|
|
|
Computer Forensics World
Computer Forensic Lab
There are five key areas to consider
in building a forensic laboratory for your
organization. They include:
1. Facilities
2. Configuration
3.
Equipment
4.
Software
5. Reference materials
Facilities
Let's first tackle the facilities as they
relate to creating a secured environment.
Our objective is to prevent unauthorized
access, which could lead to questions about
the chain of custody of our evidence. The
environment we are trying to create is every
bit as sterile and controlled as a medical
laboratory (though it may not be as clean).
In some ways it is just as important. because
the information coming from the lab will
be used to decide liability or possibly
the guilty or innocence of a person or corporation.
Configuration
Once the facility has been secured, we can
design the room configuration to maximize
our efforts. Let's talk a little about the
furniture and furnishing that a laboratory
should have. The list might include: Desktops,
with plenty of room to disassemble a computer
on
Bookcases for your library,
to include reference material and software
Evidence safe or locker, large enough to
store media such as hard drives, tapes,
CD-ROMs, etc.
LAN and server stations, to establish network
or launch multiple jobs
Storage shelves, for equipment not in use
Equipment and Software
(see
Forensic Equipment
and
Forensic Software
Page for Listings)
How you equip your laboratory will
depend on a number of things, such as the
types of operating systems you will use,
size of storage capacity, tape media used,
and even what type of forensic analysis
might be carried out.
Some items will need to be purchased
for each forensic practitioner and others
can be shared. I do not include the individual
personal computer, which should be used
to write correspondence, reports, or even
check e-mail.
Most organizations want to use the same
computer to complete forensic examinations
and for individual use. There are a number
of reasons why I do not recommend it, but
I will give you just three. First, while
running resource intensive forensic programs,
the use of the computer for other purposes
(dependent on type of use) will steal cycles
from the CPU and degrade performance of
the application. Second, individuals almost
certainly want to check e-mail and use the
Internet to research topics, which inevitably
means Internet network connectivity and
network security issues. Finally, in an
effort to keep the hard drive sterile, you
will want to keep
Reference Materials
One of the most important resources for
your laboratory is to have a good library
The software you collected above will help
fill out your library very nicely. You will,
however, want to have a good source of reference
material at your fingertips when you need
answers. You can supplement it in any way
that you would like.
Prepared By WestNet
Computer Forensic
Services
|
