1 / 11

Chapter 3 The Investigator s Office Laboratory

Source: Nelson, Phillips, Enfinger,

aviv
Download Presentation

Chapter 3 The Investigator s Office Laboratory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Chapter 3 The Investigator’s Office & Laboratory

    2. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Professional Certifications High-Tech Crime Network (HTCN) Certified Computer Crime Investigator (Basic & Advanced Level) Certified Computer Forensic Technician (Basic & Advanced Level) International Association of Computer Investigative Specialists (IACIS) Certified Electronic Evidence Collection Specialist (CEECS) Certified Forensic Computer Examiner (CFCE) EnCase Certified Examiner (EnCE) Certification

    3. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations TEMPEST Shielding Developed by the U.S. Department of Defense during the Cold War to shield defense contractors from electronic eavesdropping Electromagnetic Radiation (EMR) from a computer monitor can be picked up as far away as a half mile A TEMPEST lab has walls, ceiling, floor, and doors lined with specially grounded, conductive metal sheets (typically copper) TEMPEST labs are expensive to build and require routine inspection & testing to provide greatest protection from electronic eavesdropping

    4. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Minimum Computer Forensic Lab Requirements Small rooms with true floor-to-ceiling walls Door access with locking mechanism Keys and combinations limited to authorized users only Secure container that can be locked (e.g., safe or heavy-duty file cabinet) Visitor’s log listing all people who have accessed the lab (also date/time of visit & purpose)

    5. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Ergonomic Factors Quality and placement of desks, tables, chairs, & workbenches Quality & placement of monitors, keyboards, & mice Size and layout of room Heating, air-conditioning, & ventilation of room Amount & placement of lighting

    6. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Internet Connectivity Computer Forensic Workstations should not be connected to the Internet while conducting analysis Internet connectivity can compromise the system’s security, even if a firewall is used It is further recommended to not connect your workstation to your WAN while conducting analysis

    7. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Scaling Forensic Labs A typical Fortune 500 company investigates an average of one to two murders a year in which law enforcement seizes evidence from the employee’s work computer There should be at least one law enforcement computer investigator for every 250,000 people in a geographic region

    8. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Evidence Containers Secure lockers for storing evidence – discourage tampering with / theft of evidence Should be located on a restricted area Should remain locked unless under direct supervision Maintain records on access & limit access to as few people as possible

    9. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Special Interest Groups (SIGs) Groups of people who still use and have expertise in older, outdated systems – can be valuable resource to investigators Difficult for Computer Forensic Labs (especially smaller labs) to maintain equipment & expertise in outdated systems For smaller, local police departments, most investigation involves Windows and Apple Macintosh systems However, the computer forensic investigator should be ready for any system that may be encountered in the field

    10. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Disaster Recovery Plan Disaster Recovery Plans allow labs to recover after a catastrophe (e.g., fire, flood, head crash) Back-ups are a central component to Disaster Recovery Plans Back-up copies should be maintained on site & off site Installations and updates to your forensic workstation should be recorded via Configuration Management

    11. Source: Nelson, Phillips, Enfinger, & Steuart - Guide to Computer Forensics and Investigations Business Case for a Forensics Lab A Business Case is a plan used to sell forensic lab services to management or external clients Business Cases for private industry should focus on reducing legal and monetary liability to the company Computing investigations can actually improve profits by protecting intellectual property, trade secrets, & strategic plans

More Related