Skip to main content

Setting up Computer Forensics Lab

A Computer Forensics Lab (CFL) is a designated location for conducting computer-based investigation of the collected evidence in order to solve the case and find the culprit. The lab houses the instruments, software and hardware tools, suspect media, and the forensic workstations required to perform investigation of all types.

Setting up a forensics lab includes: Planning and budgeting

Before planning and evaluating the budget for the forensic investigation case, consider the following:

  •     Break down costs into daily and annual expenditure
  •     Refer to the investigation expenses in the past
  •     Be aware of updated technology
  •     Use of statistics to obtain an idea about the computer crimes that are more likely to occur

Physical location and structural design considerations
  •     Make sure the lab room is secured
  •     Heavy construction materials need to be used
  •     Make sure lab exteriors have no windows
  •     Ensure that computer systems are facing away from windows
  •     Consider the room size and ventilation
  •   Consider the room’s temperature and the number of workstations the room can occupy
Work area considerations

The lab area can affect its productivity. A lab has to include a workspace for every examiner. Consider the following for the examiner workspaces:

  •     Examiner station requires an area of about 50-63 square feet
  •     The workplace requires a table that is big enough to examine a physical computer
  •    The forensic workstation requires a large enough space for additional equipment like note pads, printers, etc.
Human resource considerations

All the examiners, technicians, and admins need to have certification and experience in their respective fields.

Physical security recommendations
  •     The room must be small with good flooring and ceiling
  •     The door must have a strong locking system
  •     The room must have a secure container like a safe or file cabinet
  •     Visitor Logs must be maintained Forensics lab licensing

Forensics labs should have licensing from the concerned authorities to be trustworthy. The authorities provide these licenses after reviewing the lab and the facilities it has for performing the investigation. Some such licenses include:
  •     ASCLD/LAB Accreditation
  •     ISO/IEC 17025 Accreditation
Planning and Budgeting

1. Planning for a Forensics Lab

The planning of a forensics lab includes the following:

1. Types of investigations being conducted: Choose the types of crimes the lab needs to investigate based on the crime statistics of the previous year and the expected trend, e.g., criminal, civil, or corporate. If the investigation is for a corporation, then decide if it MI be only internal or both internal and external. This will help in allocation of physical resources as well as

2. Forensic and non-forensic workstations requirement: The forensics lab should have both forensics and non-forensics workstations for investigative purposes. There should be ample space to disassemble the workstation if the need arises during the investigative process.

3. Space occupied, equipment required, UPS and power supplies, etc.: A power failure during an investigative process will prove costly for the investigator. The need for an uninterrupted power supply is a preventive measure, and the lab should have separate backup power generators. Ensure installation of stabilizers and proper maintenance of the electrical connections, as any fluctuations in voltage may also disrupt the power supply or damage equipment.

4. Reference Material: During the course of the investigation, investigators may need to access reference materials including books and digital books for assistance. Bookracks in a forensics lab are necessary to store all the required reference books, articles, and magazines. Racks help keep desks uncluttered, giving investigators more space to work.

5. Necessary software: Ensure use of licensed versions of all the software required for the computer forensics investigation at any time during the investigation. Demo versions of forensics software are not preferable as they offer limited functionality. Having licensed versions also helps investigators during a trial. Use a demo version if and only if it provides full functionality,

6. Safe locker and storage shelf: A safe locker large enough to store equipment required for the forensics investigation should be available in the lab. This can help in categorizing the equipment stored on the rack, helping the investigator to locate the necessary equipment during the investigation. Safe lockers are also a means to keep equipment safe and protect them from wear and tear, dust, and other foreign particles that may hamper

7. LAN and Internet connectivity: To share information among forensics workstations or to do multiple tasks, a LAN is required. The LAN and Internet connectivity are required to perform a forensic investigation of remote networks.

8. Storage shelves for unused equipment: Keep the unused equipment on storage shelves away from the main working area for the following reasons:

  •     To keep the forensics lab clean, tidy and to avoid unnecessary confusion amidst the large amount of forensic digital equipment in the lab
  •     Makes finding a particular lab equipment easy
  •     The forensics lab contains sensitive equipment that can have a significant impact if altered, such as magnetic and electrostatic devices
  •     Number of investigators/examiners to be involved: The number of investigators needed depends on the forensics case. Firing trained and certified professionals is important for performing proper investigations.
2. Budget Allocation for a Forensics Lab

Budget allocation for developing a forensics laboratory depends on the total estimated cost needed to meet the accreditation standards of a standardized body that certifies labs. In the area of forensic science, the American Society of Crime Laboratory Directors acts as a certifying body for crime labs. This standard also applies to computer forensics laboratories.

Allocate a yearly budget based on the previous year’s statistics as well as estimated future trends for the next year. This includes the number of cases handled, the training required for staff, upgrading hardware and software tools in the lab, additional equipment required for enhancing the security of the lab premises, renovation of the lab, recruitment of additional certified personnel if needed, and many other deciding factors.

Cybercrime statistics can reveal the nature of the damage done and the tools used to commit the crime as well as the affected elements in the networked world, Purchase the necessary specialized software needed to investigate a particular crime. Forensics lab requirements are difficult to estimate, as the requirements change according to type of case and evidence. However, over a period, the forensics lab would become well equipped and self-sufficient, with all the technologies available that are necessary to handle the investigation.

Questions related to this topic

  1.     What are the investigative procedures involving computer forensics?
  2.     What is computer forensics and how is it used in investigations?
  3.     Which tool is needed for a computer forensics job?
  4.     What are the three best forensic tools?

Which one of the following is the correct flow for Setting Up a Computer Forensics Lab?

A. Planning and budgeting –> Physical location and structural design considerations –> Work area Forensics lab licensing
B. Planning and budgeting –> Physical location and structural design considerations–> Forensics lab
licensing –> Human resource considerations –> Work area considerations –> Physical security
recommendations
C. Planning and budgeting –> Forensics lab licensing –> Physical location and structural design
considerations –> Work area considerations –> Physical security recommendations –> Human
resource considerations
D. Planning and budgeting –> Physical location and structural design considerations –> Forensics lab
licensing –>Work area considerations –> Human resource considerations –> Physical security
recommendations

Correct Answer: A



source:www.info-savvy.com

Comments

Post a Comment

Popular posts from this blog

Python OOPs Concepts: Using Variables and Methods

  Types of Variables in OOPs Python   Instance Variable Static Variable Local Variable   Object Level Variables Class Level Variables Method Level Variables When to use: For Every Object if you want Separate copy, use Instance Variables For all object one copy is required, use static variables Inside method, Just used for temporary requirement Where to Declare Inside the constructor method (in general) Within the class directly, outside of methods (in general)   Within the method only. How to Declare Within the constructor: Instance variables can be declared within the constructor method using the self .   Using default values : Instance variables can be assigned default values during initialization.   Outside the class: use object name.   · ...
1 comment
Read more

Polymorphism: Method Overloading vs Method Overriding

  Method Overloading In object-oriented programming languages, method overloading enables a class to have several methods with the same name but different parameters. However, in Python, method overloading is not directly supported as opposed to languages such as Java or C++. This is because Python allows developers to define default arguments for their methods and pass arguments of any type to a method. This flexibility allows a single method to handle various types of arguments, eliminating the need for overloading.   However, there is a way to simulate method overloading in Python by using default argument values or variable length arguments and conditional statements. Here's an example: Program using default arguments:       Program using variable length arguments:   Multiple methods with Same Name: When we define multiple methods with same name, Python will consider the last defined method only. Python will not support method overload...
Post a Comment
Read more

Is Li-Fi Better than Wi-Fi?

Li-Fi  ( light fidelity )  is a bidirectional wireless system that transmit data to the devices like mobiles, laptop, etc., via infrared light or LED. The device has a receiver to pick up light signals and a transmitter to send light signal back to the lamp using infrared light or LED. It was first unveiled in 2011 and, unlike Wi-Fi, which uses radio frequency, Li-Fi technology only needs a light source with a chip to transmit an internet signal through light waves. Light fidelity (LiFi) is a faster, more secure and efficient wireless connection that uses light waves to transmit data Li-Fi technology still has a long way to go before worldwide adoption but every year, we are getting nearer to enjoying it for ourselves. The future surely looks bright with LiFi. How LiFi Works? LiFi makes use of visible light through overhead lighting for the transmission of data. This is possible through the use of a Visible Light Communications (VLC) system for data transmission. A VLC system ...
1 comment
Read more