Hi all,
Until recently we built our own but now buy an off the shelf. We went for a dula processor Xeon but made the mistake of SCSi drives. Yes they are faster but the new PDE module with ENcase allows you to boot the suspect's image into VMWare, sadly VMWare doesn't like the OS on SCSi so it was swings and roundabouts.
Friendly BIOS? Not sure what that means, most of the ones I've met are fairly indifferent - a bit like the French. 😆
The one thing I really would recommend is dual screen display graphics cards. Our current ones are the nVidia Quadro - faultless.
Hmmm………..
Forensic Friendly BIOS……
From a bit of reading I have done on the net - a Forensic Friendly BIOS is one which allows access to drives in C/H/S modes - I use AWARD and it seems to do the trick - I am not sure how many Forensic Unfriendly BIOS'es are out there?
Any body with comments on Makes and versions of BIOS'es which do not support C/H/S mode ?
Ciao
Samir
I decided to build my own, and I'll add components as needed. Currently, I have an Intel P4 3.0GHZ, with 2GB of DDR memory, 2 120GB hard disks, and a dvd burner. My video card is an ATI with 128MB of memory, and dual monitor support.
I added a removeable drive tray to swap extra drives for analysis. I'm using FTK, and it seems to run ok.
Phil
Digital Forensic Discovery, Inc.
Michigan
email: posman@digitalforensicdiscovery.com
I build my own and to be quite honest find that simple is best. Just think what you need to do and accomodate that. if you hang to much on it tyen you can get problems. if you need one for a specific but uncommomn reason then you can them either adapt/add or build another smaller one for just that job. if you have Encase for example mounting the target drive as an emulated drive and then mounting it as a virtual drive in VmWare can be frustrating if there are bells and whistles on the examination machine. KEEP IT SIMPLE is the best practice if possible from my point of view - of course every one has their own beliefs and in this field Its only the best way if it works!!!!!!
Has anyone tried using a Shuttle mini system as a portable forensics system? They are tiny and light, yet are packed with desktop powered components.
Has anyone tried using a Shuttle mini system as a portable forensics system? They are tiny and light, yet are packed with desktop powered components.
That's a good solution, much better than a notebook in my opinion. I researched this possibility and found two drawbacks.
The first is the relatively small power supply. It'll be overworked in a forensic application and the shuttle power supplies are known for short lifespans anyway. I was afraid of a failure at the worst possible time.
The second was that I wanted something that could be packed complete in a single airline carry-on size case. To accomodate the depth of the shuttle (with a small LCD on top of it) the pelican type cases I looked at had to be much bigger in the other dimensions, and thus not carry-on sized.
Overall not a bad idea. It could certainly work.
sadly VMWare doesn't like the OS on SCSi so it was swings and roundabouts
Does VMWare or EnCase have any trouble with SATA drives instead of IDE drives?
No issues that I could find on the Encase boards. At least not as far as the SATA drives go, there are a lot of issues with getting the Physical Disk Emulator (PDE) to work properly.
Just a thought, but for the price of the FRED unit you could build enough systems to accommodate multiple needs. For mobility you could use a laptop with external USB drives. Connect every thing to a KVM switch and there you have it. But then again I'm new to computer forensics and this probably isn't a new idea.