Hello Everyone!
I am glad to finally find a place where everyone is knowledgeable about computer forensics and is mature about it. Since I have a general background in Computer Forensics, but haven't had the time until now to pursue a career in it , I was wondering if anyone has build a forensics PC using Windows 7 Professional 32bit as the operating system? I'm about to order a copy and just wanted to know some feedback from the forensics community on how it affects the availability of tools for evidence analysis and if there are any known problems (ex stability, performance, etc).
Here are my current system specs
OS Microsoft Windows XP Professional (5.1, Build 2600)
BIOS Phoenix - AwardBIOS v6.00PG
Processor Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz (2CPUs)
Memory 2046MB RAM
Graphics NVIDIA GeForce 8600GT
Graphics Memory 1024.0 MB
Hard Disk 1 250 GB
Hard Disk 2 500 GB
CD\DVD Drive 1 unavailable at current moment
CD\DVD Drive 2 Samsung WriteMaster Light Scribe CD/DVD writer
If it aint broke don't fix it.
What's the fascination with getting a new operating system?
XP works fine as does nix variations.
My PC is kinda old and it's due for several upgrades and I was thinking about installing Windows 7 Professional 32bit on it. Plus, with the professional edition (along with ultimate) has Windows XP mode (professional edition), so I believe I could have a forensic machine within a forensics machine without running a dedicated VM. Since I don't have enough money to purchase the FRED machine from digital intelligence, I though I would develop a set of procedures to securely clean a used PC that would not interfere with any forensic drive imaging, analysis, etc… Plus, it will only be a machine for lab purposes, not any actual forensic cases (i.e. practice cases, software testing, etc.) Hopefully that gives you more information.
Thank you for your input. Any is greatly appreciated!
I'd go for 64-bit Windows 7 rather than 32-bit. EnCase 6.15 supports Windows 7 64-bit as will the upcoming version of FTK 3.
I've been using 64-bit Windows 7 for the last couple of months on all of my machines and have had no issues at all to date.
Probably the key consideration should be not whether it is XP, Vista or 7 but whether its 32 or 64 bit. IMHO 64 bit now is a must because that is the only way you can install enough ram to support the very resource intensive tools we use. Even more true if you contemplate some multi-tasking.
Regards Richard
Ya the FRED machines are expensive, and it sounds like you could build your own even better.
AD has a specs sheet for what is recommended on FTK 3.0 12-16GB RAM and I7 MB
Wish you luck with the machine -)
A few bits of advice
If you have less than 4GB of RAM, use a 32 bit OS. If you have more than 4GB of RAM, use a 64-bit OS.
Don't buy a FRED. Ever. They are a waste of money. You can build a machine yourself much cheaper. If you don't like building your own, you can purchase a machine (dell, gateway, whatever) with better specs for cheaper. Either way, add a write blocker and/or some external drive bays yourself. If you have a low budget, and purchased a FRED, slap yourself… Hard.
If you have an older machine, get a new one. Upgrading cascades into a big ordeal, and in the end you could have usually bought a new PC for about the same price with less headache. Example… You want a computer with an i7 processor…
- you have to upgrade the motherboard because the MB you have doesn't support the i7
- now you have to upgrade the RAM because you need DDR3 vice DDR2 (or 1)
- then you realize your old PC has an IDE drive, and the new MB only supports SATA, now you need a new HD.
- it goes on and on and on….
Linux…. If you are qualified to run a linux workstation, you've thought about it on your own and didn't need to post here. If you are asking about linux, odds are good that you don't know enough to run it. I consider myself tech savy, and linux makes me feel mortal every time I use it. The folks I know who are linux savy are gods in my book. The fact is that most of us are not linux savy. If you wanna learn… keep a large bucket of patience beside you at all times. If someone around you is learning, expect them to be very cranky for a long time.
See, the thing is about some of these comments are although i like the feedback from those who have experience in the computer forensics field, but I am far from an inexperienced person when it comes to computers. Hopefully this doesn't make me look like a arrogant person, but if I wanted to use Linux, I'd dual boot between windows XP and either Ubuntu or Fedora Core (latest release). I've already spec'd a machine out with a $1500 budget (including O.S) and it would last me another 5 years (like my current PC). The only reason why I was asking about Windows 7 (in regards to computer forensics) is because I know there are other people in the forum who have already installed it and have used it with several forensics applications and wanted to know their opinion on it. Sorry for the rant, after reading your comment mark915, I just had to say that.
Greetings,
Actually, you didn't have to say anything. "If you don't have anything nice to say …."
Often times, responses are written to answer the original question and to expand on the topic. Discussion threads often drift well away from the original topic for this reason. The additional contributions are often quite interesting to people other than the original poster.
You joined Dec 9th and posted all of three times. How are we to know how knowledgeable you are? No one here has any clue about your level of experience. If we start making assumptions about people's knowledge then useful information might be left out. Further, following up on my first point, less knowledgeable readers would derive less benefit from the discussion.
If you don't like someone's response, just move on. There's no need to rant at them, particularly when they've been trying to help you.
-David
I got out of hand on my previous comment and I want to apologize for that. I didn't know what I was thinking when I wrote that. If I have offended anyone, please let me know and I'll try to make things right.