Computer Forensics Labs

FacebookTwitterGoogle+LinkedInEmail
Description
[toggle_content title="Transcript"] Hi, Leo Dregier here. We’re going to talk about what goes into a computer forensics lab. Lots of considerations, so, clearly there’s going to be a lot of planning that has to go on, right? You’re not just just going to wake up one morning and go poof, okay, we need a forensics lab. There’s going to have to go a lot—there’s going to need to be a lot of thought that goes into this, right? So, somebody’s going to have to pay for that, so some of the things that you may want to consider are, for example, the physical location. Is it going to be in a close proximity or in another building from your normal operations? What are the environmental conditionings? Conditions like uh, heating, ventilation, air conditioning, fire suppression systems. Uh, ease of access and things like that. Is it going to meet any sort of TEMPEST or EMSEC requirements? If so the, the price dramatically skyrockets. Does it meet all of your ordinance and codes and laws and regulations? Uh, how you going to control access to it, right? Is it going to be on the first floor? Is it going to be on the top floor? Is it going to be in the basement? All of these are considerations that we have to evaluate. Um, how are you going to work with the different licensing models? Um, what are the electrical requirements? Somebody’s going to have to power the lab, right? How are we going to address things like work area separation? Is everybody realistically intended to work in the same physical location or is it just going to be a bunch of cubicles? Or are you going to have hard drive analysis on one part or are you going to have wireless devices in another part, ballistics in another, right? How are you going to integrate with human resources and other traditional work environment um, components like uh, human resources or accounting or payroll or employee timesheets and things like that? Um, we’re going to talk a lot about auditing because there’s a variety of auditing entities. Have your, someone to come in and evaluate your lab to get it—make sure that it meets all of the international and national um, requirements. Okay, we’ve got uh, actual hardware that’s going to go into the labs, right? So there’s going to be a lot of hard drive consideration. Does it meet all of your ordinance and codes and laws and regulations? Uh, how you going to control access to it, right? Is it going to be on the first floor? Is it going to be on the top floor? Is it going to be in the basement? All of these are considerations that we have to evaluate. Um, how are you going to work with the different licensing models? Um, what are the electrical requirements? Somebody’s going to have to power the lab, right? How are we going to address things like work area separation? Is everybody realistically intended to work in the same physical location or is it just going to be a bunch of cubicles? Or are you going to have hard drive analysis on one part or are you going to have wireless devices in another part, ballistics in another, right? How are you going to integrate with human resources and other traditional work environment um, components like uh, human resources or accounting or payroll or employee timesheets and things like that? Um, we’re going to talk a lot about auditing because there’s a variety of auditing entities. Have your, someone to come in and evaluate your lab to get it—make sure that it meets all of the international and national um, requirements. Okay, we’ve got uh, actual hardware that’s going to go into the labs, right? So there’s going to be a lot of hard drive consideration. One of the, one of the biggest factors that will go into any sort of laboratory, whether it be a mobile lab or physical lab is space of, of hard drives. Okay, think about it. You’re collecting hard drives routinely, and how many terabytes after terabytes after terabytes can you possibly collect? And what are you going to do with that evidence? Um, are you going to store them on an exact copy or physical duplicate of the hard, hardware that you’ve um, acquired? And if so, you’re going to need it, an inventory of most major drives available or you’re going to put it on a storage area network or something to the effect, right? If you’re going to go mobile the biggest difference between a regular lab and a mobile lab is well, in mobile, everything’s designed to pretty much pack and, and go. All right? And so, speed um, the easability of just getting it in and out. Everything has to have cases, wheeled cases. Um, so it’s gotta be packed and just ready to go. It’s, just think of it like traveling. Just as much as you were to travel versus you living in your house, right? When you live in your house, uh, you’ve got all your stuff there. You could pretty much set it up and have permanent storage, but when you travel everything’s gotta be smaller, um, and broken down. Everything from your shampoos, to your everything, right? Ready to go. Well, forensics labs are no different, okay? If you’re going to take a hard drive and bring it to um, a truck and do some imaging in the back of a truck you need to be prepared to do that, okay? Also, software considerations, how are you going to address things like licensing, open source software, closed software, commercial software, freebee software. And all of the software doesn’t actually meet the actual requirements because remember, we have to do things industry standard. You can’t just wake up and say, hey, we’re going to do something like this one day. So there’s a lot of planning and a lot of thought that goes into actually getting a forensics capability up and running. So we’re going to take each one of these subjects and look at them a little bit more closer. Stick with me. One of the, one of the biggest factors that will go into any sort of laboratory, whether it be a mobile lab or physical lab is space of, of hard drives. Okay, think about it. You’re collecting hard drives routinely, and how many terabytes after terabytes after terabytes can you possibly collect? And what are you going to do with that evidence? Um, are you going to store them on an exact copy or physical duplicate of the hard, hardware that you’ve um, acquired? And if so, you’re going to need it, an inventory of most major drives available or you’re going to put it on a storage area network or something to the effect, right? If you’re going to go mobile the biggest difference between a regular lab and a mobile lab is well, in mobile, everything’s designed to pretty much pack and, and go. All right? And so, speed um, the easability of just getting it in and out. Everything has to have cases, wheeled cases. Um, so it’s gotta be packed and just ready to go. It’s, just think of it like traveling. Just as much as you were to travel versus you living in your house, right? When you live in your house, uh, you’ve got all your stuff there. You could pretty much set it up and have permanent storage, but when you travel everything’s gotta be smaller, um, and broken down. Everything from your shampoos, to your everything, right? Ready to go. Well, forensics labs are no different, okay? If you’re going to take a hard drive and bring it to um, a truck and do some imaging in the back of a truck you need to be prepared to do that, okay? Also, software considerations, how are you going to address things like licensing, open source software, closed software, commercial software, freebee software. And all of the software doesn’t actually meet the actual requirements because remember, we have to do things industry standard. You can’t just wake up and say, hey, we’re going to do something like this one day. So there’s a lot of planning and a lot of thought that goes into actually getting a forensics capability up and running. So we’re going to take each one of these subjects and look at them a little bit more closer. Stick with me. [/toggle_content] Welcome to module 6, Computer Forensics Labs.  This session discusses at length what goes into to setting up a Computer Forensic lab and the amount of pre-thought and pre-planning that’s involved. You’ll learn all the basic budget items such as location, access, licensure, critical decisions such as work location and whether or not it should be separated, its contents, hardware & software, and any special consideration for them in your lab such as static vs. mobile resources. The hands-on demonstrations for Module 6: Computer Forensic Labs include the following:
  • FileMerlin Lab (Part 1)
  • Forensics Labs FileMerlin Lab (Part 2)
  • Forensics Labs Paraben P2 Explorer Lab
Recommended Study Material
Learn on the go.
The app designed for the modern cyber security professional.
Get it on Google Play Get it on the App Store

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel