Main Forensic Stati...
 
Notifications
Clear all

Main Forensic Station Internet Connectivity

9 Posts
7 Users
0 Likes
525 Views
andy1500mac
(@andy1500mac)
Posts: 79
Trusted Member
Topic starter
 

Hi all,

I'm in the process of putting together a forensic worksation ( my laptop just doesn't cut it) and was wondering about Internet connectivity.

Is it typical to have your main workstation not connected and thus safer from malware etc…and use a seconday machine for research and the likes?

Thanks,

Andrew-

 
Posted : 28/08/2005 12:14 am
 Andy
(@andy)
Posts: 357
Reputable Member
 

That's the setup I have, for those exact same reasons. However at times I feel it is a little restrictive, especially if you have some urls you want to check out and copying and pasting is easier than typing it out on another machine….

Andy

 
Posted : 28/08/2005 12:34 am
andy1500mac
(@andy1500mac)
Posts: 79
Trusted Member
Topic starter
 

Thanks Andy…That's the main reason I asked. I does seem a bit of a pain when your looking at a parsed index.dat file for example and wanting to view a few of the links….

Andrew-

 
Posted : 28/08/2005 1:34 am
eread
(@eread)
Posts: 3
New Member
 

Hi guys,

Where I am we have special PCs designated for public internet access. Or we use laptops we each have.

We keep separate machines because of security concerns for our network (with HD images etc) more than for public safety. There is, of course, the risk of contaminating evidence.

In your situation, I would use the laptop for internet, your forensics machine for forensics. Surely you can have them both turned on at the same time. A little bit of a pain, but you are far less likely to contaminate evidence. And never have to worry about intrusion.

Evan Read.

 
Posted : 28/08/2005 11:56 am
(@armresl)
Posts: 1011
Noble Member
 

I have one workstation that is never connected to the internet. Updates are downloaded on a thumb drive and installed that way. Most of the time I am under various court orders to not have the examination machine on the internet, network, etc at anytime.

 
Posted : 29/08/2005 7:46 am
techmerlin
(@techmerlin)
Posts: 62
Trusted Member
 

Andrew,

I agree with the machine not being on the internet while doing investigations, obviously the contamination of evidence is the main concern.

Think of it from another point where if you were examining a machine where there were cached HTML pages/images etc. what would happen if you opened up those items while connected to the internet, you would intern be going out to the page etc. and updating it with what is current.

Just a thought -)

 
Posted : 29/08/2005 11:09 pm
nickfx
(@nickfx)
Posts: 131
Estimable Member
 

On my main workstation I have 2 machines connected via a keyboard/mouse/screen switch connected to 2 monitors. I can switch with a key stroke between the forensic machine and an internet connected machine. The Internet machine just uses one screen leaving the forensic machine on the other monitor so I can copy down URL's etc. Obviously you cant copy and paste or click a link but it works for me.

Nick

 
Posted : 09/09/2005 5:47 pm
andy1500mac
(@andy1500mac)
Posts: 79
Trusted Member
Topic starter
 

Much appreciated. Thanks for the responses.

Andrew-

 
Posted : 14/09/2005 6:50 am
(@Anonymous)
Posts: 0
Guest
 

ipconfig /release )

i do the same as above, i disconnect when i am looking at evidence and i never leave the machine connected over night or anything as such if there is anything on the box which could potentially be moved/removed.

Much appreciated. Thanks for the responses.

Andrew-

 
Posted : 17/10/2005 2:48 pm
Share: