FIREBrick

Cybercrime has been a growing concern for the past two decades. What used to be the task of specialist national police squads has become the routine work of regional and district police departments. Unfortunately, the funding for cybercrime units does not seem to grow as fast as the amounts of digital evidence.

FIREBrick is an open source alternative to commercial hardware write blockers and disk imagers, which can be assembled from off-the shelf mass-produced components for around $199.

Here is a short introductory video about FIREBrick:

FIREBrick features

  • Autonomous disk imaging at speeds of up to 5Gb per minute
  • Images hashed on-the-fly with verification checks
  • Storage disk can be encrypted (via LUKS)
  • FireWire write blocker functionality, target drive is visible as a FireWire harddisk
  • Portable – fits in a small HTPC case (including display) – MiniITX form factor
  • Free, open source firmware
  • Can be fully customised to the needs of specific departments
  • Adheres to NIST Computer Forensic Tool Testing protocols
  • Automatically configured internal storage (none, single disk or RAID)
  • RAID mirroring and striping support
  • Unlimited configurations – possible development ideas: Android imaging, Kindle imaging, USB imaging, disk image searching… Get involved!!

List of parts

To build a FIREBrick you need:

  1. ASRock E350M1 Motherboard
  2. 1Gb DDR3 Desktop RAM (1333 or 1066)
  3. Dynamode PCIX3FW 3-Port Firewire PCIe card
  4. An LCD2USB 20×4 display (You can buy it from Lcdmodkit or you can make one yourself according to these instructions)
  5. 120W+ PSU

You will need a case of your choice that fits a mini-ITX (pretty much any case – or even make one yourself!).

If you want internal storage, you will need a SATA HDD. You will need two equal-sized HDDs for internal RAID storage. If you have no storage drives, you can still use the FIREBrick as a writeblocker, if you have a single storage disk you can image to that, if you have 2 storage drives the system will configure them for RAID ( RAID 0 or RAID 1).

FIREBrick Assembly steps:

  • Attach the motherboard to the caseDSC_0312
  • Connect the Power SW wire to the motherboard
    DSC_0318
  • Connect the Reset SW wires to the  motherboard
    DSC_0319
  • Connect the HDD wires to the motherboard
    DSC_0320
  • Connect the Power LED header to the motherboardDSC_0322
  • Connect the HD Audio wires to the motherboard
    DSC_0330
  • Connect the front LCD Screen wires to the motherboard
    DSC_0331
    LCD2USB
  • Insert the RAM into the motherboard
    DSC_0332
  • Connect SATA cables to the motherboard
  • Put the firewire card into the motherboard PCI-E slot.
    DSC_0338
  • Connect power supply header to the firewire card. Then connect the power header to the motherboard.
    DSC_0345
  • The finished FIREBrick.
    DSC_0276

 

Flashing the FIREBrick BIOS:

Visit https://github.com/leetobin/firebrick for source code, ROM and more instructions.

NEWS!

We’ve just created a new github repo for a new build of the FIREBrick. It uses WiFi.

https://github.com/leetobin/firebrickRemote

 

Comments

29 responses to “FIREBrick”

  1. Bernhard Otupal avatar
    Bernhard Otupal

    Congratulations! When I used to be with INTERPOL I wanted to build a tool which is cheap, forensically sound, and easy to use for developing countries. You built it. Well done Guys!

    1. Pavel Gladyshev avatar
      Pavel Gladyshev

      Thank you, Bernhard. Our talks about the needs of the developing world back in 2010 served as a motivation for this project.

  2. Alessandro avatar
    Alessandro

    Hi
    many thanks for your project:)
    Could you please tell us a lcd2usb seller inside European Union?

    Regards
    Alesssandro

    1. Lee Tobin avatar

      Hey Alesssandro,

      I don’t know of a European distributor, however http://lcdmodkit.com/ are quite good and their delivery times are reasonable.

      Cheers,
      Lee

      1. Alessandro avatar
        Alessandro

        thanks for your answer.
        the problem with lcdmodkit are tax and custom…could you please check some european big reseller to help us (on ebay, amazon, etc)?

        regards
        Alessandro

        1. Lee Tobin avatar

          Sure, I’ll take a look.

          Cheers,
          L

        2. Lee Tobin avatar

          We are working on another configuration of the FIREBrick, it won’t require an LCD screen. We’re using a WiFi dongle to allow the system to be controlled via a phone or computer. Should be available soon if you are interested…

          1. Alessandro avatar
            Alessandro

            very interested, if it’s possible. But I l’ike very much the LCD version 😉 Did you find any reseller in EU?
            Best regards
            A

  3. Marek avatar
    Marek

    Looks like a great project!
    Is there a certain reason why only a 1394a / FW400 card is used, instead of the more suitable FW800 version?

    Marek

    1. Pavel Gladyshev avatar
      Pavel Gladyshev

      Thank you, Marek,

      The only reason for using FW400 was to keep the cost of FIREBrick down. It should work with an FW800 PCIe card also, but we have not tested it yet.

      Best,
      Pavel

      1. Marek avatar
        Marek

        thanks Pavel!
        So…. how’s the driver situation then? I assume I won’t be able to just put any pcie fw800 card in the box, as most cards need different drivers.

        1. Lee Tobin avatar

          I reckon the kernel will pick the card up, if it’s a reasonably common card that is. You can just grep dmesg to check…

  4. Carlos avatar
    Carlos

    The ASRock E350M1 Motherboard is the only Mb thats works? Thanks.

    1. Lee Tobin avatar

      Well really any board will work. If you want to burn the OS to the BIOS you need a motherboard that supports Coreboot. If you want to boot from a USB flash drive then you can use any motherboard.

  5. Jason Alvarado avatar
    Jason Alvarado

    Very very nice. Heard about this project on the forensics lunch. Are we just write blocking firewire here or can we utilize other technologies such as USB3, eSATA, and Thunderbolt(eventually)?

    Jason

    1. Lee Tobin avatar

      Absolutely, I don’t see why you couldn’t use any technology. We just chose write-blocking over Firewire because we… well just chose it. If you did want to develop a new version of FIREBrick to include USB3 writeblocking, please do. And if we can help, let us know!

    2. Pavel Gladyshev avatar
      Pavel Gladyshev

      Just a small clarification. FIREBrick in its basic version writeblocks SATA/IDE and performs disk duplication. The write-blocked content is exported over FireWire for triage/preview. We chose FireWire because it allows FIREBrick to act as a peripheral device (like an external HDD or an Apple Mac in Target mode). You probably noticed that ASROCK motherboard has other connectors on the board: eSATA, and USB3 (in the newer version), but unlike FireWire, USB3 and eSATA are strictly master/slave and the controllers on the ASROCK motherboard are hardwired to be masters.

      You could configure FIREBrick to export data over USB3 if you install an appropriate USB3 card, like USB3380EVB, but we have not tested it yet.

  6. Nick Knowles avatar
    Nick Knowles

    Couple things:

    1. Ever thought about adding this to kickstarter and selling completed version of it? Like a “supported version”. I can’t get a lot of the parts where I live. Or even selling pre-configured ones with a bit of a markup with the proceeds going back into the program?

    2. Does this suppose USB wiping as well similar to how it would function with a hdd?

    1. Lee Tobin avatar

      Hi Nick,

      Sorry for the delay in reply! That’s a very good idea, and I’m going to suggest it to the other devs.

      It doesn’t support USB wiping but that functionality could very easily be added to the system. I’ll make a note of it for sure.

      Cheers,
      Lee

  7. Salvatore Fiorillo avatar
    Salvatore Fiorillo

    Hi there,
    very nice and interesting work.
    For a security project on mobile forenisc (for some reasons, I have been cited in the 2014 NIST guide) I am in the need to build a forensic station from the scatch to add some innovative function. Please can you send a direct email adddress so I can explain what I/we could do?
    Thanks
    Salvatore

    1. Lee Tobin avatar

      Hi Salvatore,

      I’ve emailed you directly.

      Cheers,
      Lee

  8. Mario Luis LOPEZ avatar
    Mario Luis LOPEZ

    I found your publication, and I would like to know if this device is sold by you already armed and with the software loaded, what does it cost in dollars and if you make international shipments to Paraguay?

    1. Pavel Gladyshev avatar
      Pavel Gladyshev

      Please see my previous response

  9. Yannick avatar
    Yannick

    Hi, and thank you for such a great work you do here, but I’m wondering, is this project abandoned ? As I see no updates in comments since years and I cannot imagine a so exciting project staying still so long.

    Then I’m wondering… being an IT consultant, I need more and more to proceed data collection for private cases, but could your Firebrick be certified for legal forensic ?

    I heard about a company called Cyanline that proposes a commercial alternative that looks like a lot your firebrick but I’m actually looking for a cheaper solution.

    1. Pavel Gladyshev avatar
      Pavel Gladyshev

      No it is still kicking.

  10. Yannick avatar
    Yannick

    Hi Lee,

    Could you tell me if this project is still continued ?

    If yes, I’d like to have more informations about hardware, as the mainboard is not available anymore.

    Thanks a lot,

    Cheers,

    Yannick

    1. Pavel Gladyshev avatar
      Pavel Gladyshev

      Hello Yannick,

      Lee is currently finishing up his PhD, so it was put on hold, but yes we are pretty much continuing with it. What is your query?

      Pavel

  11. Mario Luis LOPEZ avatar
    Mario Luis LOPEZ

    good morning I have read your answers, I congratulate you for having finished your Doctorate. The consultation is, therefore I work in Cybercrime (from an emerging country in the development of the Spanish-speaking world: Argentina), in which the investigative police agencies do not have a “budget” to access brand devices in the market for these areas As for the acquisitions of forensic images, that is the daily reality of my work (as it was stated in his thesis), his thesis solves practically the problem that I face every day: how to obtain a forensic image of a magnetic support without cross contamination at a low cost? The real problem that I face and for this question I consult is that currently (the motherboard recommended for the assembly of the device) ‘is not manufactured anymore and it is practically impossible to get it’ for this question, I consult it:

    if you could update the requirement of the motherboard with another similar one that can be obtained in the market (that is currently frabrique). I’m waiting for a private email, so I could inform you of the difficulties with that motherboard to get it. Thank you.

  12. Harvey Roth avatar
    Harvey Roth

    It has been some where around six (6) years since checking this site about this FireBrick device. Has it been updated to the available hardware, today in 2023 ? Otherwise, I would suggest that it could be created as a dedicated device for the Lab from older tech.
    If it has or will be updated, would you be moving to a Motherboard with a Main Bus that is PCIe 5 verified ? Thank you for responding.

Leave a Reply to Lee Tobin Cancel reply

Your email address will not be published. Required fields are marked *