Digital Forensics

Midterm Paper

Posted by sfran016 on

Summary


This digital forensics company would function out of the city of Virginia Beach and will
only handle cases in the local Hampton area including Norfolk, Chesapeake, Portsmouth,
Newport News, Hampton, and, of course, Virginia Beach. Because it is only focused on this
specific area, it is a smaller office located in the back area in the main Virginia Beach police
department. So it is easier to get the product and devices back to the analyzers.


Accreditation Plan


When trying to obtain accreditation for a digital forensic lab, you need to know the
companies that do the accreditation. This includes ANSI (American National Standards Institute)
and ASQ (American Society for Quality), which do accreditations around the world. The joint
company is called (ANAB) or ANSI-ASQ National Accreditation Board. In order to get
accredited the lab needs to have its tasks and procedures for its cases lined out and properly
practiced for every case. This is because that is one thing the companies look for.
Accreditation teams will also be looking for the following:
● Ability to properly perform work and training and activities including:
○ Forensic sciences
○ Criminal & civil laws
○ Skills and knowledge in specific tasks and department
● Code of Ethics and an annual review of it
● A director or leader with clearly defined rules and responsibilities (Effective
management)

● Proper equipment (hardware and software)
● Other specified requirements
So, in order to obtain and maintain accreditation I will ensure those standards are upheld (ANAB
& AR 3125).


Forensic Laboratory Floor Plan


Within this lab layout there are at least two computers for forensic analysis and two
office computer areas for the offices of the same forensic analysts or other staff members. The
forensic analysis rooms, lab, and storage rooms require special key cards which would be
included in your employee badge depending on your role. There is also a separate office for the lab director or manager. As far as physical security is concerned, locked rooms are one type of
security. When it comes to the devices, including backups, privacy screens, labeled equipment, and protecting both the evidence and any data is an expectation within the company. This also
includes logs of who enters and exits rooms and floor to ceiling walls and doors to ensure
security (Nelson 2018).

Inventory (Awesome Forensics/Github)

Hardware

● Write blockers ● Disk imager ● TD4 Duplicator ● Books on digital forensics ● Book shelves
● Forensics Computers (2 or more) ● Desktop computers (2 or more) ● Desks and chairs (At least 5)
● Power cords ● Standing lamps ● Door locks ● Printer and accessories ● Paper ● Pens and pencils

Software

● Autopsy ● The Sleuth Kit ● FTK Imager ● EnCase ● Linux ● Forensic Artifacts
● Bulk_extractor: Extracts info like emails and card info from disk images
● WireShark: Protocol analyzer ● Docker Explorer ● Hindsight: Forensics for Chrome
● Timeline Explorer: Timeline analysis ● RAM Acquisition

Maintenance
Lab Management Guidelines


In order to maintain the standards and policies of the lab, random audits will be
conducted to ensure that everything is running smoothly. This includes:
● Ensuring the right people have access to specific areas
● Reviewing visitation logs
● Ensuring no areas are damaged or need repairs
● Every device is up to date
● Evidence is properly stored away


Preventative Maintenance


The goal for maintaining the lab is to keep the safety of all individuals in mind. This
includes keeping the lab environment clean and well kept in every aspect. Any issues causing
damage to the structure or lab will be reported to maintenance and repaired as soon as possible to
prevent any injury. Because this lab is focused on computers and electrical devices, there will be plenty of protection around the entire lab to help prevent any issues. For disposing of any electrical equipment, we will partner with an electronic company and donate any available parts to them once they are no longer needed.


Budgets


The budget of this department will be handled by the government and police department that this forensics company works under. (Case prices can be between $5,000 – $15,000 on average, but can cost up to $100,000) Any cases with a cost estimated over $20,000 will be automatically sent to the state or district office (Nelson 2018).

Roles/ Responsibilities (Nelson 2018)


❖ Lab Director/Manager
➢ Details how to manage cases (logging evidence how to file reports, and who is
working on cases)
➢ Reviews casework and files
➢ Creates and enforces company ethical standards and company policies
➢ Schedules updates for labs (hardware and software)
➢ Manages money spent on casework


❖ Forensic Analyst & Staff Members
➢ Receiving products and devices that need to be restored, analyzed, and stored.
➢ Running tests on the devices (like imaging)
➢ Technical training (Especially when new methods come out)
➢ Lab procedures


❖ Forensic Investigator
➢ Acquiring items that contain data (i.e. USB or hard disk)
➢ Preserving evidence and making copies of it
➢ Filing a detailed report on evidence (what it is, where it was found, etc)

Sources


AR 3125 ISO/IEC 17025:2017, anab.qualtraxcloud.com/ShowDocument.aspx?ID=12371
Cugu. “Cugu/Awesome-Forensics: A Curated List of Awesome Forensic Analysis Tools and Resources.”
GitHub, github.com/cugu/awesome-forensics
“Https://Anab.Qualtraxcloud.Com/ShowDocument.Aspx?I…” ANAB ANSI National Accreditation
Board, anab.qualtraxcloud.com/ShowDocument.aspx?ID=7183
Nelson, Bill, et al. Guide to Computer Forensics and Investigations: Processing Digital Evidence. 6th ed.,
CENGAGE LEARNING, 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *