BYO Forensic Lab

After recently reading and learing about the requirements for setting up a Forensic laboratory, I did a little more research into the subject and came across a fairly recent article on csoonline.com entitled "How to Build Your Own Digital Forensics Lab - for Cheap". While the article is fairly brief and doesn't go into issues such as chain of custody or the capture of volatile data, the author does provide some cool tips on making a usb device read only and points to some free tools for imaging a suspects disk.

The article also has a link to the handy little "Secret Service's Best Practices For Seizing Electronic Evidence, Pocket Guide for First Responders" [pdf] which has tips such as photographing the screen before powering off a suspect machine and performing the power-down by yanking the power cord (and where appropriate removing the battery). For servers in a business it recommends not yanking out the power cord, but calling a pro and restricting access to avoid damaging the system, disrupting legitimate business and (of course!) reducing the potential for officer and department liability.

It's a cool little guide and an intersting insight into law enforcement procedures.

0 comments:

Post a Comment