Question

A2Z Forensics is a digital forensics investigation firm that conducts forensic investigations for public as well as private sectors. You are working in this firm as a forensics specialist for a number of years now. The firm is establishing a new forensics lab to meet the future requirements. You have been asked to prepare a business case for this new lab. Your job is to focus on three aspects of the new lab which are hardware, software and lab security. Based on the knowledge of topic 2, prepare a brief business case, summarise and justify the equipment (both hardware and software) you recommend for this new lab that will meet future requirements. Also, briefly explain the security measures you recommend for this new lab

Answer 1

Implementing a Forensic lab Infrastructure

The initial step in this process should be to define the scope of the lab. Will this lab be a full-service digital forensics lab that handles all types of devices and case work, or will it be a lab that is focused on one particular niche such as mobile forensics? We will first define the scope of our lab then we will be better able to address exactly what issues we need to consider and to what extent they will be relevant for our lab. Besides, we should also consider scope creep and the adding of services in the future. We may want to prepare and plan now for these things instead of finding out that our initial lab setup will not be sufficient down the road when we will not be able to enhance or expand our lab without major effort or expense.

Selecting Location of the Lab

The location of your lab can also be very important and it is something that needs to be discussed. Will you be storing evidence in the lab? If not, where is your evidence stored and how convenient will it be to shuttle evidence around? Chain-of-custody issues need to be considered as well as the increased likelihood that evidence could be lost, misplaced, or damaged while in transit. You may also want to consider who your main clients are for your lab. Will the lab be convenient for them and does this matter? Location of your lab may also have a large impact on some of the upcoming topics we will be reviewing, such as network connectivity, environmental controls, power requirements, and security controls.

Designing the layout

Once we have a location selected, then the designing the layout of the lab begins. There are several important issues to consider in our design, which should include the location of workstations, work benches, power outlets, network ports, cabinets, and storage bins. Other things to consider may include height-adjustable workstations, wall-mounted monitors, portable clean room, Faraday cage, and fume hood if we are going to be doing JTAG and chip-off processing. Also, don’t forget to install a wireless phone system so you can move freely around your lab while talking with clients, colleagues, and vendors.

Software and Hardware requirements

A variety of hardware tools will also need to be considered for our lab. Some of these items will include forensic bridges (write blockers), forensic duplicators (imaging tools), data wiping/sanitation devices, forensic workstations, and media docking stations. Of course, we will also need a wide variety of cables, adapters, traditional tool kits, and specialized tool kits for working on the variety of evidence items that you will be subjected to. Depending on the services our lab will provide us may also need additional hardware for JTAG and chip-off processing, mobile device repair and data recovery.

Storing (short term) and archiving (long term) our data are extremely important items for us to address. The methods we deploy for storing and archiving can affect the efficiency of our lab, chain-of-custody, security auditing, and data integrity. Two of the most common methods for storing data today are the use of individual hard drives and network storage devices. Both have their advantages and disadvantages. Some advantages of network storage include the ease of access, ability to set up automated backups, and the ability to keep large amounts of data accessible at any given time. Some possible disadvantages of network storage include security concerns and infrastructure costs.We should weigh the pros and cons of each solution we consider.

Designing Lab Security

Security comes in many forms and the two most important ones for our lab will be physical security and data security. Data security deals with making sure the digital information our lab processes and produces is secured. Data security includes securing the data on its storage medium, securing the data while in transport across the network, auditing the access of this data, limiting the access of this data to authorized individuals, and ensuring the integrity of the data.

Physical security is securing our physical environment. One key part of our physical security plan needs to be identifying which areas are considered secure areas. Physical security includes limiting physical access to the lab and evidence items (authorized individuals only), placing security controls on doors, implementing man traps, maintaining logs of all individuals entering secured areas, and implementing video surveillance where necessary. When defining our secured areas, be sure to consider areas where network and storage devices are kept. If these areas are accessed, then our data and entire network infrastructure can be compromised.

Checklist for Physical Security

1 Surveillance system

The surveillance system is used to monitor the premises for unauthorized access and break-ins. Installation professionals should consider the best strategic place as well as the best resolution to ensure maximum security.

2 Access control Access control

It can be in the form of physical locks and keys, electronic keypads, swipe cards, and/or biometrics, depending on the budget.

3 Fire control system

A Lab must have a fire detection system and fire suppression system installed on the premises. The material used for the fire suppression system must not cause damage to the exhibits, equipment or personnel

. 4 Windows, doors & walls protection

When required, windows should be reinforced with bars and locks to prevent break-ins. If the Lab has glass windows and walls, care should be taken that sensitive data are protected from view. Consider using a fireproof door in a location such as a stairwell or corridors to protect the premises from fire.

5 Sufficient power sockets, fuses, breakers and current load Sufficient power sockets, fuses and breakers must be installed in the Lab to ensure smooth operation and prevent power overloads leading to fire hazards and posing risks to the safety of the staff

. 6 Anti-static flooring Anti-static flooring helps to reduce possible electrostatic discharge (ESD) that may cause harm to employees, equipment and evidence.

7 Radio jamming system It is recommended that the Lab install a system to block network signals, for example using a Faraday cage or a jamming device. A Radio jamming system will block any network signals and prevent any intrusion into the exhibit. With current wireless technology, the possibility exists for powered-on smart phones or laptops to automatically attempt to connect to existing wireless networks, hence modifying their data. National legislation must be checked to verify that the use of such systems is allowed and they do not interfere with other systems.

8 Cooling System It is common for a Lab to have computers to conduct work, generating a considerable amount of heat within the lab. Overheating can lead to loss of data and damage to hardware. The Lab should install a cooling system to control its room temperature, including the evidence storage room and server room.