SGA2008 SEC401 SEC504 SEC508
SECURITY 508

System Forensics, Investigation & Response
Laptop Requirement

!! IMPORTANT! BRING YOUR OWN LAPTOP CONFIGURED USING THESE DIRECTIONS!!

A properly configured computer system is required for each student participating in the workshop portion of this course. Before coming to class, download the forensic installation document www.sans.org/training/forensic_install.pdf that will describe the steps in detail to follow to complete the installation. If you do not carefully read and follow these instructions exactly, you are guaranteed to leave the course unsatisfied, since you will not be able to analyze the forensic images that we will hand out.

You will use VMware to simultaneously run multiple operating systems when performing the analysis in class. You must have VMware Workstation installed on your system prior to class beginning. If you do not own a licensed copy of VMware, you can download a free 30-day trial copy from www.vmware.com. VMware will send you a time-limited serial number if you register for the trial at their Web site.

We will give you a copy of Helix Forensic CD in addition to 3 investigative images to experiment with during the class and take home for later analysis. The student should make sure that all drivers are installed. Due to the hard drive space and processing requirements for the lab exercises during the course, for the student to get the most of the course he should come with a laptop with the Mandatory Laptop Requirements fulfilled which are listed below.

Mandatory Laptop Hardware Requirements:

  • PIII 1Ghz CPU Minimum / M Series 1.5 GHz or higher is recommended
  • DVD/CD Combo Drive
  • 1 Gigabyte of RAM minimum
  • 40 Gigabyte Hard Drive minimum (HARD DRIVE SIZE IS CRITICAL)
  • 30 Gigabytes of Free Space on your Hard Drive
  • Download and install WINZIP on your Windows Machine
  • Bring your INSTALLATION CD-ROMS or DVDs to the course

Follow these steps for your Forensic Laptop Installation

  • Download, print out, and follow the installation guide www.sans.org/training/forensic_install.pdf
  • Follow the steps in the install document to guide you through the installation Read F.A.Q. in the install document for any specific questions you might have.
  • Bring printed out installation guide to class www.sans.org/training/forensic_install.pdf
  • In summary, before you arrive at the conference, you should:
  • Bring the proper hardware configuration
  • Download the Forensics Install document and follow it exactly (www.sans.org/training/forensic_install.pdf)
  • Install VMware Workstation
  • Install a Windows 2000/XP/2003/Vista machine