Uploaded byjkvr100
PPTX, PDF713 views

The design of forensic computer workstations

The document discusses the design and importance of forensic computer workstations, authored by John Samborski, CEO of Ace Computers. It highlights essential factors such as evidence integrity, processing speed, media types, and the role of system integrators in creating optimized forensic workstations for data acquisition and analysis. Ace Computers emphasizes their expertise in custom technology development and offers insights into configurations necessary for effective digital forensics.

Downloaded 17 times
The Design of Forensic Computer Workstations Presented by John Samborski, CEO Ace Computers Ace Computers 575 Lively Blvd. Elk Grove Village, IL 60007-2013 Contact 877-ACECOMP (877-223-2667) www.acecomputers.com
About the presenter John Samborski, P.E. is a recognized expert in forensic information technology, with an extensive history of innovation and thought leadership in system integration. Since founding Ace Computers in 1983, he has aggressively pursued the development of custom, cost-effective products and services in concert with well-known industry leaders. He was a founding member of the Intel Premier Board of Advisors in 2002 and was awarded a life-time position. Ace Computers is one of the largest, oldest, and most respected custom technology developers and builders in the U.S. and holds numerous federal and state level contracts.
Evidence … needs to be extractable from electronically stored information (ESI) sources without corrupting that evidence. Properly designed forensic computer workstations help accomplish that goal.
What is digital forensics? The acquisition, scientific examination, and analysis of data retrieved from digital devices in such a way that the information can be used in a court of law or for the purposes of the retriever without any disturbance to that evidence.
Designing forensic workstations In order to design forensic workstations, the first determination is what types of media need to be forensically read, retrieved from suspect data, and included in the chain of custody.
Evidence and accuracy One of the most important steps is to ensure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime, to the investigator, and ultimately to the court.
The workstation’s purpose Another key design decision is the workstation’s purpose: data acquisition, processing, or both. Many systems are multi- purpose and can perform forensic data acquisition and processing equally well.
Processors and speed Other important considerations are the required processing speed, the number of processors, processor cores, and amount of memory anticipated for the data processing. •Systems are available with 1-4 processors and up to 1TB of RAM. •A popular configuration involves two Intel® Xeon® 6-core (each) processors and 256GB of DDR4 memory. •The number of processors and cores per processor should be determined by the system requirements of the software that will run.
The media type Another consideration is the type of media the system needs to acquire data from. Once this is established, the next step is to plan and include write-protected data acquisition methods. The most basic media is a hard drive write-blocked forensic bridge.
Write-blocked forensic bridges Write-blocked drive-bay mounted forensic bridges are available for all common hard drive types such as IDE, SATA, SAS, SCSI, IEEE1394 (Firewire), USB and with adapters for using 3.5”, 2.5”, and 1.8” size drives. A write-blocked flash media card reader is also useful for forensically reading media cards such as SD cards, CompactFlash, and others; this prevents the addition of anything to the source data.
Read-write considerations A read-only media card reader is best, since it will prevent accidental corruption of the data. A read- write switchable reader can potentially be corrupted, but by using a model that is incapable of writing data, that source of error can be eliminated. It’s simple to add a standard external flash reader/writer to the system. Although it will be obvious to users that this external flash is capable of corrupting data, the internal model should be write-blocked at all times.
Optical media Optical media is another common source of forensic data. This media is typically not written to without specialized software, so a standard DVD reader/writer or Blu-Ray reader/writer will perform this work adequately.
The storage system Once the data can be read in a forensically safe manner, the data needs to be stored on either a target drive, a RAID array, or both. With the storage system defined, the design of the RAID system or the allowance of destination drive bays needs to be specified.
GPU considerations Another decision is whether graphic processing units (GPUs)--for assistance in breaking passwords--need to be included. Normally, systems are shipped with a single graphics card used for display purposes, but users can also leverage the intense processing power of the GPU for assistance in brute-force password cracking through massively parallelized iterative attempts.
Higher end graphics cards By using a higher-end graphics card or multiple graphics cards, the forensic system can also be used to shorten the time needed to break a password installed on a system or to open up files which have been encrypted.
Password decryption servers Specialized password/decryption servers and clusters with multiple GPU optimized systems designed for 24-7 operation are also available, and are frequently used in the federal market by major government and law enforcement agencies.
Ace Computers’ findings Ace Computers has benchmarked numerous platforms and found the optimal design and configuration for the optimal operation of the GPU subsystem for password cracking and it is one of our strongest areas of expertise.
The value of a system integrator There are numerous items to consider when designing a forensic workstation and since the system components change often, it is best to work with a systems integrator that is actively involved in the market.
What the system integrator does The systems integrator will know how to optimize the design based on the latest software, hardware, and thermal techniques.
Integrators for government entities For government agencies, it also makes sense to work with a firm that can custom-design a system to exacting specifications and has popular contracting vehicles available to facilitate the purchase directly without the complications of contracting procedures.
Thank you! Any questions? Contact Ace Computers 877-ACECOMP/(877-223-2667) www.acecomputers.com

More Related Content

PPTX
Computer forensics
bydeaneal
 
PPT
Introduction to computer forensic
byOnline
 
PPTX
Case study on Physical devices used in Computer forensics.
byVishal Tandel
 
PPT
Computer forensics
byLalit Garg
 
PPT
Lecture 9 and 10 comp forensics 09 10-18 file system
byAlchemist095
 
PDF
Computer Forensic
bywillemvandrunen
 
DOCX
Computer Forensics Resources offers Remote Live Data Forensic Acquisition if ...
bycomputerforensicsresources
 
PPTX
Computer forensic 101 - OWASP Khartoum
byOWASP Khartoum
 
Computer forensics
bydeaneal
 
Introduction to computer forensic
byOnline
 
Case study on Physical devices used in Computer forensics.
byVishal Tandel
 
Computer forensics
byLalit Garg
 
Lecture 9 and 10 comp forensics 09 10-18 file system
byAlchemist095
 
Computer Forensic
bywillemvandrunen
 
Computer Forensics Resources offers Remote Live Data Forensic Acquisition if ...
bycomputerforensicsresources
 
Computer forensic 101 - OWASP Khartoum
byOWASP Khartoum
 

What's hot

PPT
Digital Forensics
byNicholas Davis
 
PPTX
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
byDr Raghu Khimani
 
PPTX
cyber forensics
byAmbuj Kumar
 
PPT
Lecture 8 comp forensics 03 10-18 file system
byAlchemist095
 
PPTX
Computer forensic
byShashi Mishra
 
PDF
Lecture #31 : Windows Forensics
byDr. Ramchandra Mangrulkar
 
PDF
Lecture #32: Forensic Duplication
byDr. Ramchandra Mangrulkar
 
PPTX
Digital Forensics by William C. Barker (NIST)
byAltheimPrivacy
 
PDF
An introduction to cyber forensics and open source tools in cyber forensics
byZyxware Technologies
 
PDF
CS6004 Cyber Forensics - UNIT IV
byArthyR3
 
PDF
Anti forensics-techniques-for-browsing-artifacts
bygaurang17
 
PPT
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
byAlchemist095
 
PDF
The Future of Digital Forensics
by00heights
 
PPTX
Digital Forensic Case Study
byMyAssignmenthelp.com
 
PDF
06 Computer Image Verification and Authentication - Notes
byKranthi
 
PPT
MFP Hard Drive Security
byDianaElarde
 
PPTX
Introduction To Forensic Methodologies
byLedjit
 
PDF
CS6004 Cyber Forensics - UNIT V
byArthyR3
 
PPTX
Data Recovery Services in Utah
byCarl Miller
 
PPT
Computer Forensics
byAlchemist095
 
Digital Forensics
byNicholas Davis
 
Investigative Tools and Equipments for Cyber Crime by Raghu Khimani
byDr Raghu Khimani
 
cyber forensics
byAmbuj Kumar
 
Lecture 8 comp forensics 03 10-18 file system
byAlchemist095
 
Computer forensic
byShashi Mishra
 
Lecture #31 : Windows Forensics
byDr. Ramchandra Mangrulkar
 
Lecture #32: Forensic Duplication
byDr. Ramchandra Mangrulkar
 
Digital Forensics by William C. Barker (NIST)
byAltheimPrivacy
 
An introduction to cyber forensics and open source tools in cyber forensics
byZyxware Technologies
 
CS6004 Cyber Forensics - UNIT IV
byArthyR3
 
Anti forensics-techniques-for-browsing-artifacts
bygaurang17
 
Lecture 4,5, 6 comp forensics 19 9-2018 basic security
byAlchemist095
 
The Future of Digital Forensics
by00heights
 
Digital Forensic Case Study
byMyAssignmenthelp.com
 
06 Computer Image Verification and Authentication - Notes
byKranthi
 
MFP Hard Drive Security
byDianaElarde
 
Introduction To Forensic Methodologies
byLedjit
 
CS6004 Cyber Forensics - UNIT V
byArthyR3
 
Data Recovery Services in Utah
byCarl Miller
 
Computer Forensics
byAlchemist095
 

Viewers also liked

PDF
Computer forensic
bySinggih Prasetya
 
PPT
Electornic evidence collection
byFakrul Alam
 
PDF
File000173
byDesmond Devendran
 
PPTX
Business Intelligence (BI) Tools For Computer Forensic
byDhiren Gala
 
PPTX
Implementing and Running SIEM: Approaches and Lessons
byAnton Chuvakin
 
PPTX
Capturing forensics image
byChris Harrington
 
PPTX
Computer forensic ppt
byOnkar1431
 
PPTX
BoyarMiller - You Lost Me At Gigabyte: Working with Computer Forensic Examiners
byBoyarMiller
 
PDF
How to Choose the Right Security Information and Event Management (SIEM) Solu...
byIBM Security
 
PDF
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
PPT
7 Forensic Science Powerpoint Chapter 07 Forensic Anthropology
byGrossmont College
 
PPTX
Intro to Forensic Science
bynicollins
 
PPTX
Introduction to forensic science
byAbby Varghese
 
PPTX
Computer Forensics in Fighting Crimes
byIsaiah Edem
 
PPTX
Forensic Science - 01 What is forensic science?
byIan Anderson
 
PPTX
Principles of forensic science
byBhoopendra Singh
 
ODP
MattockFS Computer Forensic File-System
byRob Meijer
 
PPTX
Document clustering for forensic analysis an approach for improving compute...
byMadan Golla
 
PPTX
Computer forensic
bybhavithd
 
PPT
Elements Of Forensic Science
byannperry09
 
Computer forensic
bySinggih Prasetya
 
Electornic evidence collection
byFakrul Alam
 
File000173
byDesmond Devendran
 
Business Intelligence (BI) Tools For Computer Forensic
byDhiren Gala
 
Implementing and Running SIEM: Approaches and Lessons
byAnton Chuvakin
 
Capturing forensics image
byChris Harrington
 
Computer forensic ppt
byOnkar1431
 
BoyarMiller - You Lost Me At Gigabyte: Working with Computer Forensic Examiners
byBoyarMiller
 
How to Choose the Right Security Information and Event Management (SIEM) Solu...
byIBM Security
 
Digital Evidence in Computer Forensic Investigations
byFilip Maertens
 
7 Forensic Science Powerpoint Chapter 07 Forensic Anthropology
byGrossmont College
 
Intro to Forensic Science
bynicollins
 
Introduction to forensic science
byAbby Varghese
 
Computer Forensics in Fighting Crimes
byIsaiah Edem
 
Forensic Science - 01 What is forensic science?
byIan Anderson
 
Principles of forensic science
byBhoopendra Singh
 
MattockFS Computer Forensic File-System
byRob Meijer
 
Document clustering for forensic analysis an approach for improving compute...
byMadan Golla
 
Computer forensic
bybhavithd
 
Elements Of Forensic Science
byannperry09
 

Similar to The design of forensic computer workstations

PPTX
Analysis of digital evidence
byrakesh mishra
 
PPTX
Computer forensics toolkit
byMilap Oza
 
PDF
02 Types of Computer Forensics Technology - Notes
byKranthi
 
PDF
Cyber Forensics Module 2
byManu Mathew Cherian
 
PPT
Computer Forensics Analysis and Validation.ppt
bymcjaya2024
 
PDF
computerforensics-140529094816-phpapp01 (1).pdf
byGnanavi2
 
PPTX
Computer forensics and its role
bySudeshna Basak
 
PPT
Fs Ch 18
bywarren142
 
PPT
Digital forensics
byNicholas Davis
 
PDF
Computer forencis
byTeja Bheemanapally
 
PDF
Learn Computer Forensics, Second Edition
byAnuraShantha7
 
PPT
Understanding computer investigation
byOnline
 
PDF
ResearchPaperITDF2435
byManuel Garza
 
PPTX
The Forensic Lab
byprimeteacher32
 
PPT
Srini
bySameera Amjad
 
PDF
The Realm Of Digital Forensics
byDonald Tabone
 
PDF
4.content (computer forensic)
byJIEMS Akkalkuwa
 
PPT
Codebits 2010
byTiago Henriques
 
PPT
Latihan3 comp-forensic-bab2
bysabtolinux
 
PPT
Law Enforcement Role In Computing
byCTIN
 
Analysis of digital evidence
byrakesh mishra
 
Computer forensics toolkit
byMilap Oza
 
02 Types of Computer Forensics Technology - Notes
byKranthi
 
Cyber Forensics Module 2
byManu Mathew Cherian
 
Computer Forensics Analysis and Validation.ppt
bymcjaya2024
 
computerforensics-140529094816-phpapp01 (1).pdf
byGnanavi2
 
Computer forensics and its role
bySudeshna Basak
 
Fs Ch 18
bywarren142
 
Digital forensics
byNicholas Davis
 
Computer forencis
byTeja Bheemanapally
 
Learn Computer Forensics, Second Edition
byAnuraShantha7
 
Understanding computer investigation
byOnline
 
ResearchPaperITDF2435
byManuel Garza
 
The Forensic Lab
byprimeteacher32
 
Srini
bySameera Amjad
 
The Realm Of Digital Forensics
byDonald Tabone
 
4.content (computer forensic)
byJIEMS Akkalkuwa
 
Codebits 2010
byTiago Henriques
 
Latihan3 comp-forensic-bab2
bysabtolinux
 
Law Enforcement Role In Computing
byCTIN
 

Recently uploaded

PDF
TrustArc Webinar - It’s Time to Rethink Privacy
byTrustArc
 
PDF
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
PPTX
2025 - AI terms & Meanings for Marketers
byashishav29
 
PDF
ODSC West 2025 OpenMetadata Workshop.pdf
byOpenMetadata
 
PDF
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
PDF
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
PDF
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
PDF
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
PDF
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 
PDF
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
PDF
MathML Core in WebKit
byIgalia
 
PDF
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
PDF
WebXR in Android and Linux with OpenXR
byIgalia
 
PDF
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
PDF
API Days Australia - API Management in the AI Era
byNilesh Gule
 
PDF
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
PDF
Leonard Janke and Petra Drotleff On Moral and Cybersecurity
byPetra Drotleff
 
PDF
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
PPTX
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
PDF
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 
TrustArc Webinar - It’s Time to Rethink Privacy
byTrustArc
 
MicroPython presentation - PyConFr Lyon 2025 - Amine Bendahmane
byAmine Bendahmane
 
2025 - AI terms & Meanings for Marketers
byashishav29
 
ODSC West 2025 OpenMetadata Workshop.pdf
byOpenMetadata
 
GDG Boise - Innovating with Google Cloud Artificial Intelligence
byJoey Brown
 
Session 4 - Agentic Testing with UiPath Agents
byDianaGray10
 
Session 8 Specialized AI Associate Series: Fundamentals of Model Training
byDianaGray10
 
Devfest Harare 2025 Slides [GDG Harare] - Combined Slide Deck
byGoogle Developer Group - Harare
 
Q8 DIGITAL IDENTITY HUB - WSO2 Oxygenate Italy 2025
byProfesia Srl, Lynx Group
 
Spec Driven Development with Kiro: Ensuring Quality and Traceability in the A...
byHaim Michael
 
MathML Core in WebKit
byIgalia
 
WPE Android 🤖 State of the Bot (2025)
byIgalia
 
WebXR in Android and Linux with OpenXR
byIgalia
 
How Tridens DevSecOps Ensures Compliance, Security, and Agility
byTridens
 
API Days Australia - API Management in the AI Era
byNilesh Gule
 
The Smol Training Playbook: The Secrets to Building World-Class LLMs
byRazin Mustafiz
 
Leonard Janke and Petra Drotleff On Moral and Cybersecurity
byPetra Drotleff
 
NPTEL Assignment Completed PDF FILE with ans
byadultme43
 
A GREEN BUSINESS TOOLKIT FOR EARLY-STAGE ENTREPRENEURS (1).pptx.pptx
bylearnskillsofficial1
 
Embedding sustainability: Tips for ebook and print production - Tech Forum 2025
byBookNet Canada
 

The design of forensic computer workstations

  • 1.
    The Design of ForensicComputer Workstations Presented by John Samborski, CEO Ace Computers Ace Computers 575 Lively Blvd. Elk Grove Village, IL 60007-2013 Contact 877-ACECOMP (877-223-2667) www.acecomputers.com
  • 2.
    About the presenter JohnSamborski, P.E. is a recognized expert in forensic information technology, with an extensive history of innovation and thought leadership in system integration. Since founding Ace Computers in 1983, he has aggressively pursued the development of custom, cost-effective products and services in concert with well-known industry leaders. He was a founding member of the Intel Premier Board of Advisors in 2002 and was awarded a life-time position. Ace Computers is one of the largest, oldest, and most respected custom technology developers and builders in the U.S. and holds numerous federal and state level contracts.
  • 3.
    Evidence … needs tobe extractable from electronically stored information (ESI) sources without corrupting that evidence. Properly designed forensic computer workstations help accomplish that goal.
  • 4.
    What is digitalforensics? The acquisition, scientific examination, and analysis of data retrieved from digital devices in such a way that the information can be used in a court of law or for the purposes of the retriever without any disturbance to that evidence.
  • 5.
    Designing forensic workstations Inorder to design forensic workstations, the first determination is what types of media need to be forensically read, retrieved from suspect data, and included in the chain of custody.
  • 6.
    Evidence and accuracy Oneof the most important steps is to ensure that the evidence has been accurately collected and that there is a clear chain of custody from the scene of the crime, to the investigator, and ultimately to the court.
  • 7.
    The workstation’s purpose Anotherkey design decision is the workstation’s purpose: data acquisition, processing, or both. Many systems are multi- purpose and can perform forensic data acquisition and processing equally well.
  • 8.
    Processors and speed Otherimportant considerations are the required processing speed, the number of processors, processor cores, and amount of memory anticipated for the data processing. •Systems are available with 1-4 processors and up to 1TB of RAM. •A popular configuration involves two Intel® Xeon® 6-core (each) processors and 256GB of DDR4 memory. •The number of processors and cores per processor should be determined by the system requirements of the software that will run.
  • 9.
    The media type Anotherconsideration is the type of media the system needs to acquire data from. Once this is established, the next step is to plan and include write-protected data acquisition methods. The most basic media is a hard drive write-blocked forensic bridge.
  • 10.
    Write-blocked forensic bridges Write-blockeddrive-bay mounted forensic bridges are available for all common hard drive types such as IDE, SATA, SAS, SCSI, IEEE1394 (Firewire), USB and with adapters for using 3.5”, 2.5”, and 1.8” size drives. A write-blocked flash media card reader is also useful for forensically reading media cards such as SD cards, CompactFlash, and others; this prevents the addition of anything to the source data.
  • 11.
    Read-write considerations A read-onlymedia card reader is best, since it will prevent accidental corruption of the data. A read- write switchable reader can potentially be corrupted, but by using a model that is incapable of writing data, that source of error can be eliminated. It’s simple to add a standard external flash reader/writer to the system. Although it will be obvious to users that this external flash is capable of corrupting data, the internal model should be write-blocked at all times.
  • 12.
    Optical media Optical mediais another common source of forensic data. This media is typically not written to without specialized software, so a standard DVD reader/writer or Blu-Ray reader/writer will perform this work adequately.
  • 13.
    The storage system Oncethe data can be read in a forensically safe manner, the data needs to be stored on either a target drive, a RAID array, or both. With the storage system defined, the design of the RAID system or the allowance of destination drive bays needs to be specified.
  • 14.
    GPU considerations Another decisionis whether graphic processing units (GPUs)--for assistance in breaking passwords--need to be included. Normally, systems are shipped with a single graphics card used for display purposes, but users can also leverage the intense processing power of the GPU for assistance in brute-force password cracking through massively parallelized iterative attempts.
  • 15.
    Higher end graphicscards By using a higher-end graphics card or multiple graphics cards, the forensic system can also be used to shorten the time needed to break a password installed on a system or to open up files which have been encrypted.
  • 16.
    Password decryption servers Specializedpassword/decryption servers and clusters with multiple GPU optimized systems designed for 24-7 operation are also available, and are frequently used in the federal market by major government and law enforcement agencies.
  • 17.
    Ace Computers’ findings AceComputers has benchmarked numerous platforms and found the optimal design and configuration for the optimal operation of the GPU subsystem for password cracking and it is one of our strongest areas of expertise.
  • 18.
    The value ofa system integrator There are numerous items to consider when designing a forensic workstation and since the system components change often, it is best to work with a systems integrator that is actively involved in the market.
  • 19.
    What the systemintegrator does The systems integrator will know how to optimize the design based on the latest software, hardware, and thermal techniques.
  • 20.
    Integrators for governmententities For government agencies, it also makes sense to work with a firm that can custom-design a system to exacting specifications and has popular contracting vehicles available to facilitate the purchase directly without the complications of contracting procedures.
  • 21.
    Thank you! Any questions? ContactAce Computers 877-ACECOMP/(877-223-2667) www.acecomputers.com