Tactical Forensics Platform

April 24, 2008 – 2:32 PM

Earlier I wrote about my proposed Tactical Network Security Monitoring Platform. Today I finally sat down and installed the operating systems I need on this system to create a portable tactical forensics and investigation platform. I did not want to use my main work laptop for this sort of work because I do not administer it. I needed my forensics platform to be separate from the corporate domain and totally under my control. I only feel comfortable attesting to the configuration of a system doing forensics if I built it from the ground up and I am the sole administrator.

For operating systems, I had three needs. I wanted Windows XP because the majority of commercial forensics software runs on Windows. I wanted Ubuntu Hardy Heron so I could have access to Linux forensics software and VMware Server. (Windows is also a possible VMware Server candidate, but I might install a copy of VMware Workstation on the Windows side.) I wanted FreeBSD 7.0 in case I needed to do packet capture and related network security monitoring tasks.

I decided to triple-boot these three operating systems. The box has three logical hard drives. Two are physical (147 GB each) and the third is a RAID 0 array resulting in a single HDD of 447 GB.

Before I got the following to work I had to experiment with various setups. The following is what I settled upon. I’m posting this information for future reference and for those who might want to try the same setup.

First I installed Windows XP on the only HDD it could see, one of the 147 GB HDDs. I thought this a little odd, but it suited my purposes. I rebooted and Windows started without incident.

Read the rest of the story…

You must be logged in to post a comment.