for one same case, I did a network acquisition (100GB) yesterday which may need 6 hours, but today it needs 10 hours, same network environment, why there is a huge gap? I try to clean the cache, restart my investigation machine, but it still needs 10 hours. Does anyone know how to speed up a image acquisition in a LAN situation? thanks.
Hi,
Very simple, all you need to do is to buy a Gigabyte switch and gigabyte lan card. it will be faster…
Rick
gorvq7222 has a good point; what speeds do you target, destination and network devices run at? lowest speed sometimes wins out in the battle of bandwidth on some networks. It also depends on your network infrastructure. Is the target device and the examiner on the same segment? Is the network throttled at certain times of the day? What other things on the network are on the path that could cause latency? (i.e. firewalls, IDS/IPS..etc)
Lots of things to look at when it comes to network acquisitions. Get real friendly with your network admins.
With fast hardware and gigabit network there should be 800 MBits/s possible, this gives us 0.1 GByte/s over the network ^= 1000 sec ~ 20 min
This values are valid for big files and no other read/write access to target/destination harddrive. From this point on you could start searching.
If you have only 100MBit network, it lasts 10 times longer.
If you investigate a live fileserver with a lot of r/w…
Hope this helps as an example.