Join Us!

Main Forensic Stati...
 
Notifications
Clear all

Main Forensic Station Internet Connectivity  

  RSS
andy1500mac
(@andy1500mac)
Member

Hi all,

I'm in the process of putting together a forensic worksation ( my laptop just doesn't cut it) and was wondering about Internet connectivity.

Is it typical to have your main workstation not connected and thus safer from malware etc…and use a seconday machine for research and the likes?

Thanks,

Andrew-

Quote
Posted : 28/08/2005 1:14 am
Andy
 Andy
(@andy)
Active Member

That's the setup I have, for those exact same reasons. However at times I feel it is a little restrictive, especially if you have some urls you want to check out and copying and pasting is easier than typing it out on another machine….

Andy

ReplyQuote
Posted : 28/08/2005 1:34 am
andy1500mac
(@andy1500mac)
Member

Thanks Andy…That's the main reason I asked. I does seem a bit of a pain when your looking at a parsed index.dat file for example and wanting to view a few of the links….

Andrew-

ReplyQuote
Posted : 28/08/2005 2:34 am
eread
(@eread)
New Member

Hi guys,

Where I am we have special PCs designated for public internet access. Or we use laptops we each have.

We keep separate machines because of security concerns for our network (with HD images etc) more than for public safety. There is, of course, the risk of contaminating evidence.

In your situation, I would use the laptop for internet, your forensics machine for forensics. Surely you can have them both turned on at the same time. A little bit of a pain, but you are far less likely to contaminate evidence. And never have to worry about intrusion.

Evan Read.

ReplyQuote
Posted : 28/08/2005 12:56 pm
armresl
(@armresl)
Senior Member

I have one workstation that is never connected to the internet. Updates are downloaded on a thumb drive and installed that way. Most of the time I am under various court orders to not have the examination machine on the internet, network, etc at anytime.

ReplyQuote
Posted : 29/08/2005 8:46 am
techmerlin
(@techmerlin)
Member

Andrew,

I agree with the machine not being on the internet while doing investigations, obviously the contamination of evidence is the main concern.

Think of it from another point where if you were examining a machine where there were cached HTML pages/images etc. what would happen if you opened up those items while connected to the internet, you would intern be going out to the page etc. and updating it with what is current.

Just a thought -)

ReplyQuote
Posted : 30/08/2005 12:09 am
nickfx
(@nickfx)
Active Member

On my main workstation I have 2 machines connected via a keyboard/mouse/screen switch connected to 2 monitors. I can switch with a key stroke between the forensic machine and an internet connected machine. The Internet machine just uses one screen leaving the forensic machine on the other monitor so I can copy down URL's etc. Obviously you cant copy and paste or click a link but it works for me.

Nick

ReplyQuote
Posted : 09/09/2005 6:47 pm
andy1500mac
(@andy1500mac)
Member

Much appreciated. Thanks for the responses.

Andrew-

ReplyQuote
Posted : 14/09/2005 7:50 am
 Anonymous

ipconfig /release )

i do the same as above, i disconnect when i am looking at evidence and i never leave the machine connected over night or anything as such if there is anything on the box which could potentially be moved/removed.

Much appreciated. Thanks for the responses.

Andrew-

ReplyQuote
Posted : 17/10/2005 3:48 pm
Share: