Setting up digital forensics hardware servers

Forensic server hardware must be capable of storing huge data amounts that it then process for the forensic analysts. Hard drives of multiple terabytes are common and therefore a forensic server ‘farm’ must be capable of processing massive multi terabyte volumes of data and also be able to process it all in memory. This is best achieved by using a SAN (Storage Area Network) that is expandable to match forensic case and analyst needs. It’s possible that this could use a cloud computing infrastructure, but of course this relies on decent (fibre) internet connection which huge upload and download speeds. Here’s a checklist of considerations when setting up digital forensic servers.

  • Service continuity – what’s the up / down time?
  • Employees – are they security cleared?
  • Logistics – how is a digital forensics investigation undertaken with this setup?
  • Security – how secure is this setup? Schedule some penetration testing?
  • Location – where the data is stored dictates what laws apply to it.
  • Compliance – with ISO17025, you will need to demonstrate and prove compliance to it.