±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35407
New Yesterday: 7 Visitors: 161

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

mac pros for f lab?

Discussion of forensic workstations, write blockers, bridges, adapters, disk duplicators, storage etc. Strictly no advertising of commercial products, please.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2, 3, 4  Next 
  

calimelo
Senior Member
 

mac pros for f lab?

Post Posted: Apr 18, 08 10:32

Hi there,

We are currently estalishing a new cf lab and i am curious about the workstations.

Mac -pros are fast and powerful computers. Now as they also support xp-vista op.systems, would it be ok to buy them or should we go with a classic workstation? Or maybe FRED workstations?

Thanks in advance

Kaan  
 
  

calimelo
Senior Member
 

Re: mac pros for f lab?

Post Posted: Apr 22, 08 19:40

well we'll find out if it works then Smile

cheers  
 
  

BitHead
Senior Member
 

Re: mac pros for f lab?

Post Posted: Apr 22, 08 20:29

Really pretty open ended questions. What software are you using? Can you deal with the minor issues encountered when running an OS in emulation? Are you doing Mac forensics? Are these machines restricted to the lab? Do you want the drive bays in a extra large case like the FRED or is the Frankenstein approach more what meets your needs. Are you going to network your lab and place the cases on a server or SAN? If you are networking are you comfortable with setting up Mac security?

Pretty tough to answer the original question without at least a few more parameters.  
 
  

tabz
Member
 

Re: mac pros for f lab?

Post Posted: Apr 22, 08 23:21

I use both standard PCs and a MacBook Pro (running WinXP). I find the MacBook Pro very fast in the data acquisition phase. By using onboard FireWire 800 via Tableau WriteBlocker and acquiring to an external SATA HDD via eSata ExpressCard I am able to acquire a device around 20% faster than on my previous notebooks.

When it comes to analysis, in my experience, nothing beats a PC with regards to speed and flexibility. Some benefits are being able to install removable HDD bays, additional ports, and just raw processing power.

Really depends on the type of work you will be performing, but if its a lab situation where you're performing analysis, my feeling would be PCs are the safest (and cheaper) way to go.  
 
  

calimelo
Senior Member
 

Re: mac pros for f lab?

Post Posted: Apr 23, 08 05:26

Thank you for the answers,

Our primary topics are computer and cell phone forensics, since we do not do crime scene investigation, we are going to examine the evidence that the police organization csi unit provides. We are not supposed to deal with network forensics or live forensics.

These machines will be our main investigation computers, we have a local network which also connects to our storage server. We are planning to work with the cases on this storage server and tape backup them.

Do i have to use parallels? I thought the mac pro had a bootcamp application which allowed it to dual boot into XP and OsX(1). Does that mean i can do the casework in Encase or FTK in the XP operating system and malware analysis in the OsX enviroment? I love these machines, sleek and powerful.

FRED looks nice to me, it's like a swiss army knife. I like the color also Smile

Have a sunny day.

1.Bootcamp  
 
  

ronanmagee
Senior Member
 

Re: mac pros for f lab?

Post Posted: Jul 01, 08 13:21

Hi guys,

we purchased some mac book pros and were are using the following setup:
- Dual boot using boot camp (Win XP)
- VMWare 1.1.3
- Encase 5.05j with compression set as NONE
- Tableau SATA write blocker

I tried imaging a 40GB Western Digital (Model: WD400BD-60JPA0) SATA HDD over different ports and have the following times:
Mac book VMWare (USB2.0)- 2hrs 35mins
Macbook Bootcamp (USB2.0) - 1hr 35mins
Macbook Bootcamp (FW800, daisy chain tableau to evidence drive) - 0hrs 37mins
Lenovo T60 (USB2.0) - 1hr 23mins

Has anyone got similar speeds or any tips on improving the speed using VMWare? Firewire is not supported in VMWare, but Bootcamp supports it. We imaged using Firewire 800 using a daisy chain (as the mac book has only one FW800 port) - has anyone added an Expresscard and seen any improvement in time compared to using one FW800 port?

Regards,

Ronan

Ronan  
 
  

Webbie
Member
 

Re: mac pros for f lab?

Post Posted: Jul 01, 08 14:10

I personally would forget Bootcamp in its present form, VMware Fusion gives the ability to use the 'power' of the Mac Pro whilst examining a Windows machine via VWware.
You can run most if not all window apps in VWware Fusion, and the new version (currently in Beta) has the ability to use multi screens.
Mac Pros are the way forward
Regards
Paul
_________________
Paul Webb 
 

Page 1 of 4
Page 1, 2, 3, 4  Next