110 likes | 280 Views
Source: Nelson, Phillips, Enfinger,
E N D
1. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Chapter 3The Investigator’s Office & Laboratory
2. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Professional Certifications
High-Tech Crime Network (HTCN)
Certified Computer Crime Investigator (Basic & Advanced Level)
Certified Computer Forensic Technician (Basic & Advanced Level)
International Association of Computer Investigative Specialists (IACIS)
Certified Electronic Evidence Collection Specialist (CEECS)
Certified Forensic Computer Examiner (CFCE)
EnCase Certified Examiner (EnCE) Certification
3. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations TEMPEST Shielding
Developed by the U.S. Department of Defense during the Cold War to shield defense contractors from electronic eavesdropping
Electromagnetic Radiation (EMR) from a computer monitor can be picked up as far away as a half mile
A TEMPEST lab has walls, ceiling, floor, and doors lined with specially grounded, conductive metal sheets (typically copper)
TEMPEST labs are expensive to build and require routine inspection & testing to provide greatest protection from electronic eavesdropping
4. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Minimum Computer Forensic Lab Requirements
Small rooms with true floor-to-ceiling walls
Door access with locking mechanism
Keys and combinations limited to authorized users only
Secure container that can be locked (e.g., safe or heavy-duty file cabinet)
Visitor’s log listing all people who have accessed the lab (also date/time of visit & purpose)
5. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Ergonomic Factors
Quality and placement of desks, tables, chairs, & workbenches
Quality & placement of monitors, keyboards, & mice
Size and layout of room
Heating, air-conditioning, & ventilation of room
Amount & placement of lighting
6. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Internet Connectivity
Computer Forensic Workstations should not be connected to the Internet while conducting analysis
Internet connectivity can compromise the system’s security, even if a firewall is used
It is further recommended to not connect your workstation to your WAN while conducting analysis
7. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Scaling Forensic Labs
A typical Fortune 500 company investigates an average of one to two murders a year in which law enforcement seizes evidence from the employee’s work computer
There should be at least one law enforcement computer investigator for every 250,000 people in a geographic region
8. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Evidence Containers
Secure lockers for storing evidence – discourage tampering with / theft of evidence
Should be located on a restricted area
Should remain locked unless under direct supervision
Maintain records on access & limit access to as few people as possible
9. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Special Interest Groups (SIGs)
Groups of people who still use and have expertise in older, outdated systems – can be valuable resource to investigators
Difficult for Computer Forensic Labs (especially smaller labs) to maintain equipment & expertise in outdated systems
For smaller, local police departments, most investigation involves Windows and Apple Macintosh systems
However, the computer forensic investigator should be ready for any system that may be encountered in the field
10. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Disaster Recovery Plan
Disaster Recovery Plans allow labs to recover after a catastrophe (e.g., fire, flood, head crash)
Back-ups are a central component to Disaster Recovery Plans
Back-up copies should be maintained on site & off site
Installations and updates to your forensic workstation should be recorded via Configuration Management
11. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Business Case for a Forensics Lab
A Business Case is a plan used to sell forensic lab services to management or external clients
Business Cases for private industry should focus on reducing legal and monetary liability to the company
Computing investigations can actually improve profits by protecting intellectual property, trade secrets, & strategic plans