Thanks,
The job is working for the Anti-Corruption office, at the moment they have a case involving a senior government worker who installed a new system, that included lots of brown envelopes and huge personal pay packet.
They have sieved a couple of laptops, 2 tablets and a mobile phone that need looking at.
Going forward they estimate 25 - 30 cases a year, involving forensic analysis of any type of media devices.
Additionally I would attend the searches carried out by the police and collect any digital devices as evidence. So it would seem that all analysis would be carried out in the lab.
So they have asked me to provide them with a quote for everything needed to do this ASAP!
Problem is, having been out of the game for a few years, I am overwhelmed by the amount of kit on offer and the pros and cons over each of them. I have been using Wiebetech at home and like them, but understand that EnCase does not interact with them, probably due to Guidance Software pushing Tableau!
So I guess I am looking for a decent spec machine to run EnCase in the lab, if I can persuade them to drop the FRED, this would then free up some more money for the additional items needed. which would be to acquire any type of media out there today?
I hope this makes sense.
S
So they have asked me to provide them with a quote for everything needed to do this ASAP!
OK. Then remember the support issue. It sounds like you should stay with good support options – and you can easily find out what Digital Intelligence will provide.
Same thing with software – if you know EnCase, stay with EnCase to the extent you can reuse your experience. If you build things yourself … then you got to know where you are.
… t understand that EnCase does not interact with them, probably due to Guidance Software pushing Tableau!
EnCase does not *support* UltraDock, so it can't tell if there is write blocking present, which it can do with Tableau. But there's nothing that breaks or prevents it from working. It's a very minor convenience to use Tableau with EnCase (at least, in my opinion). That's all.
So I guess I am looking for a decent spec machine to run EnCase in the lab
You may want to give Guidance a call. They used to have a white paper with suggestions for system design (recommended disk size, memory size, CPU size, that kind of thing), and they probably still do. I can't find it on-line, though, so go to the experts.
… which would be to acquire any type of media out there today?
New things appear all the time. You can get close, though. If cost is not an issue, I'd buy a connector/adapter kit from Tableau or Wiebetech or somewhere, and that will get you to above 90% coverage (guesstimate).
internet evidence finder portable
encase 7
virtual forensics computing 3
tableau td3
powerful laptop
and wait to be rich ))
The FRED has pretty standard hardware.
DI has links to several hardware guides
A sufficiently technical person could put together a system similar to a FRED for much less
And given more than 5 minutes I could easily get more performance or a lower price with very similar components to those in the FRED. In Court an examiner should be able to easily articulate that all computers are made from commodity components and that a brand name has absolutely no bearing on the quality of the exam in comparison to a similarly tested and validated DIY PC. In fact I would argue that most people that build their own PCs tend to keep them better patched with hardware and driver updates that someone that would rely on a pre-packaged PC and whatever that vendor might release as updates for their hardware.
TOut of interest I would probably go with a main player for the desktop i.e. HP/Dell ..
Sorry, but this is not ideal. Dell and HP use mid-spec hardware at best for desktops so unless you're talking server class systems they won't have the performance that you'll need. You really need to build to spec.
Personally, I use a FRED and love it, but concur with the other posts saying it is not a necessity, especially when on a budget, as FRED machines can be manipulated like any other. If you're concerned about evidence suppression, it's evidence custody and training that is the real concern, not hardware.
For now, I would get a less expensive machine and use the money you saved for cell phone acquisition. I noticed you stated the expectation is 25-30 exams annually for law enforcement purposes, so I would assume you will be seeing cell phones as well?