Educause Security Discussion mailing list archives
Re: Forensic Equipment Recommendations
From: Steven Alexander <steven.alexander () KCCD EDU>
Date: Mon, 24 Sep 2018 16:38:58 +0000
Franzi, What are you using currently and what limitations are you facing that make you want to upgrade? Silicon Forensics has solid workstations with a variety of RAID and SSD options, but they are fairly pricey. For consulting, I use an Alienware laptop with three SSD's and it works great. It all depends on your needs. The higher they are, the more it makes sense to work with a vendor that understands your workloads. If your workload is light, not more than a few cases a month, any fast workstation with a couple of SSDs and 32 GB of RAM should be fine, but check the system requirements on the software you're using or plan to use. You will generally get better performance if you can separate the location of the drive/device images from case and temporary files (may be less of an issue with SSD), and I prefer to keep those separate from the OS volume, so plan on using at least three drives. If you're handling a heavier case load, you may run into storage issues with individual SSDs (requiring you to offload active cases to external storage) so an SSD RAID would be helpful. Did you mean Apple mobile devices, i.e. iPhones and iPads, or did you mean Macs and (Apple/Android/whatever) mobile devices? I use Magnet AXIOM as my go-to forensic software and it's worked fine with Android and Apple mobile devices. I don't think Magnet has added APFS support yet so if you're going to be working on a lot of Macs, I would look into that or check out BlackLight/Macquisition. Regards, Steven Alexander Director of IT Security Kern Community College District steven.alexander () kccd edu<mailto:steven.alexander () kccd edu> From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Franzi Willenbuecher Sent: Friday, September 21, 2018 11:43 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Forensic Equipment Recommendations Hello, We are looking at upgrading our current forensic equipment - does anyone have a specific vendor or solution they recommend, especially relating to Apple and mobile devices? Thanks, Franzi [Emporia State University] Franzi Willenbuecher Information Security Training Analyst Information Technology Emporia State University 620-341-6704 fwillenb () emporia edu<mailto:fwillenb () emporia edu> hornet.emporia.edu
Current thread:
- Forensic Equipment Recommendations Franzi Willenbuecher (Sep 21)
- Re: Forensic Equipment Recommendations Rajewski, Jonathan (Sep 23)
- Re: Forensic Equipment Recommendations Steven Alexander (Sep 24)
- Re: Forensic Equipment Recommendations Franzi Willenbuecher (Sep 25)
- Re: Forensic Equipment Recommendations Steven Alexander (Sep 26)
- Re: Forensic Equipment Recommendations Franzi Willenbuecher (Sep 25)