Saturday, November 15, 2008

My forensic 'dream' machine

Here are the specs for a forensic machine I would like to get one day.
Intel Dual-Core Xeon Processor X5272
There is no point to use quad core because current forensic applications are not designed to take advantage of multi-core CPU's
8GB ECC Registered DDR2 Memory

ECC uses an advanced error correction system that can correct data transmission errors on the fly. Because ECC memory involves more processing, it may be a bit slower that non ECC memory, however ECC provides reliability and greater system stability. ECC RAM is more expensive however.

SATA RAID hardware controller with 4 x 10,000 RPM SATA II drives

RAID controller configured as RAID 0+1 which is a mirrored array whose segments are RAID 0 arrays. It provides the same fault tolerance as RAID level 5 and the same overhead for fault-tolerance as mirroring alone. It supports a very high I/O rates due to multiple stripe segments.

Other must-have components

Drive Bay Controller with multi-bay read/write status, a couple of SATA /IDE write-blocked bays, write-blocked universal memory card reader, built-in USB write-blocker, USB 2.0 ports, FIREWIRE 400/800 and eSATA ports.

Operating System

To get maximum compatibility with drivers and software, I would go for Windows 32-bit operating system. Microsoft Windows Server 2003 Enterprise Edition allows using memory beyond the 4-gigabyte range that is inherent to 32-bit operating systems. The 32-bit version of Microsoft Windows Server 2003 Enterprise Edition allows 8GB RAM and Windows Server 2003 with Service Pack 2 (SP2), Enterprise Edition supports 64 GB. Most of Windows XP drivers are compatible with Windows Server 2003. FTK, EnCASE, X-Ways Forensics and many other forensic applications run very well under Windows Server 2003. FTK however requires admin privileges to work correctly. The operating system needs some tweaking to enable prefetch etc. All adjustments take about 10 min to complete. Instructions can be found here. Additionally, there is a free tool for automated server to workstation transformation.

No comments: