Guide to Computer Forensics and Investigations Fourth EditionObjectivesUnderstanding Forensics Lab Certification RequirementsIdentifying Duties of the Lab Manager and StaffIdentifying Duties of the Lab Manager and Staff (continued)Slide 6Lab Budget PlanningLab Budget Planning (continued)Slide 9Slide 10Acquiring Certification and TrainingAcquiring Certification and Training (continued)Slide 13Determining the Physical Requirements for a Computer Forensics LabIdentifying Lab Security NeedsConducting High-Risk InvestigationsUsing Evidence ContainersUsing Evidence Containers (continued)Slide 19Slide 20Overseeing Facility MaintenanceConsidering Physical Security NeedsAuditing a Computer Forensics LabDetermining Floor Plans for Computer Forensics LabsDetermining Floor Plans for Computer Forensics Labs (continued)Slide 26Selecting a Basic Forensic WorkstationSelecting Workstations for Police LabsSelecting Workstations for Private and Corporate LabsStocking Hardware PeripheralsMaintaining Operating Systems and Software InventoriesUsing a Disaster Recovery PlanPlanning for Equipment UpgradesUsing Laptop Forensic WorkstationsBuilding a Business Case for Developing a Forensics LabPreparing a Business Case for a Computer Forensics LabPreparing a Business Case for a Computer Forensics Lab (continued)SummarySummary (continued)Guide to Computer Forensicsand InvestigationsFourth EditionChapter 3The Investigator’s Office and LaboratoryGuide to Computer Forensics and Investigations 2Objectives•Describe certification requirements for computer forensics labs•List physical requirements for a computer forensics lab•Explain the criteria for selecting a basic forensic workstation•Describe components used to build a business case for developing a forensics labGuide to Computer Forensics and Investigations 3Understanding Forensics Lab Certification Requirements •Computer forensics lab –Where you conduct your investigation–Store evidence–House your equipment, hardware, and software•American Society of Crime Laboratory Directors (ASCLD) offers guidelines for:–Managing a lab –Acquiring an official certification–Auditing lab functions and proceduresGuide to Computer Forensics and Investigations 4Identifying Duties of the Lab Manager and Staff•Lab manager duties:–Set up processes for managing cases–Promote group consensus in decision making–Maintain fiscal responsibility for lab needs–Enforce ethical standards among lab staff members–Plan updates for the lab–Establish and promote quality-assurance processes–Set reasonable production schedules–Estimate how many cases an investigator can handleGuide to Computer Forensics and Investigations 5Identifying Duties of the Lab Manager and Staff (continued)•Lab manager duties (continued):–Estimate when to expect preliminary and final results–Create and monitor lab policies for staff–Provide a safe and secure workplace for staff and evidence•Staff member duties:–Knowledge and training:•Hardware and software•OS and file types•Deductive reasoningGuide to Computer Forensics and Investigations 6Identifying Duties of the Lab Manager and Staff (continued)•Staff member duties (continued):–Knowledge and training (continued):•Technical training•Investigative skills•Deductive reasoning–Work is reviewed regularly by the lab manager•Check the ASCLD Web site for online manual and informationGuide to Computer Forensics and Investigations 7Lab Budget Planning•Break costs down into daily, quarterly, and annual expenses•Use past investigation expenses to extrapolate expected future costs•Expenses for a lab include:–Hardware–Software–Facility space–Trained personnelGuide to Computer Forensics and Investigations 8Lab Budget Planning (continued)•Estimate the number of computer cases your lab expects to examine–Identify types of computers you’re likely to examine•Take into account changes in technology•Use statistics to determine what kind of computer crimes are more likely to occur•Use this information to plan ahead your lab requirements and costsGuide to Computer Forensics and Investigations 9Lab Budget Planning (continued)•Check statistics from the Uniform Crime Report–For federal reports, see www.fbi.gov/ucr/ucr.htm•Identify crimes committed with specialized software•When setting up a lab for a private company, check:–Hardware and software inventory–Problems reported last year–Future developments in computing technology•Time management is a major issue when choosing software and hardware to purchaseGuide to Computer Forensics and Investigations 10Lab Budget Planning (continued)Guide to Computer Forensics and Investigations 11Acquiring Certification and Training•Update your skills through appropriate training•International Association of Computer Investigative Specialists (IACIS) –Created by police officers who wanted to formalize credentials in computing investigations–Certified Electronic Evidence Collection Specialist (CEECS)–Certified Forensic Computer Examiners (CFCEs)Guide to Computer Forensics and Investigations 12Acquiring Certification and Training (continued)•High-Tech Crime Network (HTCN)–Certified Computer Crime Investigator, Basic and Advanced Level–Certified Computer Forensic Technician, Basic and Advanced Level•EnCase Certified Examiner (EnCE) Certification•AccessData Certified Examiner (ACE) Certification•Other Training and Certifications–High Technology Crime Investigation Association (HTCIA)Guide to Computer Forensics and Investigations 13Acquiring Certification and Training (continued)•Other training and certifications–SysAdmin, Audit, Network, Security (SANS) Institute–Computer Technology Investigators Network (CTIN)–NewTechnologies, Inc. (NTI)–Southeast Cybercrime Institute at Kennesaw State University–Federal Law Enforcement Training Center (FLETC) –National White Collar Crime Center (NW3C)Guide to Computer Forensics and Investigations 14Determining the Physical Requirements for a Computer Forensics Lab•Most of your investigation is conducted in a lab•Lab should be secure so evidence is not lost, corrupted, or destroyed•Provide a safe and secure physical environment•Keep inventory control of your assets–Know when to order more suppliesGuide to Computer Forensics and Investigations 15Identifying Lab Security Needs•Secure facility–Should preserve integrity of evidence data•Minimum requirements