HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 33 guests and 1 member online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Forensicsarrow Need Help - Over 2TB Raid array in forensic workstation
EH-Net
May 25, 2013, 10:42:41 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Need Help - Over 2TB Raid array in forensic workstation  (Read 4629 times)
0 Members and 1 Guest are viewing this topic.
harky
Newbie
*
Offline Offline

Posts: 10

Hard-working IT professional relocating to NE IL


View Profile
« on: June 11, 2008, 02:02:13 PM »
Recently we acquired funding to purchase a new fileserver/forensics workstation. Here is what we have:

ASUS M3N-HD/HDMI motherboard
AMD Phenom 9550 2.2 GHz Quad-Core processor
4 GB DDR2 1066 RAM
6 - Seagate Barracuda 1 TB hard drives
Western Digital 120 GB IDE drive (for operating system)
other hardware as needed

Here is what we want to do:
120 GB drive is the main operating system drive
6x1TB drives in RAID 5 array (approx. 4.5 TB when finished) is storage for current / recent cases.

Currently all of our forensic workstations run Win XP Pro SP2 (32-bit).
I would like to keep it that way, however, XP (32-bit) doesn't support a single drive over 2TB because of the way MBR works and of course, the raid array shows up in Windows as a single 4.54 TB drive.

So here are the options I've come up with:

1. Temporarily install Vista and get the raid array set up as GPT with a single NTFS partition, then reinstall Win XP SP2 and use GPT Mounter by Mediafour to mount the drive.

2. Realize that the world moves on and just switch to Vista Enterprise as the OS for the new system. Should have drivers for all the hardware, but question how software will like this.

3. Switch to Windows Server 2003 SP1 (or greater). Not sure about drivers, will have to look. Also unsure about software.



So, my question is - what would you recommend? Does anyone have experience with a Vista or Server 2003 forensics workstation? We primarily use EnCase v5.05j for our forensics work with
NetAnalysis 1.36,
FTK Imager 2.3,
SnagIt 7.1,
CaseNotes 1.0.2007.7
Paraben Email Examiner 5.0
BitPim 0.9.12
Flint Software's Case Manager 1.2.6
QuickView Plus 6.0.1
and other miscellaneous tools which are rarely used.

If you have any experience with any of the above software working or not working in either Vista Enterprise or Server 2003 SP1 (or later), I would appreciate it. Also if you have experience with the 64-bit versions of these operating systems and whether they would be beneficial or not, I'd like to hear it. I know that for Vista, 64-bit is needed to take full advantage of the 4 GB of RAM.
Logged
Daniel Harkness
MCSA, MCSE, CCE
MS - CprE and InfAs
BS - CprE
BS - ComS
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.068 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.