Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data. With roots in the personal computing revolution of the late 1970s and early ?80s, the discipline evolved in a haphazard manner during the 1990s, and it was not until the early 21st century that national policies emerged.? Digital forensics investigations have a variety of applications. The most common is to support or refute a hypothesis before criminal or civil (as part of the electronic discovery process) courts. Forensics may also feature in the private sector; such as during internal corporate investigations or intrusion investigation (a specialist probe into the nature and extent of an unauthorized network intrusion).
This proposal will include several sections that are based off of the following analysis. To create a forensics laboratory from the ground up will require our team to meet several criteria, which include the following:
- Building of Ownership
- Technical Equipment
- National Certification and Accreditation
- Personnel required to maintain and operate the lab
- Legal requirements
- Operation use
Digital forensics labs and proper government accreditation and certification are extremely important. To maintain proper accreditation, the American Society of Crime Laboratory Directors/Laboratory Accreditation Board provides a methodical, linear system that offers accreditation under a series or voluntary programs. These programs are designed to demonstrate that our management, personnel, quality, systems, operational and technical procedures, equipment, and physical facilities meet established standards.
In the ASCLD/LAB-International accreditation program, the assigned lead assessor will complete an initial document review of the laboratory?s management system, using the conformance file and related documents, for the purpose of determining, to the extent possible, the laboratory?s conformance with numerous accreditation requirements for policies, procedures, manuals, and program.
There are some critical and sensitive considerations that must be made with regards to the environmental aspect of its security, confidentiality, availability and the preservation of integrity. Because such a lab would be equipped with sensitive data, reports, and evidence in the form of hardware and software being stored, processed, and analyzed for full admissibility in court, ensuring that such evidence remains tamper free is key and essential to gaining full trust, confidence, and approval of the court system, and full chain of custody was properly maintained. To safeguard such a facility, a strategy of defense in depth needs to be established hindering an attacker as much as possible with layers of multiple defenses, even though each layer might be surmountable. The most significant thing is that valuable assets are protected behind these layers of defense.
Physically the lab should be as such that the environment is safe and secure to conduct laboratory testing as needed and fit under the strict rules and regulations. Employees or visitors, who does not have the rights to be in a physical location of the lab or privy to certain classified information, should not have access to that area, and therefore should not be given the clearance level or the authentication. To ensure all of this is fully implemented, laboratory management must adopt rules, regulations, and policies that would be clearly stated for the staff to follow. Such training would also hold staff responsible for divulging from the normal tradition of secrecy or on a need to know basis within the laboratory and with outside competitors or as far as sabotaging evidence due to dissatisfaction. The training would be conducted and everyone would be briefed on the awareness of such policies by signing documents to acknowledge training and be held accountable when it is broken. The benefit derivable from human resource development and training is so huge that no investment of consideration seems to be complete without making a substantive allowance for development and staff training.
Since this laboratory is going to be handling sensitive and classified data for forensic examination, it is imperative that the facility internally as well as externally install closed circuit television (CCTV) and video surveillance equipment for twenty four hour monitoring to ensure no one illegally enters without ever being noticed. On the inside of the laboratory, every door should be fitted with a cipher lock and only those authorized have the combination for entry and they must never share this combination with anyone for any reason, cipher locks must be given the same considerations as that of passwords. The perimeter of the property should be fenced in combination with barbed wire to make it extremely difficult for anyone to scale the property.
Two particular hardware of interest that must be outfitted on all computers to ensure safe authentication and authorization of computing are the multifactor authentication mechanism where more than one means of security is added. Biometrics, which is a very attractive option due to its unique ability to identify individuals? physical and behavioral traits that typically remain the same from birth and beyond, basically, something that is unique to the individual. For example, their facial features, hand geometry, irises and fingerprints. This type of authentication guarantees reliability, availability and affordability for a very safe and secure computing environment.
Smart Cards, Passive Proximity and Active Proximity Cards can also be used as a multifactor authentication mechanism. They all provide a wide variety of advantages and flexibility to the user. They can be used as an employee ID badge, for accessing the building and for logging onto the network that would eventually be running the forensics laboratory. Passive Proximity Cards operate as an employee ID badge and for accessing the lab. Such cards are waved near a card reader, which powers it up and reads back data from the card to authenticate the cardholder?s identity. The Active Proximity card is worn by the individual at all times while logged onto his or her computer. The minute time he or she steps away from the machine, the communication is broken with the receiver?s workstation and the machine is automatically locked, as a result, ensuring complete access control.
The achievement of a good digital forensics investigation, leading to the admissibility and the sufficiency of the evidence in the courtroom highly relies on the quality of equipment supplied to the lab environment. The evidence must be authentic, accurate, and complete. Its admissibility means that it is relevant to the case being tried, it has been procured when in plain view or using a search warrant, and it has been preserved with an updated chain of custody.
The lab must have forensics workstations that will be designed to make copies of the original source and proceed with the examination of the evidence. There must also be computer forensics acquisition tools and computer forensics analysis tools. Various configurations of computers to handle diverse investigation are necessary. For example, the hardware part will cover stationary workstation ? A tower with several bays and many peripheral devices, a portable workstation ? a laptop computer with a built-in LCD monitor and almost as many bays and peripherals as the stationary workstation, a lightweight station ? usually a laptop computer built-in into a carrying case with a small selection of peripheral options. These advanced forensic workstations, forensic computers examination stations and portable units constitute the backbone of the lab?s structure.
A complete and well equipped computer forensics lab guarantees successful technical achievements for the digital forensics investigator. In order to have these achievements to be effective, the lab must be furnished or supplied with the necessary equipments. This equipment must meet the requirements and realities of all types of computer environments. There should be regular computers that are capable of handling scenarios from different types of physical and logical platforms. Workstations need to have adequate memory, storage, and ports, as there must be one running under a Windows platform, another one running UNIX/Linux system, and finally a last one running under the Mac OS platform.
When considering the software that will be required, it is both important to consider if the lab will be mobile, permanent, or a combination of both as well as the physical hardware solutions. With any start-up cost and operating budget therefore; the following questions are to be asked and answered.
- How many individuals assigned?
- What is the type of hardware and operating systems?
- What is the anticipated volume of work?
- What Federal, State, and Local laws are applicable?
While there are other factors to take into consideration, these answers provide a great starting point.
During the software selection process, it is imperative to understand how the vendor handles vulnerabilities and patches. These security risks may likely impact the credibility of evidence in a court of law. The risk arguably may be greater with open source products because of the freely available code base and hackers could potentially exploit a vulnerability therefore destroying or modifying that data. Proper patch management and updates from vendors must be taken seriously, and implemented in a manageable, time critical system.
Forensic investigators are considered law enforcement officers, whose specialty is to collect, examine and analyze evidence from a crime scene. Seemingly, forensic investigators can look at many different potential evidence such as ?tire tracks, footprints, blood splatters of a crime scene to piece together theories about what occurred there, the sequence of those events and how long ago they transpired?. In order, to get a job as a forensic investigator in a lab, individuals are required to have the education requirements, which in this case would be a minimum bachelor?s degree in forensic science or biology, chemistry, pre-med, or microbiology. Individuals who have advanced degrees; such as master?s degree or PhD would be considered expert and called upon to testify in court in their field of expertise.
The effort of establishing a lab is both time consuming and complex and numerious components must be addressed that include hardware, software, intelligence, and personnel just to name a few.
- Aibieyi, S. (2012). The impact of post-training on job performance in Nigeria?s oil industry. Educational Research Quarterly, 35(3), 3-32.
- Arumugam, V. (2008). Building an effective software forensic analysis program. (cover story). Journal of the Quality Assurance Institute, 22(3), 22-24.
- Defino, S., Greenblatt, L., Kaufaman, B., & Valenteen, N. (2010). Certified Ethical Hacker Review Guide. Course Technology.
- EC-Council, (2011). Penetration Testing Security Analysis: Certified Security Analyst (CSA).Clifton Park, NY: Cengage Learning.
- Forte, D. (2008). Dealing with forensic software vulnerabilities: is anti-forensics a real danger? Network Security, 2008(12), 18-20. doi:10.1016/S1353-4858(08)70143-0
- Nelson, B., Philips, A., Steuart, C. (2010). Guide To Computer Forensics And Investigation. Evaluating Computer Forensics tool Needs. Course Technology. Boston, MA
- Walden, I. (2004). Forensic investigations in cyberspace for civil proceedings. International Review of Law, Computers & Technology, 18(2), 275-287.
- West, M. (2009). Preventing system intrusions. Computer and information security handbook. (p. 58). Burlington, MA: Morgan Kaufmann Publishers
Author: Steven Swafford
Highly motivated information technology professional with 16+ years of experience. Working as a software engineer Steven develops and maintains web based software solutions. As a skilled professional he is focused on the design and creation of software. Because communication skills are extremely important Steven continues to expand his knowledge in order to communicate clearly with all facets of business. Recently Steven has been leading efforts to standardize software development tools and technology, plans and coordinates web accessibility as applied to IT Solutions, and he is tackling application security in terms of best practices and implementation of the Security Development Life-cycle.
Source: http://radicaldevelopment.net/establishing-a-digital-forensics-lab/
optimal Samantha Steele Espn goog Sylvia Kristel st louis cardinals Steelers Schedule tory burch