Digital Forensic Laboratory (DFL)
What is a Digital Forensic Laboratory?
A Digital Forensic Laboratory is a building where seized digital devices are identified, acquired and analyzed. It can be owned by individuals or government (most of the time).
Setting up a Digital Forensic Laboratory
Setting up a Digital Forensic Laboratory does not necessary require special talents but expertise in the Forensics field. Read this to know more about Digital Forensics. Here are some of the steps involved :
Conducting a plan :
Understand the requirements for a Digital Forensic laboratory(DFL), conduct research on resent statistics of seizure of electronic devices and collaborating with Law Enforcement Agencies(who are responsible for seizure of electronic devices from criminals). Also, understand legal and procedural requirements in establishing of DFL within the criminal justice system and whether or not the investigations to be carried out will be criminal, civil or administrative as well as digital forensic aspects to be considered.
Location :
Some of the steps below will help in setting up a Digital Forensic Laboratory. There are so many steps to look out for that are not mentioned below However these are just basic steps:
i. Adequate electricity supply : There is a need for constant electricity supply especially while carrying out investigations. Power outage can cause lose of data while working and damage to computers or digital devices. If there is no constant electricity, make arrangements for Generators or Power Inverters.
ii. The Floor of the laboratory: Will the laboratory be located on ground floor or not and how will heavy equipment with evidence be transported? These are questions to answer before choosing the floor for the laboratory.
iii. The Space and the aeration of the building: Is there cross ventilation or will there be a need for air conditioners as data is easily lost when electronic devices are over heated. The size and layout of the laboratory will affect its productivity.
iv. Physical Security : Which include surveillance cameras, Closed Circuit Television (CCTV) systems to capture the lab activities, biometric doors, swipe cards, fire control systems like fire/ smoke detectors, fire extinguishers both manual and automated. Windows should be properly protected with strong rods and bars, anti static flooring to reduce possible electro-static discharge, socket outlets and fuses should be properly placed and network jammers or faraday bags and cages should be available in order to block any external network signals.
Facility :
Once the location is selected, the facility should include the evidence room(for storing evidence), reception for welcoming visitors, laboratories( mobile, computer, network or cloud) as the case may be, personal space for the laboratory managers .
Visitors :
Restrict visitors’ access. Visitors must be properly registered and use temporary ID Cards within the surrounding. The Staff should also be responsible for accompanying visitors so they do not take pictures or take videos of the premises. Clear signs or a poster on Visitors Policy must be displayed in the DFL common area for visitors to read.
Software Specifications:
What software can you afford and which will you be able to maintain. License or open source software, maintenance fees and training fees all of them are equally important.
Certifications :
Getting renown certifications like Computer Hacking Forensic Investigator(CHFI), Certificate Forensic Computer Examiner(CFCE), Access Data Certificate Examiner(ADCE) will help give you an edge while starting a DFL.
Tools and Accessories
There is a need for good and quality tools and equipment to carry out day to day tasks in the digital forensics laboratory. Some of these tools might be assembled and disassembled when not in use and they include:
- Power Extension
- Leads and Adaptors
- Screw drivers
- Toolkit
- Camera, Video recorder
- Magnetic tapes
- communication devices
- storage boxes or containers for carrying equipment
- Torch
- Magnifying glass
- Evidence sealings or evidence bag
- Tamper proof stickers
- Permanent markers for labelling
- Faraday bag, e. t. c
The Faraday bag: The faraday bag is made up of a flexible metallic fabric. It is a very important item in the Digital Forensic Laboratory. When devices are seized, they are kept in the faraday bag. The bag automatically changes the digital devices’ mode to airplane mode. This is because the culprit with which the devices were collected will want to send malwares, codes, or encrypt the device and make it corrupt or difficult to access. The faraday bags come in different sizes and are mostly black in color. They are also used by the general public to protect against theft or enhance digital privacy.
How to manage the Digital Forensic Laboratory
- Tools : One of the ways to manage the Digital Forensic Laboratory is by taking care of tools and equipment. The equipment are as important as the hardware and software.
- The Work Station or Work Space: This everything you need to get the job done. It should be properly cleaned and comfortable for work.
- The Skills : Computer skills is an added advantage to getting things done. knowledge of Troubleshooting, Research, Installation of Software, software update and hardware upgrade, File systems. Introduction to Investigation and Digital Forensics, Information gathering, Collection and Examination, Data Recovery, Computer, Mobile and Network Forensics, Report Writing, Health and Safety, e. t. c should be learnt.
- Mentorship/On The Job training(OJT) : The essence is to pass these skills to the next level. Training and retraining of newly employed staff cannot be overemphasized. The mentoring sessions should take place as well as appraisal and assessment of staff performance.
Health and Safety of the Digital Forensic Laboratory:
Some of these precautionary measures will help individuals who work in laboratories in general to avoid accidents or prevent them as well:
- Fire extinguishers should be automated.
- There should be smoke detectors incase of fire outbreak or explosions.
- There should be anti static maps or wrist traps in order to minimize charges.
- Proper footwear should be used and long hair tied.
- There should be rubber mats that can be used incase of shock.
- Handling/lifting — ensure Staff are aware of the correct way to lift heavy items to avoid injury.
References:
INTERPOL_DFL_GlobalGuidelinesDigitalForensicsLaboratory(PDF)