Brandon has a MS in systems engineering & a PhD in Cyber Security. He has taught at several universities and possesses 12 industry certifications.
The Digital Forensics Lab: Requirements & Design
What is Digital Forensics?
Digital forensics are used to carry out checks on computer systems to investigate inappropriate workplace behavior on computers, to assist in disciplining individuals responsible for such behavior, or to analyze cyber incidents and provide assessments of damage. There is also a law enforcement aspect in digital forensics, that is specifically to enable the prosecution of computer crimes and digital criminal activity.
The goal of cyber forensics is to obtain information on unlawful security breaches. This includes obtaining investigative information on worms, viruses, hacking of secure networks (civilian, government, and military), and privatized networks. The examinations process can include classified information, digital espionage, and even cyber terrorism.
The act of cyber forensics will also seek to uncover persons involved in child pornography, financial or internet fraud, narcotics transactions, and other activities of an illegal nature that cross over into the cyber realm. As such, it is necessary to have the tools and processes to obtain digital information as it becomes available on various hardware, software, and mobile devices.
Let's discuss the building of a personal design facility that will allow the testing of systems for forensic tool sets at home.
Researching Materials
First, it is important to take stock of what you actually need. Researching trends within the industry will assist in showcasing what other agencies, companies, and individuals are doing. There is quite an array of information and materials out there. The various standards are easy to locate, and the information security community is quite open. Check out some of these sources of information:
- The European Network of Forensic Science Institutes (ENFSI)
- The National Institute of Standards and Technology (NIST)
- The Scientific Working Group on Digital Evidence (SWGDE)
Gathering information from these sites will provide details on how forensic testing is being carried out, and what is going on in the world of forensics.
Workstation Materials
Next, a workstation of some kind is required. Any computer that is secure, has adequate power, and has an internet connection will be able to be used for this type of work. Here is a high-level overview of what your workstation should contain to appropriately handle doing forensic work.
- RAM – as much as possible (at least 4 gigabytes for virtualization)
- CPU – dual-core processor at minimum (quad-core or higher is optimal)
- Onboard sound and graphics
- USB 1 and 2
- DVD/CD-RW
- Large monitor or dual monitors
- Printer
- Network equipment (switch, router, etc.)
The SANS Investigative Forensic Tool Kit, or PALADIN by Sumuri, will provide an operating system in Linux that contains the necessary software to begin forensic tests. If you don't have a Linux computer, this can be accomplished using a virtual system on a Windows PC. There are a few virtual machine managers (hypervisors) on the market that can be used for free. VirtualBox by Oracle and VMWare Player are two such pieces of virtualization software.
Using Paladin
Let's concentrate on PALADIN, because it is a LINUX forensics suite that is a simple, affordable, all-in-one home solution for a digital forensics lab, though others may work for you as well.
Following the installation of a hypervisor like PALADIN, it is necessary to activate VT technology on the system. This can be done in the computer's BIOS (Basic Input Output System). Activate this technology on the processor chip so that virtual computers can be created. Any one of the hypervisors listed are in executable form after download.
Once downloaded and installed, a GUI menu will appear. Allocate resources (CPU, RAM, etc.) to the virtual device, then select the slot and ensure it has enough physical resources on the main computer to function.
Testing may be involved using the aforementioned hardware. Once this is done, simply insert the DVD-ROM that has been burned, point the hypervisor to the .ISO file, or use a USB thumb drive that has been prepared with the Sumuri PALADIN software. This will boot the Live OS and allow for an installation of Paladin Linux. Installation of this operating system is very similar to Kali Linux for penetration testing.
Paladin's Features
PALADIN allows the booting of a computer to a safe environment. It is a Live OS and can be used as such. PALADIN is an entirely self-contained forensic suite that includes Autopsy. It has a full GUI interface and is supported by every operating system file type. This GUI has similar features to enCase and other mediums for imaging, triage, and analysis, but in a free and open-source platform.
PALADIN also includes the following features:
- Logging – PALADIN contains a full-text logging suite that allows logs to be saved externally, and contains detailed information on imaging to go in concert with forensic images.
- IMAGER Module – allows for simultaneous image copies on Paladin.
- Image Converter Module – images can be converted into other types of images.
- Find Module – assists in quick location on volumes and directories, etc. In the field it is often necessary to find content quickly.
- Disk Manager Module – similar to disk druid or Disk Management on Windows. The real benefit is the ability to see and manipulate write-blocked media. This feature is beyond other OS disk management processes.
Lesson Summary
Digital forensics are used to analyze cyber incidents to track down cybercrime, and collect evidence to assist law enforcement in proving cases against cyber criminals. There are several computing mediums, hardware, and software devices available to forensic examiners to appropriately track these incidents.
Building a home network can be done through virtualization software and the use of PALADIN, a LINUX forensics suite that is a simple, affordable, all-in-one home solution for a digital forensics lab.
To unlock this lesson you must be a Study.com Member.
Create your account
Register to view this lesson
Unlock Your Education
See for yourself why 30 million people use Study.com
Become a Study.com member and start learning now.
Become a MemberAlready a member? Log In
BackResources created by teachers for teachers
I would definitely recommend Study.com to my colleagues. It’s like a teacher waved a magic wand and did the work for me. I feel like it’s a lifeline.