Forensics workstations

From: Elizabeth Genco (elizabeth.gencoat_private)
Date: Mon Jul 16 2001 - 16:03:27 PDT

Next message: neitherjat_private: "RE: Forensics workstations"

Previous message: miloneat_private: "Re: RE: Anonymity"
Next in thread: neitherjat_private: "RE: Forensics workstations"
Reply: neitherjat_private: "RE: Forensics workstations"
Reply: Matt Pepe: "RE: Forensics workstations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi again, everybody --

First of all, let me just say a big thank you to the myriad of folks who
responded to my last message about making the transition to computer
forensics.  I was floored by the number of people who responded (both on
and off the list), and was even more floored by the quality of said
responses.  I got some great advice from you all.  Thanks so much!

With that kind of encouragement, I decided to give this list another shot.  
I've got a little time and spare equipment on my hands, so as an exercise
for myself, I'd like to build a workstation for forensic examination.  
Now, this is purely an educational exercise, and as such, I'm not looking
to create the most professional machine ever.  I'm just trying to learn
something, since I've got spare resources lying around (workstations, hard
disks, etc).

The question I have for you all is: if you were building a forensics
workstation from the ground up, what would you put on it?  What kinds of
software and hardware would you include?  What do you consider to be
essential, and what is simply "nice to have"?  Realize that I don't have
the money to go out and purchase professional software, like EnCase.  So,
while I encourage you to mention what your "money is no object" dream
server would include, please also try to mention useful software that is
free (like Coroner's Toolkit) and/or available on the cheap (like Norton
Utilities).  Again, this isn't for professional use -- I'm just trying to
get my hands dirty and play around a bit.

I'd also like to hear what you have to say about the whole issue of
building your own server versus purchasing special hardware (like the
workstations made by DIBS).  I've been reading the latest Foundstone book
("Incident Response"), and in it they touch on this a bit.  Their opinion
seems to be that constructing your own hardware is a bad thing.  I can
understand the reasoning behind this view, but I'd like to hear other 
opinions.

Thanks in advance for any input on these questions.

Elizabeth

-----------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Next message: neitherjat_private: "RE: Forensics workstations"
Previous message: miloneat_private: "Re: RE: Anonymity"
Next in thread: neitherjat_private: "RE: Forensics workstations"
Reply: neitherjat_private: "RE: Forensics workstations"
Reply: Matt Pepe: "RE: Forensics workstations"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 16:01:23 PDT