How to Set Up a Computer Forensics Lab
Computer forensics laboratories are tightly controlled areas for various levels of computer examination. Professional computer forensic examiners divide computer forensics labs into two domains: active-system analysis and static media examination. Active-system analysis deals with forensic information, user activity and log reports based off an actively running operating system stored in volatile memory: erased on shutdown or restart. Static media examinations focus on removable flash drives, external and internal hard disks and other types of storage media that persists after a computer is shut down. Comprehensive forensic laboratories situate both of these capabilities in a collaborative environment to gather the whole picture of host activity.
Other People Are Reading
Things You'll Need
- Office space
- Clean desks
- Desk chairs
- Desk lighting
- Computers for forensic analysis
- 2 or more blank hard drives
- Forensic analysis software
- Hard drive cables
- Computer hardware toolkit
Instructions
-
-
1
Design your forensic laboratory layout. Partition the room into three sections --- one for volatile memory data analysis, static media duplication and archival, and static media analysis. Set up network and Internet connections so that all forensic analysis computers and data archives are networked together for ease of access. Ensure the layout of the room is conducive to a logical flow of the forensic process: data preservation, capture, verification and analysis.
-
2
Install physical access control devices and appropriate safety systems. Forensic laboratories must be secured against unauthorized access with tools such as conventional locks, security systems and surveillance cameras. Depending on the scope of the forensic facility, adequate cooling, fire-suppression and carbon monoxide detection systems should also be in place as necessary to maintain examiner and hardware safety.
-
-
3
Set up forensic workstations and computers. Clear all clutter and unnecessary dust and grime from workstations, as these can cause damage to physical media and target systems. Do not bring liquids or strong magnetic materials into your computer forensic laboratory; these are major contributors in data loss or electrical shorts. Connect your forensic analysis computers to the network, and install appropriate forensic and security software. Ensure your network is behind a firewall to prevent hacker attacks.
-
4
Install blank forensic hard drives at your static media capture and archive area. Connect the drives to the computer workstation and set aside to prevent damage. After each analysis, ensure the drive storage is reformatted to provide forensic integrity for the next analysis. Ensure forensic workstation areas have ample space for target computers and media to be placed.
-
5
Test your workstations, computer systems, network and forensic analysis hard drives for ease of use and proper setup. Simulate real forensic recovery operations on old hard drives or current systems. Follow all steps of your forensic analysis methodically, and test the layout of the laboratory for proper flow. Pay close attention to the layout of each workstation and make necessary modifications to keep the areas open, free from clutter or debris and conducive to careful forensic analysis.
-
1
Tips & Warnings
Forensic workstations need free space for unrestricted access to hardware and to route/connect appropriate cables to target systems.
Always obtain permission from the owner or administrator before conducting forensic analysis of any computer system.
References
- Photo Credit centre technique d'une chaine de télévision image by mattmatt73 from Fotolia.com
More Like This
Comments
-
Best forum ever for IT.
