"Forensic Labs and Certification"

migzs

cis562_w2_p2.ppt

Home >Information Systems homework help >"Forensic Labs and Certification"

Computer Forensics Planning
CIS562

The Investigator’s Office and Laboratory

Welcome Computer Forensics Planning.

In this lesson, we will discuss The Investigator’s Office and Laboratory.

Next slide.

Topics

Understanding Forensics Lab Certification Requirements
Determining The Physical Requirements For a Computer Forensics Lab
Selecting a Basic Forensics Workstation
Building a Business Case For Developing a Forensics Lab

The following topics will be covered in this lesson:

Understanding Forensics Lab Certification Requirements;

Determining The Physical Requirements For a Computer Forensics Lab;

Selecting a Basic Forensics Workstation; and

Building a Business Case For Developing a Forensics Lab.

Next slide.

Understanding Forensics Lab Certification Requirements

Computer Forensics Lab

Forensics Investigation

Guidelines and Certification

Lab Manager

Staff Members

Budgeting

The computer forensics lab is where the computer forensics investigator conducts investigations, stores evidence, and does most of the work required to successfully conclude the investigation. The American Society of Crime Laboratory Directors offers guidelines for managing a forensics lab and acquiring an official crime lab certification.

The computer forensics lab manager job includes performing certain tasks which include setting up goals, schedules, staff duties, and responsibilities as well as assigning cases to the lab staff members and knowing when to expect preliminary and final reports.

Staff members are responsible for their knowledge and appropriate training to perform their tasks. They should be aware of new technologies and look for training programs that can help them develop on a professional level.

The computer forensic lab budget is broken down into daily, quarterly, and annual expenses. Use past investigation expenses to extrapolate expected future costs. Different expenses that should be considered when planning a lab budget such are:

Hardware;

Software;

Facility space;

Trained personnel; and

Changes in technology.

The lab manager is responsible for planning the lab budget.

Next slide.

Understanding Forensics Lab Certification Requirements, Continued

Computer Forensics Lab Certification

Credibility

Expensive

Hard to Get

Certification Organizations

Having the appropriate certification and training will enable the computer forensics lab to yield credible and reliable investigations that will yield conclusive and trusted evidence. You may encounter problems and obstacles when getting a certification, which includes expenses and certification requirements being hard to meet. Nevertheless, acquiring such certification is crucial.

Some of the most well-known certification programs and organizations, include:

International Association of Computer Investigative Specialists;

High-Tech Crime Network;

AccessData Certified Examiner Certification;

High Technology Crime Investigation Association; and

SysAdmin, Audit, Network, Security Institute.

Next slide.

Check Your Understanding #1

Determining The Physical Requirements For a Computer Forensics Lab

Inventory Control
Safe and Secured
Small Rooms
Restricted Access
Secured Safe
Visitor’s Log
Access Control

Most of the investigative process is performed at a computer forensics lab. Therefore, the lab should provide a safe and secure physical environment for you and your evidence. As with any other lab, you should perform inventory controls of your assets. This will help you know when you need to re-order lab supplies. The following are the minimum requirements for a lab:

Small room with true floor-to-ceiling walls;

Door access with a locking mechanism;

Secure container, such as a safe or heavy-duty file cabinet with a quality padlock;

Visitor’s log listing all people who have accessed your lab; and

Authority and access levels control.

A forensics lab is a secure facility with special security requirements oriented to preserve the integrity of the evidence data and the work done there.

Next slide.

Determining The Physical Requirements For a Computer Forensics Lab, Continued

High-Risk Investigations
Evidence Containers
Combination Locking System
Keyed Padlock

High-risk investigations cannot be conducted in regular forensics lab facilities. Computers emanates electromagnetic radiation that can be picked up by specialized devices up to half-a-mile away, allowing attackers to know exactly what you are doing with your workstation. Therefore, the use of low-emanation workstations is highly recommended.

An evidence container is where evidence is stored such as a computer, a safe, or a cabinet, and must be secure to prevent unauthorized access to the evidence. Security recommendations include:

Restricted area;

Minimum number of authorized people to access the container; and

Always lock the container when not in use.

Some of the practices to follow if a combination locking system is used, include:

Provide the same level of security for the combination as for the container’s contents;

Destroy any previous combinations after setting up a new combination;

Allow only authorized personnel to change lock combinations; and

Change the combination every six months or when required.

Next slide.

Determining The Physical Requirements For a Computer Forensics Lab, Continued

Keyed Padlock
Made of Steel
Built-In
Media Safe
Evidence Log

When using the keyed padlock mechanism, the following recommendations apply:

Appoint a key custodian;

Stamp sequential numbers on each duplicate key;

Maintain a registry listing which key is assigned to which authorized person;

Conduct a monthly audit;

Take an inventory of all keys;

Place keys in a lockable container;

Maintain the same level of security for keys as for evidence containers; and

Change locks and keys annually.

An evidence container should be made of steel with an internal cabinet or external padlock. The convenience of having a built-in evidence storage room on your lab and the security are measures that you should follow when building and managing it. Other recommendations are buying a media safe and keeping an updated evidence log.

Next slide.

Selecting a Basic Forensics Workstation

Considerations
Budget
Need
Private Labs
Easier to Setup
Homogenous Environment
Hardware

Computer forensics workstations should be selected according to your budget and need. Their use also depends on the tasks you have to do. For example, selecting workstations for private and corporate labs is usually easier than for police labs since you deal with a more homogenous environment where you know exactly what kind of hardware and software platform are being used so you can plan your lab accordingly.

Certain hardware items you should have in your lab besides workstations and software, include:

IDE cables;

Ribbon cables for floppy disks;

SCSI cards, preferably ultra-wide;

Graphics cards, both PCI and AGP types;

Power cords;

Hard disk drives; and

Computer hand tools.

Next slide.

Selecting a Basic Forensics Workstation, Continued

Considerations, continued
Operating Systems
Software
Disaster Recovery

Computer forensics workstations should be equipped with a wide range of operating systems such as multiple release of Microsoft Windows, Apple Mac, and Linux. The workstation should also include essential software packages which include:

Microsoft Office 2007, XP, 2003, 2000, 97, and 95;

Quicken;

Programming languages such as Visual Basic, Java, and C++;

Specialized viewers;

Corel Office Suite;

StarOffice/OpenOffice; and

Peachtree accounting applications.

It is crucial to have a reliable and comprehensive disaster recovery plan for the forensic workstation. This plan includes:

Recovering from catastrophic situations such as natural disasters, power outages, fire, etc.

Severe virus infection;

Workstation reconfigurations;

Backup policies and tools for single disks and RAID servers; and

Configuration management tools to keep track of software updates.

Next slide.

Building a Business Case For Developing a Forensics Lab

Cost Vs. Profits
Business Case

Planning

Several Stages

The best way to get approval for purchases is by showing that at the end, the investment in a forensic lab workstation will reduce costs and increase profits. For example, forensic investigations can help the organization in reducing its litigation costs and establish a better protection level for intellectual property, trade secrets, and future business plans.

Developing a business case for the development of a forensics lab include going through the different stages you need to follow when preparing a such case. These stages include:

Justification and feasibility;

Budget planning development;

Facility cost which include:

Computer hardware requirements;

Software requirements;

Miscellaneous costs;

Approval and acquisition;

Implementation;

Acceptance testing;

Correction for acceptance; and

Production.

It is important to remember that the better you plan for your case, the more likely it will be accepted and funded.

Next slide.

Check Your Understanding #2

Summary

Understanding Forensics Lab Certification Requirements
Determining The Physical Requirements For a Computer Forensics Lab
Selecting a Basic Forensics Workstation
Building a Business Case For Developing a Forensics Lab

We have reached the end of this lesson. Let’s take a look at what we’ve covered.

We began by discussing the computer forensics lab where the computer forensics investigator conducts investigations, stores evidence, and does most of the work required to successfully conclude the investigation. We indicated that the computer forensics lab manager job includes performing certain tasks which include setting up goals, schedules, staff duties, and responsibilities as well as assigning cases to the lab staff members and knowing when to expect preliminary and final reports. Staff members are responsible for their knowledge and appropriate training to perform their tasks.

We stressed the importance of having the appropriate certification and training which will enable the computer forensics lab to yield credible and reliable investigations that will yield conclusive and trusted evidence.

Next we discussed the subject of Determining The Physical Requirements For a Computer Forensics Lab. We indicated that most of the investigative process is performed at a computer forensics lab. Therefore, the lab should provide a safe and secure physical environment for you and your evidence. We also indicated that High-risk investigations cannot be conducted in regular forensics lab facilities. The use of low-emanation workstations is highly recommended. We also discussed the concept of an evidence container is where evidence is stored such as a computer, a safe, or a cabinet, and must be secure to prevent unauthorized access to the evidence.

Next we discussed the subject of Selecting a Basic Forensics Workstation. We indicated that the computer forensics workstations should be selected according to your budget and need. We stressed that such workstation should be equipped with a wide range of different operating systems, software packages, and tools that will be needed to conclude successful investigations.

Finally, we discussed the subject of Building a Business Case For Developing a Forensics Lab. We indicated that the best way to get approval for purchases is by showing that at the end, the investment in a forensic lab workstation will reduce costs and increase profits. For example, forensic investigations can help the organization in reducing its litigation costs and establishing a better protection level for intellectual property, trade secrets, and future business plans.

This completes this lesson.

PROPERTIES

On passing, 'Finish' button: Goes to Next SlideOn failing, 'Finish' button: Goes to Next SlideAllow user to leave quiz: At any timeUser may view slides after quiz: At any timeUser may attempt quiz: Unlimited times

PROPERTIES