Notifications

Clear all

Need advise on Hardware and software

Anonymous · 2014-12-14T20:03:11Z

Hi guys,I need your help! Can u guys help me with a list of software + hardware for doing Desktop forensics. I have some experience in the forensic field but that was like 4 years ago. I hope u guys could help me to not spend too much money on hardware/software i dont really need. So lets say u have only about 10000 euro or 12500 dollar to spend. What would U buy ?Things i would like to see.forensic Responders KIT including - Hardware writeblocker with disk imaging - Something to extract Volatile data Maybe usb-stick with writeblocker ??Workstation for analysis - i7 or xeon ? plus alot of ram ?Software for analysis - ftk ? encase ?Thanks alot in advance!

Page 2 / 2 Prev

General (Technical, Procedural, Software, Hardware etc.)

Last Post by jhup 11 years ago

13 Posts

7 Users

0 Reactions

1,464 Views

RSS

Anonymous

(@Anonymous)

Guest

Joined: 1 second ago

Posts: 0

Topic starter 18/12/2014 7:45 am

Hmmm, why not IDS and SIA? ?

SIEM and IDS are just two examples of what is used in the SOC there are more systems.
The blog u quoted talks alot about intrusion prevention. Data breach was just a example it can be all sorts of investigations. Off course when something big happens u use all the tools and logging u have. Also u can have all the systems u like for prevention but it can be a investigation on a employee as well. Things like fraud or when he is sharing company data with other company's. So many security in place but then a employee leaked a password because he got social engineered.

http//windowsir.blogspot.it/p/foss-tools.html

Nice list thank you

still what IMHO really matters is how much familiar and expert is the actual guy(s) with a given tool and with a given setup/system.

Agreed

I have the impression (possibly being completely wrong, as it often happens 😯 ) that you are tackling the requirement from the "wrong" side, not entirely unlike what happened here (related mainly to hardware and not to software)

Not sure what are trying to say here. English is not my native tongue.

Im focusing now pure on forensics performed on desktops with Windows because that is what i have been asked. I know requirements will change depending on the sort of investigations that is wished for.

jaclaz

ReplyQuote

jaclaz

(@jaclaz)

Illustrious Member

Joined: 18 years ago

Posts: 5133

18/12/2014 7:10 pm

@r0b!n
What I (and MDCR) are trying to tell you is that the "relevance" in a successful digital investigation can be summed up (you will get different percentages by different people) in just three categories, a success is due to

between 75% and 95 % to the experience and knowledge of the investigator
between 4% and 20 % to the software used (as in "this program is better than this other one")
between 1% and 5 % to the hardware used (as in "this PC with a zillion Tb of RAM, and a 256 bit processor running at 4 THz 😯 is better than this other one")

[/listo]

Of course using a computer with a fastish processor lots of Ram and a given program targeted to the specific kind of investigation may well produce faster results, but that's all.

The "main" part remains the investigator, and once you will hire one he/she will be the one that will choose the "right" hardware and the "right" program(s), and each investigator will have programs with which he/she is more familiar with, that he/she "likes better", etc.

Allow me to doubt (with all due respect ) ) that you (or your company) will be able to form/train a "capable enough" "security expert/digital investigator" starting from available resources/staff (even if already IT experts) in anything less than 6 to 12 months, what would you do in the meantime?
Hire an external consultant?
If yes, he is the one that should answer those questions.

Do nothing till the SOC is fully operative?
But how would you ever be able to know if it is fully operative and it is adequate to the requirements?

I mean (automotive comparison).
Q. Hi, I want to put together a race team, for the 24h of Le Mans in the GTE Pro category
http//www.24h-lemans.com/
which car should I buy, I have a budget of 1,000,000 €.
A. Both Porsche's and Ferrari's are nice cars, and do not underestimate the Corvette, but who is going to be your Chief Engineer and who will be the driver(s)?
Q. No prob, I used to race with karts a few years ago and I worked on a summer in a car repair workshop once, I only want to know which cars are better…

jaclaz

ReplyQuote

jhup

(@jhup)

Noble Member

Joined: 16 years ago

Posts: 1442

18/12/2014 8:05 pm

To expand on the issue of tool selection by the persons not doing the analysis - your long term costs will be less if you allow the new forensicator to select the tool.

This is because that individual will most likely select something they are already familiar with at least, potentially reducing your training costs.

When I am called onto the carpet to explain my analysis, I am often questioned on my expertise and length of use of the tools used.

ReplyQuote

Page 2 / 2 Prev

8 Forums
15.7 K Topics
92.3 K Posts
215 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed