Would you suggest going with a FRED as oppose to buying a regular PC to serve as the main forensic machine?
The FRED is a cool piece of kit. However you should keep in mind that if it is your only machine and it goes down, you are at least a day away from parts.
When I set up a lab for a Canadian Federal Government department for in-house investigations, I had a laptop, workstation, EnCase software, 2 write blockers with adapters in pelican cases, 3 1TB external firewire drives and an uninterupted power supply, in case of power failure while I was acquiring a disk. I put all this into a DASCO locking workstation cabinet for data integrity…I made sure to have blank DVDs and check lists for listing case info with pre/post hash noted and disk info in case my EnCase files got crapped out…hope this gives you and idea.
I presently use a FRED and have used other workstations and laptops in the past with write blockers and I find the FRED better if you can get one because it has write blocking connectors (USB/Firewire) built into the front of the tower and a neat pull-out tray to hold your drive to be imaged. One thing to keep in mind though is that a FRED is a heavy beast and you'll want to make sure you also have a portable unit for imaging even within your LAB cuz once Fred sits his a*s on the floor, you won't want to move him…LOL
I recently budgeted a complete but basic lab with one forensic machine and a workstation for $22,000 dollars.
The FRED or forensic PC is the way to go for your forensic machine. Your forensic computer should not be the computer you use for email or Internet research. You will need a computer for your office machine and the research. The only time my forensic workstations are connected to a network is when I get updates from Microsoft or other software vendors. And never are the forensic machines connected to the Internet during a case. This is to minimize potential contamination issues. So you will need at least one more computer. For imaging in the field I use the Helix bootdisk and USB drives. I use the USB drives to store the images on. For those machines that do not have USB I carry a USB card with me. To use this method of imaging one needs a supply of USB drives. This is field imaging on a budget.
In reference to your earlier question about if you can build your own the answer is you can if you are comfortable building PCs. Where I work which is state govt we are not allowed to buy parts to build a machine. I can get a request through channels for a new computer before I can get one through for a motherboard. You will need the biggest tower you can get your hands on. Load it up with fans and buy about three or four hard drive cassette bays. They cost around $50 each. This will allow you to change out your storage drives when they get full. Get a 500 or 700 gb drive for your C drive and put 500 or 1,0000 gb drives in the first two cassettes. Put your Oracle database for FTK on the first cassette and the second cassette is your data drive where you store your case data and images. Those will average 20gb to 60gb each. Don't forget your DVD reader/burner and a floppy drive. You can get tied up with RAID if you want. Access Data says to use RAID 0 on FTK but I hear it is not reliable. The higher levels of RAID get real expensive. Make sure to buy a new i7 motherboard with an Intel Quad Core and put 4gb of DDR3 if you are using 32bit XP or Vista. If you are adventurous and going to 64bit then get 6 or 8gb of system RAM. The new i7 is very fast and definitely the way to go. This machine will not have a hardware write blocker so you will need to load it up with USB ports and get a Paraben or Weibetech drive blocker and USB blocker. By the time you are done this will be in the neighborhood of $3,000 to $4000 US dollars but it will be a nice machine that you can upgrade and repair yourself. I expect I have left something out but you get the idea. You need the fastest and biggest computer you can build to have speed to run jobs and capacity to store them.
I'm uncertain why anyone would invest in a FRED product. If you price out the parts it is much more affordable to build it yourself, or have a PC build shop build it for you. Save _thousands_.
Further, you can buy an off-the-shelf very good 64bit multi-core system for less than half the price of a FRED system.
Just thoughts.
Cheers!
farmerdude
There are several reasons why anybody would buy a FRED. The first depends on the organization you work for. There are companies/organizations that do not allow you to build your own like mine. There are likely to be people involved in criminal cases that might want their equipment to meet or exceed industry standards in order to stand up to scrutiny in court when being challenged by the opposition. The FRED is used all over and has become a defacto standard in the forensic industry. That carries weight with a judge when he is deciding to allow evidence that has been gathered on one. It is not the be-all end-all and there are certainly other ways to gather evidence. Part of Forensics is having as many different tools as possible to do a job so you will have the one you want when you need it. I would love to build my own because then I would be able to upgrade the motherboard on a regular basis and make it faster. By the way FRED is not an ordinary computer it is a server. It comes with redundant power supplies and a full RAID array controller, a half dozen drive cassettes, the Ultrabay switchable write blocker for IDE/SATA/SCSI which if you could buy it would be around $800, a write blocked floppy drive with an on-off switch, a write blocked memory card reader for digital cameras, a terabyte of drive storage, DVD burner, our old one has a zip drive, a bunch of software and support and a tool box with a digital camera, a dozen cables for all types of drives, adapters for hard drives, laptop drives, and video adapters along with extra cassettes, parts and tools. There is more to FRED than meets the eye but I have no connection with the company. I just think it is worth knowing that it is not just a computer. Yes they are expensive and yes you can piece together a hundred loose tools and parts that will do the same job where FRED wraps it up into one nice neat package.
Make sure to buy a new i7 motherboard with an Intel Quad Core and put 4gb of DDR3 if you are using 32bit XP or Vista. If you are adventurous and going to 64bit then get 6 or 8gb of system RAM.
The ability of 32-bit XP or Vista to properly address RAM beyond 2 GB is still an argument. Even Microsoft says, "
I am still waiting for all my software to move to 64-bit before I commit to that platform.
Our Windows based forensic machines run Server 2K3 Enterprise 32-bit which supports up to 32 GB RAM. FTK runs far better on this platform then it ever did on XP.
Thanks for all the suggestions, they have all been very useful. So far for the forensic lab I have a FRED and a ThinkStation workstation as backup. I was thinking whether to go with a windows 2003 server setup along with a NAS for storage of cases, or a Linux server.
Also since any machine I get in addition to those 2 in order to do research and internet access has to be on a different network, I am not sure now what to do to accommodate this separate machine - if to have a separate server or just get a separate network.
I was thinking whether to go with a windows 2003 server setup along with a NAS for storage of cases, or a Linux server.
What function would the server provide? If you just need storage the NAS would suffice.