set that you create yourself, say, from a default Linux or FreeBSD installation.