Surveying
Before building the lab, I needed to survey the current state of the lab. My criteria is based on certain factors. Is there sufficient space to work in? Do they have any equipment that can be reused? Is the lab secured?
A little background: a network administrator built the current lab and has since left for the private sector. Unfortunately, this meant that the lab was no longer being properly maintained. This is where I come in. My job is to update the lab to make it functional and efficient to investigate crimes involving computers, cell phones, PDAs, and other electronic devices.
Compared to the other labs that I have seen, this one is not very big. However, keeping its users in mind, it should be sufficient. So far I have seen one investigator in the lab at any given time. This is probably due to the fact that the current lab only has one analysis machine! In fact, the only forensic software installed is EnCase. Paraben's Email Examiner is on the shelf, but not installed on the computer. There are also three write blockers. Two are FastBloc field edition (external write blocker) and one is a FastBloc lab edition (write blocker that fits in a computer's drive bay). These are all made by Guidance Software. Although they are the largest computer forensic software company, there are other tools that can do other things better. For example, AccessData's Password Recovery Toolkit (PRTK) is a much better tool for cracking passwords.
I will definitely reuse the analysis machines and the write blockers. If they are capable of handling current investigations now, then it is still useful. As far as write blockers, I have used both cheap and expensive ones. Both work as stated, however the cheaper ones have a higher failure rate and feel cheap. The expensive ones are much heavier and made for the field. The manufacturers also stand by their products. Additionally, it may have been tested and proven to work by the National Institute of Standards and Technology (NIST)*. Regardless, you should still do your own tests to make sure your equipment works.
As far as security, it is extremely important that the lab is secured. This is to prevent the possibility of evidence tampering. Although I won't get into the details of the security measures, I will say that there are several defenses to gain access to the room
Post a Comment