FIREBrick

Cybercrime has been a growing concern for the past two decades. What used to be the task of specialist national police squads has become the routine work of regional and district police departments. Unfortunately, the funding for cybercrime units does not seem to grow as fast as the amounts of digital evidence.

FIREBrick is an open source alternative to commercial hardware write blockers and disk imagers, which can be assembled from off-the shelf mass-produced components for around $199.

Here is a short introductory video about FIREBrick:

FIREBrick features

Autonomous disk imaging at speeds of up to 5Gb per minute
Images hashed on-the-fly with verification checks
Storage disk can be encrypted (via LUKS)
FireWire write blocker functionality, target drive is visible as a FireWire harddisk
Portable – fits in a small HTPC case (including display) – MiniITX form factor
Free, open source firmware
Can be fully customised to the needs of specific departments
Adheres to NIST Computer Forensic Tool Testing protocols
Automatically configured internal storage (none, single disk or RAID)
RAID mirroring and striping support
Unlimited configurations – possible development ideas: Android imaging, Kindle imaging, USB imaging, disk image searching… Get involved!!

List of parts

To build a FIREBrick you need:

ASRock E350M1 Motherboard
1Gb DDR3 Desktop RAM (1333 or 1066)
Dynamode PCIX3FW 3-Port Firewire PCIe card
An LCD2USB 20×4 display (You can buy it from Lcdmodkit or you can make one yourself according to these instructions)
120W+ PSU

You will need a case of your choice that fits a mini-ITX (pretty much any case – or even make one yourself!).

If you want internal storage, you will need a SATA HDD. You will need two equal-sized HDDs for internal RAID storage. If you have no storage drives, you can still use the FIREBrick as a writeblocker, if you have a single storage disk you can image to that, if you have 2 storage drives the system will configure them for RAID ( RAID 0 or RAID 1).

FIREBrick Assembly steps:

Attach the motherboard to the case
Connect the Power SW wire to the motherboard
Connect the Reset SW wires to the motherboard
Connect the HDD wires to the motherboard
Connect the Power LED header to the motherboard
Connect the HD Audio wires to the motherboard
Connect the front LCD Screen wires to the motherboard
Insert the RAM into the motherboard
Connect SATA cables to the motherboard
Put the firewire card into the motherboard PCI-E slot.
Connect power supply header to the firewire card. Then connect the power header to the motherboard.
The finished FIREBrick.

Flashing the FIREBrick BIOS:

Visit https://github.com/leetobin/firebrick for source code, ROM and more instructions.

NEWS!

We’ve just created a new github repo for a new build of the FIREBrick. It uses WiFi.

https://github.com/leetobin/firebrickRemote

Comments

29 responses to “FIREBrick”

Bernhard Otupal

7 May, 2013

Congratulations! When I used to be with INTERPOL I wanted to build a tool which is cheap, forensically sound, and easy to use for developing countries. You built it. Well done Guys!

Reply
1. Pavel Gladyshev
  
  18 May, 2013
  
  Thank you, Bernhard. Our talks about the needs of the developing world back in 2010 served as a motivation for this project.
  
  Reply
Alessandro

22 July, 2013

Hi
many thanks for your project:)
Could you please tell us a lcd2usb seller inside European Union?

Regards
Alesssandro

Reply
1. Lee Tobin
  
  22 July, 2013
  
  Hey Alesssandro,
  
  I don’t know of a European distributor, however http://lcdmodkit.com/ are quite good and their delivery times are reasonable.
  
  Cheers,
  Lee
  
  Reply
  1. Alessandro
    
    24 July, 2013
    
    thanks for your answer.
    the problem with lcdmodkit are tax and custom…could you please check some european big reseller to help us (on ebay, amazon, etc)?
    
    regards
    Alessandro
    
    Reply
    1. Lee Tobin
      
      25 July, 2013
      
      Sure, I’ll take a look.
      
      Cheers,
      L
      
      Reply
    2. Lee Tobin
      
      9 August, 2013
      
      We are working on another configuration of the FIREBrick, it won’t require an LCD screen. We’re using a WiFi dongle to allow the system to be controlled via a phone or computer. Should be available soon if you are interested…
      
      Reply
      1. Alessandro
        
        16 September, 2013
        
        very interested, if it’s possible. But I l’ike very much the LCD version 😉 Did you find any reseller in EU?
        Best regards
        A
Marek

24 July, 2013

Looks like a great project!
Is there a certain reason why only a 1394a / FW400 card is used, instead of the more suitable FW800 version?

Marek

Reply
1. Pavel Gladyshev
  
  24 July, 2013
  
  Thank you, Marek,
  
  The only reason for using FW400 was to keep the cost of FIREBrick down. It should work with an FW800 PCIe card also, but we have not tested it yet.
  
  Best,
  Pavel
  
  Reply
  1. Marek
    
    25 July, 2013
    
    thanks Pavel!
    So…. how’s the driver situation then? I assume I won’t be able to just put any pcie fw800 card in the box, as most cards need different drivers.
    
    Reply
    1. Lee Tobin
      
      2 August, 2013
      
      I reckon the kernel will pick the card up, if it’s a reasonably common card that is. You can just grep dmesg to check…
      
      Reply
Carlos

9 August, 2013

The ASRock E350M1 Motherboard is the only Mb thats works? Thanks.

Reply
1. Lee Tobin
  
  12 August, 2013
  
  Well really any board will work. If you want to burn the OS to the BIOS you need a motherboard that supports Coreboot. If you want to boot from a USB flash drive then you can use any motherboard.
  
  Reply
Jason Alvarado

10 September, 2013

Very very nice. Heard about this project on the forensics lunch. Are we just write blocking firewire here or can we utilize other technologies such as USB3, eSATA, and Thunderbolt(eventually)?

Jason

Reply
1. Lee Tobin
  
  11 September, 2013
  
  Absolutely, I don’t see why you couldn’t use any technology. We just chose write-blocking over Firewire because we… well just chose it. If you did want to develop a new version of FIREBrick to include USB3 writeblocking, please do. And if we can help, let us know!
  
  Reply
2. Pavel Gladyshev
  
  11 September, 2013
  
  Just a small clarification. FIREBrick in its basic version writeblocks SATA/IDE and performs disk duplication. The write-blocked content is exported over FireWire for triage/preview. We chose FireWire because it allows FIREBrick to act as a peripheral device (like an external HDD or an Apple Mac in Target mode). You probably noticed that ASROCK motherboard has other connectors on the board: eSATA, and USB3 (in the newer version), but unlike FireWire, USB3 and eSATA are strictly master/slave and the controllers on the ASROCK motherboard are hardwired to be masters.
  
  You could configure FIREBrick to export data over USB3 if you install an appropriate USB3 card, like USB3380EVB, but we have not tested it yet.
  
  Reply
Nick Knowles

15 November, 2013

Couple things:

1. Ever thought about adding this to kickstarter and selling completed version of it? Like a “supported version”. I can’t get a lot of the parts where I live. Or even selling pre-configured ones with a bit of a markup with the proceeds going back into the program?

2. Does this suppose USB wiping as well similar to how it would function with a hdd?

Reply
1. Lee Tobin
  
  15 January, 2014
  
  Hi Nick,
  
  Sorry for the delay in reply! That’s a very good idea, and I’m going to suggest it to the other devs.
  
  It doesn’t support USB wiping but that functionality could very easily be added to the system. I’ll make a note of it for sure.
  
  Cheers,
  Lee
  
  Reply
Salvatore Fiorillo

21 June, 2014

Hi there,
very nice and interesting work.
For a security project on mobile forenisc (for some reasons, I have been cited in the 2014 NIST guide) I am in the need to build a forensic station from the scatch to add some innovative function. Please can you send a direct email adddress so I can explain what I/we could do?
Thanks
Salvatore

Reply
1. Lee Tobin
  
  5 August, 2014
  
  Hi Salvatore,
  
  I’ve emailed you directly.
  
  Cheers,
  Lee
  
  Reply
Mario Luis LOPEZ

14 December, 2017

I found your publication, and I would like to know if this device is sold by you already armed and with the software loaded, what does it cost in dollars and if you make international shipments to Paraguay?

Reply
1. Pavel Gladyshev
  
  19 January, 2018
  
  Please see my previous response
  
  Reply
Yannick

3 January, 2018

Hi, and thank you for such a great work you do here, but I’m wondering, is this project abandoned ? As I see no updates in comments since years and I cannot imagine a so exciting project staying still so long.

Then I’m wondering… being an IT consultant, I need more and more to proceed data collection for private cases, but could your Firebrick be certified for legal forensic ?

I heard about a company called Cyanline that proposes a commercial alternative that looks like a lot your firebrick but I’m actually looking for a cheaper solution.

Reply
1. Pavel Gladyshev
  
  19 January, 2018
  
  No it is still kicking.
  
  Reply
Yannick

8 January, 2018

Hi Lee,

Could you tell me if this project is still continued ?

If yes, I’d like to have more informations about hardware, as the mainboard is not available anymore.

Thanks a lot,

Cheers,

Yannick

Reply
1. Pavel Gladyshev
  
  19 January, 2018
  
  Hello Yannick,
  
  Lee is currently finishing up his PhD, so it was put on hold, but yes we are pretty much continuing with it. What is your query?
  
  Pavel
  
  Reply
Mario Luis LOPEZ

19 February, 2018

good morning I have read your answers, I congratulate you for having finished your Doctorate. The consultation is, therefore I work in Cybercrime (from an emerging country in the development of the Spanish-speaking world: Argentina), in which the investigative police agencies do not have a “budget” to access brand devices in the market for these areas As for the acquisitions of forensic images, that is the daily reality of my work (as it was stated in his thesis), his thesis solves practically the problem that I face every day: how to obtain a forensic image of a magnetic support without cross contamination at a low cost? The real problem that I face and for this question I consult is that currently (the motherboard recommended for the assembly of the device) ‘is not manufactured anymore and it is practically impossible to get it’ for this question, I consult it:

if you could update the requirement of the motherboard with another similar one that can be obtained in the market (that is currently frabrique). I’m waiting for a private email, so I could inform you of the difficulties with that motherboard to get it. Thank you.

Reply
Harvey Roth

28 April, 2023

It has been some where around six (6) years since checking this site about this FireBrick device. Has it been updated to the available hardware, today in 2023 ? Otherwise, I would suggest that it could be created as a dedicated device for the Lab from older tech.
If it has or will be updated, would you be moving to a Motherboard with a Main Bus that is PCIe 5 verified ? Thank you for responding.

Reply