Computer Forensic Lab
There are five key areas to consider in building a forensic laboratory for your organization. They include:
1. Facilities
2. Configuration
3. Equipment
4. Software
5. Reference materials
Facilities
Let's first tackle the facilities as they relate to creating a secured environment. Our objective is to prevent unauthorized access, which could lead to questions about the chain of custody of our evidence. The environment we are trying to create is every bit as sterile and controlled as a medical laboratory (though it may not be as clean). In some ways it is just as important. because the information coming from the lab will be used to decide liability or possibly the guilty or innocence of a person or corporation.
Configuration
Once the facility has been secured, we can design the room configuration to maximize our efforts. Let's talk a little about the furniture and furnishing that a laboratory should have. The list might include: Desktops, with plenty of room to disassemble a computer on
Bookcases for your library, to include reference material and software
Evidence safe or locker, large enough to store media such as hard drives, tapes, CD-ROMs, etc.
LAN and server stations, to establish network or launch multiple jobs
Storage shelves, for equipment not in use
Equipment and Software (see Forensic Equipment and Forensic Software Page for Listings)
How you equip your laboratory will depend on a number of things, such as the types of operating systems you will use, size of storage capacity, tape media used, and even what type of forensic analysis might be carried out.
Some items will need to be purchased for each forensic practitioner and others can be shared. I do not include the individual personal computer, which should be used to write correspondence, reports, or even check e-mail.
Most organizations want to use the same computer to complete forensic examinations and for individual use. There are a number of reasons why I do not recommend it, but I will give you just three. First, while running resource intensive forensic programs, the use of the computer for other purposes (dependent on type of use) will steal cycles from the CPU and degrade performance of the application. Second, individuals almost certainly want to check e-mail and use the Internet to research topics, which inevitably means Internet network connectivity and network security issues. Finally, in an effort to keep the hard drive sterile, you will want to keep
Reference Materials
One of the most important resources for your laboratory is to have a good library The software you collected above will help fill out your library very nicely. You will, however, want to have a good source of reference material at your fingertips when you need answers. You can supplement it in any way that you would like.
Prepared By WestNet Computer Forensic Services