Forensic Toolkit v3 Tips and Tricks – On a budget

While researching FTK 3X and Oracle, you just recently discovered that the best configuration of your Oracle database would be on a solid state drive (SSD). Solid state drives give the maximum level of performance to Oracle databases and in turn speed up your FTK 3X responsiveness.

You are a conscientious analyst and decide to try reinstalling your database on a SSD. You approach your boss, who is not a techno geek, and ask him to purchase a 256GB high performance SSD:

“Five hundred dollars!! For one drive? In this economy? If I buy in bulk I can get ten Terabyte hard drives for that price; get out of my office and close the door behind you!”

Short stroking

So how do I get close to SSD performance on the cheap? Welcome to the world of short stroking.


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

With short stroking, you don’t use the entire hard drive for storage. Disks have become so large and cheap that you can use the outer tracks of the disk just for storing data. If you create one partition that is twenty percent, of the total size of the drive, the drive head will travel much less distance. This will decrease your latency and improve your input / output performance, access times, and in all probability, drive wear. If correctly implemented, short stroking creates more than double the throughput in less than half the access time.

By using Fdisk, GParted, or software provided by the hard disk drive manufacturer, you can use only the first few blocks of the disk to limit the number of LBAs (Logical Block Addresses) accessible in your hard disk drive. This limits the drive arm to only the last few tracks of each platter and blocks the use of slower areas of the hard drive. Remember, you will lose access to the part that’s blocked; therefore, it cannot be used to store any data.

Reading from the outside sectors of the platters is faster, as more sectors pass under the heads per second (depending on your drive speed) at 10,000 or 15,000 RPM than towards the middle of the drive at the same speed.

If you do a twenty percent short stroke of a Terabyte hard drive, you will only have 200GB of usable space on the hard drive. You will need to short stoke two Terabyte hard drives, at twenty percent, and assemble them in a RAID 0 array to get 400GB of useable space for your Oracle database. Remember, even though RAID 0 is fast, it is not fault tolerant; be sure to periodically backup your database.

Defragment early, defragment often.

After you have installed your Oracle database on your short stroked RAID 0 array, another performance boost is recognized by defragmenting the drive that the Oracle database resides on. Defragmenting allows for rapid sequential file reads and writes.  It is always best to store file blocks together contiguously (especially in any type of database).

I have created and processed FTK cases, on a clean Oracle database install and have observed up to seventy five percent fragmentation on the hard drive. Before starting analysis, I defragment the hard drive containing the Oracle database and make sure it is at zero fragmentation.

You need to regularly defragment the hard disk drive to ensure all frequently used data is defragmented otherwise; you will lose some of the performance benefits.

Leave a Comment

Latest Videos

Digital Forensics News Round-Up, February 21 2024 #digitalforensics #dfir

Forensic Focus 21st February 2024 6:19 pm

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts. 

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director 
43:45 – Privacy of user data

Alan Platt, Professional Services Consultant at MSAB, discusses his experience as a former UK police officer working in digital forensics. He talks about the different levels of digital forensics capabilities within police forces and how MSAB products like XAMN and XEC Director are used by frontline officers versus lab analysts.

The discussion covers how MSAB partners with law enforcement to develop custom workflows for mobile device acquisitions that facilitate ISO compliance. Alan explains MSAB's managed service offering, where approved MSAB staff can remotely access a customer's XEC Director server to assist with software updates and troubleshooting. He emphasizes the strict data segregation policies enforced by customers to prevent MSAB from accessing any sensitive case data.

Looking ahead, Alan mentions MSAB's new CEO and hints at some exciting developments coming down the pipeline. He spotlights recent enhancements to XEC Director's speed and database functionality for managing large estates of networked Kiosks. Alan also plugs the new XEC Director training he created to help users fully leverage the platform's capabilities.

00:00 – Introduction to Alan Platt
07:00 – Training
12:00 – Workflows
17:20 – Ensuring a secure environment
19:45 – Customer training
20:35 – Helping customers comply with ISO accreditation
25:00 – Validation and verification
27:30 – ISO standards
30:00 – MSAB’s pipeline plans
32:40 – XEC Director
43:45 – Privacy of user data

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_ifoHVkjJtRc

How MSAB Is Managing The Digital Forensics Challenges Of Frontline Policing

Forensic Focus 21st February 2024 3:07 pm

Podcast Ep. 80 Recap: Empowering Law Enforcement With Nick Harvey From Cellebrite

Forensic Focus 20th February 2024 11:49 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles