Digital Forensics L...
 
Notifications
Clear all

Digital Forensics Lab

4 Posts
3 Users
0 Likes
423 Views
(@umeryazdani)
Posts: 13
Active Member
Topic starter
 

We are going to establish a Digital Forensics Lab in centralized (Data Center) environment which may include Encase and FTK installed on virtual Machines using SAN as storage.

Is there any body who can guide us for better solution/design, we may have totally thin client environment in our lab.

………Your support will be much appreciated………

 
Posted : 17/08/2010 2:07 pm
(@thepm)
Posts: 253
Reputable Member
 

What I will suggest is not to use virtual machine for Encase / FTK because you will encounter much performance issues (more so with FTK 3).

Instead, what you could do, and I know that AccessData are using this for training purposes, is using either Citrix or Terminal Services to be able to access a centralized server on which you can run Encase / FTK. That way, you only need a BIG server for processing and analyzing your data instead of multiple powerful analysis machines.

As for building a lab, there is a book sold that can provide you with some guidelines http//www.amazon.com/Building-Digital-Forensic-Laboratory-Establishing/dp/1856175103

Hope this helps.

 
Posted : 17/08/2010 6:31 pm
(@umeryazdani)
Posts: 13
Active Member
Topic starter
 

Thanks for your Expert opinion…
can you suggest a design/solution for the best functionality of this Lab…

help will be appreciated from anywhere…..

 
Posted : 19/08/2010 10:09 am
(@nigel_cro)
Posts: 29
Eminent Member
 

OK - I might regret this but…..

We are presently running an environment such as you describe - we have Citrix managing the back end environment and running the 'number crunching' applications. We haven't gone for complete thin client front ends as we still run a number of processes on our local machines. We are still far from a final and complete solution, but we are getting there.

Now the difficult bit - we are paying considerable amounts of money for consultancy on this process as it is far from simple. My organisation would not thank me for passing that information on to third parties without first considering the implications.

Dell have been working with Access Data and Vega for some time now towards this solution - in fact it was seeing their presentation at F3 several years ago that pushed us in this direction for our new server solution. I would suggest that you could possibly contact any of them directly for information - I'm afraid all of my contacts are possibly out of date - but if you would like to contact me off-board I may be able to supply some details.

All I would say is - we have thrown a large amount of money and some very skilled personnel at our system over the last year or so and it is still a little way off being the finished article - tread carefully. If you want to establish a working lab quickly, I would humbly suggest you follow the KISS principle at the outset and work towards the complex solution once you are up and running.

[KISS = Keep It Simple, Stupid]

I hope this helps in some small way,

Nigel

 
Posted : 19/08/2010 12:12 pm
Share: