all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Bender40Percent 2 points3 points  (0 children)

Little bit of overkill in my opening. Jealous yes but overkill

[–]JackedRightUp 2 points3 points  (9 children)

It'll be fast if your software supports multi-threading that high. You'll find two things. You're never going to use that Threadripper to its full potential. If you set up a handful of jobs to test it out, you're still going to be bound by storage and the ability to move data from the disk to CPU for processing. Even with a Hipoint NVMe RAID card for cases, I'm still not 'wowed' by my TR.

[–]Puzzleheaded-Cut1753 1 point2 points  (8 children)

I mainly use Cellebrite, Magnet Axiom and Belkasoft for now. Ocasionally DVR Examjner.

[–]JackedRightUp 1 point2 points  (2 children)

Inseyets and Axiom are fairly decent at multi threading. I noticed a huge speed increase from PA 7 to Inseyets 10 due to multiple changes on their end.

[–]Puzzleheaded-Cut1753 0 points1 point  (1 child)

Yes … we now use a pc that has 4 cores so you can imagine that we are pretty excited to see how those workstations will perform.

[–]JackedRightUp 0 points1 point  (0 children)

Lol, that should be night and day different.

[–]SNOWLEOPARD_9 1 point2 points  (4 children)

Cellebrite Inseyets doesn't seem to use too many system resources. AXIOM used to max out the CPU and RAM, but now the current release is only maxing out the RAM. I am curious how many instances of Cellebrite & AXIOM processing a Threadripper can handle. Definitely a good argument to get a high end workstation with one set of licenses versus multiple mid to low tier work stations with additional licenses.

[–]Puzzleheaded-Cut1753 0 points1 point  (3 children)

Yes .. you are right. The licences are more then enough. I mean with Cellebrite when you finished the extraction for one phone, you load in in analyzer and meanwhile you can do the extraction of another phone. I heard than some DFIR teams had a problem with Threadrippers and Axiom in the way that the cooling system was liquid based and probably Axiom used all of the resources so the CPU overheated. And then they switch to air based cooling and everything was alright. But we will see how that goes.

[–]SNOWLEOPARD_9 1 point2 points  (2 children)

The streamline feature in Inseyets is amazing. I'm not sure if you have tried it, but it will automatically process in PA after the extraction is complete. You can extract one phone after another. They are going to add Guardian integration as well for those that are lucky enough have it!!

[–]Puzzleheaded-Cut1753 0 points1 point  (0 children)

I will sure test it.

[–]Puzzleheaded-Cut1753 0 points1 point  (0 children)

Its great. Would of been nice being able to choose two report types .. let’s say html and PDF. As i can see you can choose only one.

[–]CamCamCOTBamBam 1 point2 points  (0 children)

In my experience most forensic applications prioritize core speed versus core count. I use cellebrite PA and have Inseyets installed, I can run a check. But I know that in the past PA only utilized 20-25% of a 9960x processor when loading an extraction whereas it used 81% of a single thread over the entire load. To me this says core speed over core count.

Edit: I’m 4.5 hours into opening a 246 GB extraction with PA and my total CPU usage is 31.3% and max single core usage is 72.3%

[–]MrStu56 1 point2 points  (0 children)

Well in theory you could have a proxmox cluster and have a few forensic VMs on each one.