Lab Project

Forensic Lab Design

CYSE 407 Midterm Forensic Lab

Summary

ISO/IEC 17025:2005 is the general requirement for the competence of testing and calibration laboratories. For this digital forensics laboratory to function, we must first achieve accreditation by applying and abiding by the national and international practice standards for a laboratory. We need to prove that we can perform tasks that measure, sample, and assess the results required to reach the desired outcome. The purpose of this lab will be to critically gather, evaluate, and analyze information and evidence while enforcing distinct policies and procedures. This report includes maintenance plans, a lab layout, staffing and responsibilities, and an accreditation plan.

Forensic Laboratory Floor Plan

Accreditation Plan

Accreditation programs are the primary method states use to ensure their laboratories follow best practices. Through accreditation programs, laboratories can be required to use certified forensic analysts, undergo proficiency testing, and ultimately can be held accountable for any mistakes. Accreditation is a formal process by which an impartial organization reviews a provider’s policies and procedures to ensure the laboratory is conducting its operations in a manner consistent with national or international standards. We can achieve accreditation through the ANSI National Accreditation Board (ANAB).

The process will start by submitting the laboratory’s Scope of Accreditation, listing the fields of testing or calibration for which we are seeking accreditation. We must prove that we have quality systems in place that meet the requirements and that we are technically competent as well. If we don’t get approved, we will get an opportunity to correct any mistakes and follow up. Once approved by the accrediting body we will receive a certificate, indicating the quality system meets specific requirements, specifically ISO/IEC 17025. Additionally, the certificate will state what testing or calibration the laboratory can perform and to what level of accuracy. Following the assessment, there may be future surveillance and reassignment to ensure we are keeping up with standard practices. 

List of Steps to be taken: 

  • Written procedures for evidence
    • Security, control, and handling 
  • Written Reports 
  • Technical Procedures 
  • Training Programs 
  • Proficiency Testing 
  • Review of Facilities
  • Corrective and Preventive Action processes 

Inventory

Hardware

  • 15 office Chairs 
  • 5 PCs – 2 will have access to the internet  
  • 20 IDE Cables 
  • 20 SATA Cables 
  • Secure Storage Room with 5 large evidence lockers 
  • Spare RAM
  • Network cards 
  • Hard disks 
  • CD/DVD writers 
  • Removable memory 
  • Network Cable Tester 
  • PC Components (Adapters, Cables, mouse, keyboards, monitors, etc…) for 5 PCs 
  • 5 printers
  • 6 security cameras, an intrusion alarm system, a secure keycard for lab entrance, and an evidence locker  
  • Projector with screen 
  • Conference Table 
  • Workbench with stools 

Software 

  • Kali Linux 
  • Helix Pro
  • Wireshark
  • Autopsy
  • EnCase
  • WindowsSCOPE 
  • Cellebrite UFED
  • Registry Recon

Maintenance Plan

The maintenance plan will include procedures and tasks that must be fulfilled to support and monitor the lab. This plan will assist in ensuring that the lab is performing efficiently and securely. This plan will include the following: 

  • Hardware and software maintenance 
  • Cost analysis (fix/replacement of equipment)
  • Procedures for failing equipment 
  • Security/Maintenance records
  • Equipment Security 
  • Performance Checks 

We will be performing regular inspections of the lab to create a clean working environment. Regular repairs, updates, renovations, and maintenance checks will also be performed. We will also perform calibration tests on equipment to measure efficiency and reliability. Procedures will be put into place to replace damaged or corrupt equipment in a timely fashion as necessary. Preventive measures will also be performed to ensure equipment is prepared in case of a potential data breach or cyber-attack. Reactive procedures will ensure that in the event of an attack everyone in the lab has clear guidelines to follow to prevent further damage and combat the ongoing situation. 

Laboratory Roles

  • Lab Director/Manager- will be responsible for overseeing daily operations, security checks, scheduling, and monitoring trainees and employees to ensure they are performing in accordance with standards.
    • Qualifications- Must have 3+ years of experience in a forensics lab with at minimum a bachelor’s degree in forensic science, computer science, criminal justice, or another related field. 
  • Digital Forensic Engineer/Analyst- examining and gathering evidence. Ensuring that proper guidelines are followed and enforced while working with evidence.
    • Qualifications- At minimum a bachelor’s degree in forensic science, computer science, criminal justice, or another related field. Preferably 2+ years of forensics lab experience.
  • Lab Security Officer- Responsible for making sure the lab is properly secured and always monitored. They will keep organized records on who enters the lab, visitors, and employees, and ensure those in the lab are following proper security procedures. 
  • Cyber Security/IT support- responsible for maintenance of hardware and software within the lab. They will keep equipment readily updated and available when necessary and keep them safe from potential malware.
    • Qualifications- BS Degree in Computer Science or a related field is required/ Master’s Degree is preferred. Experience with software security, cybersecurity training, and certification. 

References