What equipment is required in a Computer Forensic Lab to process evidence correc

Question

What equipment is required in a Computer Forensic Lab to process evidence correctly?Evaluate the equipment needed and review the article links below.

1) Laptop (Hardware devices)

2) Server (Hardware devices)

3) Smartphone power connector cable

4) SCSI Cables/Connectors

5) Write-blocker

6) Software Applications

http://www.computerworld.com/article/2526019/security0/how-to-build-your-own-digital-forensics-lab--cheap.html

https://securityintelligence.com/is-your-computer-forensic-laboratory-designed-appropriately/

Please, nothing handwritten due to poor eyesight. also please for the love of all that's holy please check spelling and grammar. If no one can read or understand the answer then it defeats the purpose.

Explanation / Answer

While many organizations have limited computer forensic capacity, current trending will integrate the organizational structure into an essential component in their overall security system response program. Laboratories conducting these services are expensive and cost effective for computer forensic investigations and support activities. Effective and eficiant investigation establishes and maintains a computer forensic laboratory. It supports and encourages the latter part of the investigation process.

Design consideration can support computer forensic investigation process, ultimately money, time, productivity and process efficiency, in relation to accurate planning and preparation. A computer forensic laboratory is proof of individual design needs of their walls. However, there are many design problems, considerations and trade offices that every institution should consider. Following are general design requirements applicable to almost all Forensic Laboratories.

Computer Forensics Lab Equipments:

Forensic Tower: To activate Parallel Forensic Technology, the lab must have a centralized Forensic Tower which provides data duplication, parallel analysis, operating systems emulation and integration with some forensic analysis software. The forensic tower is a very rich asset in the forensic lab. For example, it is write blocked by default which makes it an all-in-one solution.

Forensic Toolkit: It is a comprehensive mobile toolkit which contains everything needed to perform a complete Forensic Acquisition such as Write Blockers, wipers, Hard Drive Duplicators, Power Adapters, imaging hardware… etc. The computer forensic examiner needs a hardware write blocker to avoid any altering in the main evidence. The write blocker has many connection types such as USB, FireWire, SATA and IDE.

Hard Disk Duplicators: The hard disk duplicator copies the source hard disk which contain evidence to another hard disk or more. In some cases, the speed during the imaging process is critical. The hard disk duplicator speed is between 4 GB to 9 GB per minute. In addition, some duplicators copy to more than one hard disk at a time.

Mobile Devices and chargers: The examiner must have various cables and chargers for Mobile Devices. This area can be further elaborated in another article about mobile forensic devices especially Paraben which has very attractive products.

Password Recovery tools: Regular users can use any software for password recovery but when it comes to professionals, the matter is totally different. There are a lot of hardware devices from various providers to recover passwords from encrypted files using dictionary and bruteforce attack methods. Also you must have a DNA (Distributed Network Attack) application if you need to use the power of machines across the network.

Data Recovery: In Forensic labs, it is preferred to have hardware for data recovery which can fix the bad sectors that were partially corrupted and cannot be imaged through normal software. It can bypass the operating system or the bios if it tries to prevent you from imaging the corrupted data thus you will reduce the time and effort when using Data Recovery Hardware.

Wipers: If you need to use the same hard disk in another forensic case you must wipe the data using wipers (Software or Hardware) to erase the all data from hard disk media.

Spare Parts: The forensic lab must have spare RAM, network cards, hard disks, CD/DVD writers, removable memory and different types of cables.

Forensic Software: In real world, the examiner must have a deep knowledge in one of the most widely known software in computer forensic world such as Forensic Toolkit (FTK) or Encase   Forensic. The latest versions for FTK and for Encase

Network: Examiners will need access to the Internet to research information they find during examinations. Since security and privacy issues are a large part of any investigation, the network connection should be as direct to the point of presence as possible. There are two main concerns:

It may be possible for employees or insiders to sniff the network traffic and gain information from the investigation while the examiner is using the Internet.

Examiners may need access to websites or resources that are blocked by the firewall or Web-filtering software, or that trigger alerts on the network. The easiest way to ensure privacy and eliminate false alarms is to install a dedicated line.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.