Hi again, everybody -- First of all, let me just say a big thank you to the myriad of folks who responded to my last message about making the transition to computer forensics. I was floored by the number of people who responded (both on and off the list), and was even more floored by the quality of said responses. I got some great advice from you all. Thanks so much! With that kind of encouragement, I decided to give this list another shot. I've got a little time and spare equipment on my hands, so as an exercise for myself, I'd like to build a workstation for forensic examination. Now, this is purely an educational exercise, and as such, I'm not looking to create the most professional machine ever. I'm just trying to learn something, since I've got spare resources lying around (workstations, hard disks, etc). The question I have for you all is: if you were building a forensics workstation from the ground up, what would you put on it? What kinds of software and hardware would you include? What do you consider to be essential, and what is simply "nice to have"? Realize that I don't have the money to go out and purchase professional software, like EnCase. So, while I encourage you to mention what your "money is no object" dream server would include, please also try to mention useful software that is free (like Coroner's Toolkit) and/or available on the cheap (like Norton Utilities). Again, this isn't for professional use -- I'm just trying to get my hands dirty and play around a bit. I'd also like to hear what you have to say about the whole issue of building your own server versus purchasing special hardware (like the workstations made by DIBS). I've been reading the latest Foundstone book ("Incident Response"), and in it they touch on this a bit. Their opinion seems to be that constructing your own hardware is a bad thing. I can understand the reasoning behind this view, but I'd like to hear other opinions. Thanks in advance for any input on these questions. Elizabeth ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Jul 16 2001 - 16:01:23 PDT