I am looking to setup FTK 3 to get maximum performance out of the product.
I saw from the AccessData documentation the "ideal configuration" was
- 2 workstations with 1GB network connection, install FTK 3 on these machines
- 1 workstation for the Oracle database
- As much storage space as possible
Could anyone offer any advice from previous experience, any gotchas/things to look out for?
Is this the best configuration or are there any other advised configurations?
Has anyone used virtual machines for this configuration and had any success/issues? Or are physical machines preferable due to the resources required?
Any feedback would be much appreciated
Kind Regards
Matt
Matt,
I use FTK3 regularly with these specs
16 core 2.27 GHz Intel Xeon
12GB Memory
Windows 7 64 bit
RAID 0 set
Oracle on a seperate drive from the O/S. Cases stored on another internal drive.
Works very well, processing time is much quicker than previous versions.
A description of the machine I just built for FTK3 and to be mobile is described in this thread here.
There's no need for a whole separate work station for the Orcale database. Put it on a single 250GB SSD drive in your main workstation; being on an internal SATA channel will be way quicker than any LAN connection and a decent SSD drive performance will challenge most RAIDs. 250GB should be more than enough size, especially if you remove and archive older cases.
There's no need for a whole separate work station for the Orcale database…
From a performance perspective, I pretty much agree with the rest of your statement for a majority of the cases that we see but there are other reasons why (and certain instances when) you might want to separate your Oracle instance from your case processing system.
Two that I can think of are redundancy and access to the database from multiple case processing workstations. Personally, I like running a dedicated database server because 1) I can use something like HLFS which I can strip down to run only those processes and services that I want; 2) I can take the workstations offline to do hotfixes and the like without taking my database down; and 3) I can do backups and restores, easily.
I can't strongly recommend virtualization of any component of FTK as there would be a performance hit and it adds a level of complexity that, IMHO, has no appreciable benefits in terms of business impacts.
Of course, if you need to run FTK3 in the field, then the suggestions by Jonathan and inspectaneck are good ones. But I rarely do case processing in the field, i.e., case processing that requires a tool such as FTK.
Of course, if you need to run FTK3 in the field, then the suggestions by Jonathan and inspectaneck are good ones. But I rarely do case processing in the field, i.e., case processing that requires a tool such as FTK.
Our on-site processing primarily occurs when there is contraband contained in the forensic images provided to us, and thus, we have to perform the examination at a law enforcement office. While we do not always require FTK for the exam, I felt for $1800 for the shuttle system I built, it was worth making considerations for FTK3.
Sean – I appreciate all of your comments about regarding the reasons to separate the database in-lab to another workstation.
inspectaneck
I am in complete agreement with you. Field analysis, especially in the setting that you describe, are especially difficult for a number of reasons, not the least of which is that, oftentimes, you are completely informed as to what to expect you will need in terms of resources.
In those cases, the safest thing is to bring the office on site which can only be done, practically, as you describe.