Forums
Main Category
General (Technical,...
Suggestion for Fore...
 
Notifications
Clear all

Suggestion for Forensic System Device

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jaclaz 14 years ago
7 Posts
6 Users
0 Reactions
452 Views
RSS
 MisterBond
(@misterbond)
Active Member
Joined: 14 years ago
Posts: 5
Topic starter 10/09/2011 12:02 am  

Hi..

Please help me for choosing which best hardware and software for forensic examiner at my Institution..
I work for Capital Market and Supervisory Agency.. next year we have decided for add new division for Forensic Examiner..
The requirements
- centralized device/system for storage and CPU processing (maybe as server)
- There are four or more examiner person work together. sometimes need
collaborative and concurrently and connected to central system (maybe as server) (with LAN / Internet )for store and analyzed with individual standard PC,

My Institution doesn't have an expert person today and we are planning to send our investigator for getting training..

I have researched some equipments like FRED System (For Hardware) , GuidenceSoftware, Accessdata , Evidence Talk (For Software).
However I still confuse for deciding which product should I choose from Those company…

I need some advice from anybody who has experience building Forensic System Tools Solution for Middle or Large Institution with an above tools or other tools.

Thanks
Lismn Perma


   
Quote
 allend
(@allend)
Active Member
Joined: 15 years ago
Posts: 17
10/09/2011 12:41 am  

I'm personally not a big fan of FRED systems.

Consider the following as an option as well. I'm sure they will help you find everything you are looking for.
http//www.forensic-computers.com/


   
ReplyQuote
 ThePM
(@thepm)
Reputable Member
Joined: 17 years ago
Posts: 254
10/09/2011 1:08 am  

Consider the following as an option as well. I'm sure they will help you find everything you are looking for.
http//www.forensic-computers.com/

+1 for their great service.


   
ReplyQuote
Passmark
 Passmark
(@passmark)
Reputable Member
Joined: 14 years ago
Posts: 376
10/09/2011 2:37 am  

Some the "forensic" machines are pretty over the top. Which is OK if you have the budget. But if you don't, almost any new computer can do a large percentage of what needs to be done. What I would consider min requirements for efficient working and some future proofing would be,

64bit O/S
4GB RAM, but 8GB+ would be better
Large case to expand into
USB3 ports, External SATA ports
Any new Quad core CPU
Any new 1TB HDD
Dual Monitors

What you can initially do without is Dual Gigabit LAN ports, RAID, discreet sound cards, dual CPUs. Also the Xeon CPUs which I see in some systems are often over priced.

Might make sense to get just a basic machine, then get your guy trained up and some experience, then buy a high end system. After you know what type and volume of work you are dealing with most of the time.


   
ReplyQuote
jhup
 jhup
(@jhup)
Noble Member
Joined: 16 years ago
Posts: 1442
10/09/2011 3:47 am  

If push comes to shove, you can use any old machine with Linux, Windows, and a bunch of free or open source software to run an entire department.

What you are really paying for is . . . time.

Will it take a day to search that image, or four hours? Will it be 480Mb/sec or 6Gb/sec to image? Do you need to be able to get to that machine in a keystroke, or would physically moving to an other set of kbd and monitor suffice? And, so on…

One can say that one can spend the money on a very high powered machine, and virtualize things in it, or use the same amount and deploy inexpensive but many less powerful machines.

Do you need the indexing of 200GB of PSTs done in 8 hours, or would you survive with 20 hours? Can you connect a hard drive to image and leave it for several hours, or do you have to have that imaged in minutes? Do you have to have a rack mounted pizza box servers and software switcher, with fiber cables, or will you be okay with a bunch of mini towers on the table, and a screen/kbd/mouse for each?

There are some areas where one, in my opinion cannot cut corners, and they primary revolve around confidentiality, integrity, and availability.


   
ReplyQuote
 MisterBond
(@misterbond)
Active Member
Joined: 14 years ago
Posts: 5
Topic starter 10/09/2011 3:10 pm  

Thanks For all replies..

Yes Great service is most important I need..

I'll consider forensic_computer.com. thanks for your quote Allend..

@Passmark.. surely I have budget, but should be accountable… would you quote for best forensic training curiculum?

@Jhup.. thanks for your very meaningful advice. I just one person who has been charge for this new required division.. I was hardcore java programmer.. no basic skill in digital forensic.. My plan is I have to build scalable forensic lab.. let say for now I only use dual processor and next year it can plugged with new one or two hardrive (SCSI/SAS)which can be extended with hot swap capability and also with RAM maybe like bladeserver doess… would you share your experience ?


   
ReplyQuote
jaclaz
 jaclaz
(@jaclaz)
Illustrious Member
Joined: 18 years ago
Posts: 5133
10/09/2011 11:13 pm  

Do you have to have a rack mounted pizza box servers and software switcher, with fiber cables, or will you be okay with a bunch of mini towers on the table, and a screen/kbd/mouse for each?

At least for Keyboard/Mouse Synergy may be useful in a multi-machine/reduced space context
http//synergy-foss.org/

jaclaz


   
ReplyQuote
Forum Jump:
  Previous Topic
Next Topic  
Share: