-
Step 1
Consider the type and scope of the computer forensics investigations that you will be conducting. If you are going to be doing limited internal investigations for a company, then you can conduct all operations from a single computer. If your investigative efforts will be external on a variety of case types, then you will want to consider purchasing several computers for independent task assignment. When choosing your computer, pick a name brand that can have its RAM expanded, and comes with at least the minimum recommended for the Operating System. Windows Vista computers should have a minimum of 3GB of RAM installed.
-
Step 2
Acquire a portable hard drive that is at least 120GB in size. Qualities to look for are a USB 2.0 compatible drive that will be able to copy an entire hard drive image to the drive while being powered by the computer's USB connection.
-
Step 3
Download and install the Forensic Toolkit Products forensic toolkit, Mobile Phone Examiner and Password Recovery Toolkit listed in the resources section of this article. The forensic toolkit will allow you to review and search the hard drive image you save to your portable hard drive. The Mobile Phone examiner will allow you to pull call and SMS text history, and the Password Recovery tool will allow you to break less secure passwords discovered during your investigation.
-
Step 4
Download and install read/write blocking software to your computer from the uniform resource locator listed in the resources of this article. This will prevent Windows from writing to the hard drive that has your evidence, which will permit your investigation to withstand scrutiny from the court.
