Recommended forensic hardware

In general use, including heavy-duty file recoveries - 2003 blows 2008 out of the water.

Good to know. I am running W2K3 Enterprise with 24GB RAM and have been considering moving to W2K8, guess I will stay where I am.

Interesting post Duncan, seems to follow what others have found when using Mac Pro machines. Can I ask why your preference is for Windows Server 2003 rather than 2008? Have read some good reports about 2008 and its performance.

Hi Jonathan

I first tried 2003 (more likely to be less hardware compatibility issues) and installed about half the apps I normally use. I loved it - absolutely no problems / issues whatsoever.

I then removed that disk, inserted another, and installed Windows 2008.

Within 3 minutes I was becoming more and more frustrated at the differences in everything regarding the operation and commands - it was like moving from Windows to Mac OS - learning another language.

Additionally, it didn't support antivirus programs that 2003 did, it didn't support some of my hardware (the graphics card in the Mac Pro) and just seemed top-heavy, clumsy and "reluctant" to perform.

After an afternoon, I replaced that with the 2003 disk. I am not even going to keep the 2008 install disk.

2003 - slick, quick, very shallow learning curve from XP.
2008 - clumsly, overloaded, bloated, over the top, too complex.

Hope this helps.

Duncan

Thanks for your full reply Duncan, it also touches on something else I was wondering about; driver availablity.

Jonathan,

That issue entirely escaped me - I did have problems with hardware driver availability - sufficient to prevent me from accessing certain controllers, etc.

Thanks for reminding me - it's an important criterion for anyone considering server 2008.

Duncan

Here is the EnCase 6.13 rig I am building as my lab's first examination machine. Primary use will be EnCase with expansion to FTK and other software/hardware in the next 12months. Priced to be a good rig to start with expansion as funds come in - price conscious but don't want to be "cheap".

Curious to hear others input & suggestions

CPU
Intel Xeon E5520 Nehalem 2.26GHz LGA 1366 80W Quad-Core Server Processor Model BX80602E5520

BOARD
Intel S5520SC Dual LGA 1366 Intel 5520 SSI EEB Server Motherboard

RAM
G.SKILL 6GB (3 x 2GB) 240-Pin DDR3 SDRAM DDR3 1333 (PC3 10666) Triple Channel Kit Desktop Memory Model F3-10666CL9T-6GBNQ

OS DRIVE
Western Digital VelociRaptor WD1500HLFS 150GB 10000 RPM SATA 3.0Gb/s 3.5" Hard Drive

DATA DRIVE
Western Digital Caviar Black WD1001FALS 1TB 7200 RPM SATA 3.0Gb/s 3.5" Hard Drive

POWER
CORSAIR CMPSU-750TX 750W ATX12V / EPS12V SLI Ready CrossFire Ready 80 PLUS Certified Active PFC

UPS
APC SC450RM1U 450VA 280 Watts UPS

OPTICAL
LG 22X DVD±R DVD Burner Black SATA Model GH22NS30
or
LG Black Super Multi Blu-ray Disc Burner & HD DVD-ROM Drive SATA Model GGW-H20L

CASE
COOLER MASTER COSMOS 1000 RC-1000-KSN1-GP Black/ Silver Steel ATX Full Tower Computer Case
or
Antec P182 Gun Metal Black 0.8mm cold rolled steel ATX Mid Tower Computer Case

VIDEO
SAPPHIRE 100225L Radeon HD 3870 512MB 256-bit GDDR4 PCI Express 2.0 x16 HDCP Ready CrossFire Supported Video Card

FLOPPY
NEC Black 1.44MB 3.5" Internal Floppy Drive

NIC
2 OnBoard 10/100/1000 - Intel

SOUND
OnBoard

~ $2000 w/ shipping

FORENSIC (Priced from respective sellers)

Ultimate Forensic Write Protection Kit from Forensic Computers.
- Tableau T35e RO
- Tableau T35e RW
- Tableau T8
- Tableau T4
- Tableau Media Reader RW (use with T8)
- Tableau TP-2 Power Supplies
- Adapters, Cords, Cables

or/and

FastBloc 3 FE Kit from Guidance
- FastBloc 3 FE
- Adapters, cords, Cables

What OS are you using with 6GB RAM?

Why a faster drive for the OS than the data drive?

Have you considered RAID for the data drives?

Those are cool cases, I prefer easier access to the front drive bays. Quiet cases are a bonus.

I think the video card is overkill unless you are gaming while working.

"What OS are you using with 6GB RAM?"
WinXP Pro 64

Also, considering that RAM for a few reasons
- Chipset and CPU combo can utilize it well
- Can grow into it
- and $84.99 for the 6GB Kit?? feel like and old man, " I remember when ram was…."

Why a faster drive for the OS than the data drive?
"See below"

"Have you considered RAID for the data drives?"
Yes. Still thinking about that. Want to go with a set Barracuda 7200.12 1TB's RAID on a separate controller. As of this AM NewEgg has them for $99 - swear they were not there yesterday…

"I think the video card is overkill unless you are gaming while working."
Agreed but for $69.99 I can run my two Dell 22" wide flats at 1680x1050 independently.

"Those are cool cases,"
They seem like solid overall cases that are at a good price. Nice ease of access on them.

Buck and a half (1.5TB) drives are out and they are cheap. You should always be hitting the top of the drive size for your data drives because you want to be bigger than the biggest drive you expect to encounter in the field. This is also why you generally RAID it. RAID 0 the biggest drives you can buy at all times. You also get a speed increase this way since you effectively double your max transfer speed.

Yeah - for only a few hundred thinking about 3-4 1TB Seagate 7200.12 drives on a separate controller card. Lots of space and speed.

We just started building our forensics lab. As this is going to be evolving over time, we decided to go slow. Currently this is the setup I have

1 Thinkstation D10
8GB RAM, 1.5 GB HDD, E5420 Xeon
Will run Windows 2003 64bit and Ubuntu 64 Bit

1 TD1
1 Ultrakit with USB
2 WD USB hdd (250GB each)
FTK
IDA Pro + HEX Rays
Helix CDs

We do not see a huge load that a dedicated forensic lab would see. We may have about 1 case a month or so. D10 will be dedicated to forensics and rest of the workstations will be for R&D as of now. As this is a work in progress, I would really welcome any suggestions.

Cheers,
Kartik

Sorry, reading back I don't think that I was clear - GPUs onboard graphics cards can be … coerced … into running standard application code in parallel quite quickly …

I was after anyone having "misused" their graphics cards in such a way, what they might have been using it for, and, I guess most of all, if they were willing to share their experience/code and what hardware that they used to do it -P

For greater clarification of what I mean you can see more at http//www.gpgpu.org and http//www.cs.uno.edu/~golden/Stuff/dfrws2007-gpu.pdf …

Greg - that's a dual head card - do you use both outputs ?

More curiosity - are dual screens common ? I would have thought "Yes" …

My word I must be greedy I use 4 screens with EnCase