May I raise a generic question?
I seem to detect a "CATCH22" situation.

Say that a long time expert and willing to help member suggests to have in the toolkit a "protofractional flubbinator" (a fictional tool that is very useful for "frastling grops and zerling drestroos") .

I would presume that - besides the sheer existence of the tool in the toolkit - the actual operator of the forensic service should have spent long hours studying the theory behind both "frastling" and "zerling" and yet more hours getting familiar and practicing with the actual specific make/model "flubbinator", or at least with similar "protofractional" tools in order to be able to use that tool.

Then, he/she would already know the existence of the tool, would know when and how to use it and would be capable of deciding himself/herself whether this tool is needed in the toolkit or not, this depending by a lot of factors, including the cost of the tool, the kind of work the forensic service is going to provide, etc., etc.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

Thanks for (most of) the post so far. I shoudl clarify...
...
I'm setting up an in-house service for the company I work for. I have a pretty good idea of the toolkit contents, I'm a past techie so I know one end of a computer from another.

If there are any decent lists out there I'd be grateful for a pointer.  

- nat038

I shoudl clarify...
...

Yes , maybe if you list the actual expected kind of activities the "in-house service" is likely to perform, some member could give you more specific advice, as opposed to "generic" lists.
I mean, as an example, if your firm only uses (say) BlackBerries as mobile communication devices, you will have no need for any "specific" iPhone tools, or if it the scope is exclusively "PC forensics" you won't have any need for tools related to Cell Phone forensics.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

I second this.

If your in-house lab is for corporate cases, your needs are more geared toward eD, versus in-house at a local police station, where it is more forensics.

If you deal mostly on web based applications, (Google Apps, browsers, e-mail), your needs are different than a office where everything is local apps.

A software shop will have different need than a manufacturing plant.

And, so on...

If we can get a better understanding of your business, then we may be able to provide you a better answer.

- jaclaz

- nat038

I shoudl clarify...
...

Yes , maybe if you list the actual expected kind of activities the "in-house service" is likely to perform, some member could give you more specific advice, as opposed to "generic" lists.
I mean, as an example, if your firm only uses (say) BlackBerries as mobile communication devices, you will have no need for any "specific" iPhone tools, or if it the scope is exclusively "PC forensics" you won't have any need for tools related to Cell Phone forensics.

jaclaz

 

OK thanks again so far. The intent would be to able to provide an eD *and* full forensic service across all types of application and systems. Really what I'm looking for is a generalised kit to cater for most situations.  

- nat038

OK thanks again so far. The intent would be to able to provide an eD *and* full forensic service across all types of application and systems. Really what I'm looking for is a generalised kit to cater for most situations.

Unpacking your statement - you want to do most e-mail systems, most operating systems, most disk and disc file systems, most mobile devices, most mobile carriers, most storage solutions, most cell site analysis, most wifi analysis, most . . .

And, what is your initial and thereafter annual budget for this?

Is this a law enforcement shop or business?

Is this a shop for internal matters in a firm, or this is the business (selling eD/forensics services)?  

We would also recommend our Belkasoft Evidence Center (http://belkasoft.com) as a tool used by forensic investigators worldwide and included into standard software lists in several countries.
_________________
Digital Evidence Extraction Software
belkasoft.com