Hi everyone. Long time lurker.. But thought I'd bite the bullet and take a long shot if anyone has some info on digital forensics.
I am enrolled to study my masters degree in cyber studies which includes digital forensics. I have been using a macbook pro for several years now. But have been told I need a windows computer for the course.
Is there any suggestions of specs required for what I specifically need for DF?
Any help will be appreciated.
Digital forensics help
Comments
I already have Windows 7 on my Mac on a Virtual Machine - however it does impact the performance. I was just wanting to see if anyone was on here that has experience in the field of digital forensics and knows how much ram/processor i need to adequately perform the tasks required. My main goal is to have it set up as a Lab workstation which is capable of running several operating systems at once.
post grad in an IT related field and you need help for buying a laptop?
Ah no - Actually I have a degree in law enforcement and doing a cyber investigations field study as post grad. And I never mentioned I am experienced in the field of IT. Hence my post! Most of the people in the course are experienced in IT - however my background is investigations side. Once again my post is after DIGITAL FORENSICS experienced people!!
It's just an assumption for the title. I had also assumed you had some IT experience. Not related to your question just general advice, if you havent heard of COFEE have a read up on some of the tools it included to give you a starting idea of what windows stores.
Op bought a mac book. We can assume he unlikely to be an expert in IT.
Exactly.
Without an IT background the OP is also gonna have a real steep learning curve - not only the idiosyncracies of Windows low-level functions like CMD, but then dumping the actual course required programs on top.
I dare say that your teachers will provide the best insight as to your requirements anyway.
I suggest you check with the course instructor, failing that a related reddit sub. Dont have any real digital forensics experience but I will take a stab in the dark for you. You want at least 8gb of ram, 16gb would be ideal if you are going to vm. If you want to vm or bootcamp then run something like Process Explorer or mac equivalent to see how your mac is handling it. Windows track you in so many files & registry entries. Depending on how serious they are, you might have to make (use) an image of a suspects drive while you extract/analyse the data to protect it's integrity for court. I think you will want a quad core for when it comes to scanning for deleted files, scanning hibernate file etc.
The forensics tools will likely require direct access to the disks.. Which is going to be at least a PITA with a hypervisor in the way. Run Windows on bare metal to save that frustration.
Either use bootcamp or but a dedicated windows machine. SSD and 16gb ram would be good.
As a side note, I run VMS using virtual box and usually I allocate 50% of my 16gb ram and run it from my SSD not the HDD. In fact I have a dedicated SSD for just this. The VMS run great, both Linux and windows.
If you are going to be using tools like chntpw, Cuckoo, and Regripper. You should find a laptop with a Realtek wireless card to ensure that the software can communicate with the driver properly and so that any packets being collected don't contain bad blocks. You should also consider a laptop with more than 8gb of ram and a CPU with 4 cores and 4 hyperthreaded.
Thank you everyone who understood my post and apologies for the confusion - I understand i am in for a learning curve. But i am always willing to learn new things :) I see people are recommending a laptop over desktops which helps me… so thank you!
Put Windows on it?
https://support.apple.com/en-au/HT201468