Mac Forensic Hardware

Macintosh Forensic Hardware

The Macintosh platform is uniquely positioned as the only hardware capable to running each operating system available, whether natively or thru virtualization. No PC can boast this and no PC can fully analyze Macintosh data because it cannot run OS X. In some OS X based cases, if you are not equipped with a Macintosh, you simply will NOT be able to analyze the data presented.

The number one question asked of any person setting up a new digital forensic laboratory will be of equipment. When considering your laboratory equipment, it will most important to consider the tasks you will need to accomplish. If your budget will allow for 2 separate computers, 1 for the laboratory and 1 for travels, you might consider the smaller screen Macbook Pro, for instance, as your mobile solution. With this in mind, here is a few suggested hardware setups for a successful Macintosh digital forensic laboratory:

NOTE: Although we have links to our Amazon store throughout this article, we highly encourage you to look at the “Sources” mentioned at the end of the article as well. We appreciate all of the support you give us by shopping thru our Store, but we also appreciate that each of you need to save money too.

Desktop

Mac Pro - this is Apple's top of the line desktop computer. The Mac Pro offers the ultimate in expansion, speed and internal storage possibilities. You likely will not find a single case that cannot be processed with this machine. Most important when purchasing this machine is the processor choice. The processor is not easily upgraded and voids the warranty if attempted. All other parts can be added later such as more RAM, additional cards, drives, etc. The Mac Pro can be configured with hardware RAID as well as a fiber card for connectivity to Apple's XSan storage.
Mac Mini - this is Apple's only "headless" offering and it has been revamped to offer quite a bit of power in a small box. The downside of a Mac Mini is its inability to expand internally, but it has plenty of external connectivity on the outside. For digital analysis, consider the 2 hard drive option and use the Apple software RAID to create a significant speed increase in data throughput. You can always add a DVD/CD burner externally. The processor in the Mac Mini is not easily upgraded so consider the fastest processor you can afford at the time of purchase. You can upgrade RAM and hard drive capacity (and speed) internally. The Mac Mini will has wireless N and gigabit ethernet as well.

Mobile

Macbook Pro - this is most capable laptop as it comes with an array of expansion ports, top of the line graphics card, and the fastest available mobile processor choices. If you need to use the Macbook Pro as you only system, many docking choices are available to make your life easier. When considering the Macbook Pro, you need to consider both the processor and screen size. Each of these are not upgradable. Our suggestion is to purchase the fastest processor your budget allows for because of the lack upgradability.
Macbook Air - this is the least capable Mac when it comes to digital forensics. Because of its lack of ports and expansion slots, carefully consider what a Macbook Air is made for before purchasing this machine for a digital forensic laboratory.

Network

Airport Extreme and Time Capsule - Apple offers 2 4-port gigabit routers, the Time Capsule also being a storage device. What is unique about these routers over other manufacturers offerings is the ease of integration with your Macintosh laboratory, especially if you are looking into being Mobile.
iPod Touch (or iPhone) with WiFiFoFum installed - WiFiFoFum is a wireless network mapper that will find SSID, security (WEP, WPA, etc.) info, and map access points for you. Other apps are available through the iTunes Store.

Server

XServe - Apple’s rack-mountable machine that offers top of the line processing power with hot-swappable parts. Combine this (or a Mac Pro) with Promise Storage for the ultimate in both processing power and evidence storage.
Mac Mini Server - Apple is now offering the Mac Mini with Snow Leopard (10.6) Server preinstalled with 2 hard drives inside. This tiny Mac is outstanding to work as a processing station for a digital laboratory. The downside to this machine is the lack of eSATA expansion, but you will have Firewire 800 and USB2 ports.
Promise Storage and XSan - this is where Apple really begins to shine with storage. When you combine the Promise storage option with an XServe or Mac Pro with the speed of Fiber connectivity and add to the mix Apple’s XSan file system, you have a superior experience for speed and manageability of your evidence.

NOTE: When it comes to Server and storage setup for your evidence, you will want to make certain you have this set up properly. Apple has made great strides in making installation easy, but Server installations are still not meant for the inexperienced. When it comes to your evidence, consider the assistance of Apple Professional Services or Mac Professionals.

Sources

Our Store with Amazon discounts
Apple Refurbished Macs, a GREAT way to save money on Macs
Apple Government and Education
Mac Professionals offers setup of small to large scale roll-outs and Data Recovery
CDWg offers Government discounts as well as professional services.

breadcrumb → Welcome → OS X → Setup Your Lab → Mac Forensic Hardware

Our Site Sponsors