I thought this forum was welcoming to newly graduated forensic students but it seems those seasoned in the field feel the need to make fun of and pull down new persons.
I didn't want to sound like not welcoming you. (or any other student or non-student), forensics or not. )
It was more a way to provide a possible explanation to why you INITIALLY felt not welcome
I was hoping that I could come to this forum and get the advice of people already in the field in terms of what is needed to get a lab off the ground.
i.e. that maybe you posed the "wrong" questions or not enough data to provide any "right" answer.
This
a medium substantial lab to handle both criminal and corporate forensic cases, including mobile equipment.
is a "vague" question, that can only be answered with "vague" answers.
Not knowing some relevant data, like (again just examples)
- How many cases do you expect to manage per year?
- How many cases do you expect to manage concurrently?
- Are you living in a city where several vendors of forensics equipments are?
- Or are you living on a lonely island hundreds of miles from mainland and anything you need must be ordered three to six months in advance?
- Which budget (roughly) are you allowed?
- How many people will be employed in the lab?
A more "productive" approach would probably be if you post a list of what you think you need, together with at least some of the answers to the above questions, and experienced users may help you in giving you an estimate of the quantities needed for each single item and possibly point out some tool/app/whatever you might have missed.
jaclaz
Sorry jaclaz if my response was a bit harsh..on retrospect I realise it was and I apologise. I have gotten responses in other forums where newbies are looked at as not knowing anything and not worth the time to teach.
With that said, I am basically trying to build a lab in the dark. I say this because
1. there currently are no laws relative to digital crimes and there are now in the process of getting some on the statute books and modifying existing laws. I am in Barbados.
2. There has been a push towards computer forensics with some training starting to be giving to law enforcement officers. I however do not know the extent of such training and how much the officers trained have been taught. It may be reasonable to assume they were taught just the basics and with them not currently practicing such will most possibly soon forget what they were taught without any hands on.
Thus my intention is kind of two-fold, to build a lab here that will serve as the basis for forensic investigations as I know there is a need for it now with the level of digital piracy and other crimes occurring and currently the only criminal charges being done is for possession if any pirates are actually caught in the act of selling.
The other part of my focus is to maybe use the lab for teaching purposes to teach computer forensics with in the Caribbean as the universities here do not currently offer this only computer science.
I am in the process of compiling a list and I will take your advice and post it here for critique and suggestions. But to answer some of your questions so far.
How many cases do you expect to manage concurrently? Unknown at the moment, so I am trying to budget for an average size lab that could comfortably handle at least 3 cases concurrently. Not sure if that is a small number or manageable for one person.
Are you living in a city where several vendors of forensics equipments are?Or are you living on a lonely island hundreds of miles from mainland and anything you need must be ordered three to six months in advance?
Since forensics is "unheard of" here, we do have places that supply computers for general business use, but most organisations when they are looking to outfit their companies usually go to vendors mainly in the USA such as IBM, Dell, etc who ship here, so outside vendors will be the route I will have to take.
Which budget (roughly) are you allowed? I have not been given a budget. My mandate was basically to give us the cost to build a lab and we will put on the table for funding. This is the main source of my problem as a really decked out lab I know will be very very expensive but at the same time I do not want to have a lab that then is unable to handle the work load in a short space of being set up since possible funding to expand may not be so forth coming.
How many people will be employed in the lab? I am part of a three person firm but I am the only one with forensic know how, so in the beginning I may be the only person handling the forensic side of the company.
I hope this post was not too long. I am working on a list and will post it here as soon as I am completed. I was also looking at prices and so far has computer equipment from IBM such as desktop pcs, servers and NAS. If there is a better recommendation that will be appreciated.
Tell your boss to budget fifteen thousand US dollars.
Then tell him to order the following
1. One Digital Intelligence standard FRED - $5,000
2. One hardware write blocker - for instance Wiebetech or Tableau, around $500 or less
3. A Secureall fireproof security cabinet to store evidence - $1,000 for the cabinet and $200 to $500 for shipping depending on distance
4. A case of blank SATA hard drives. You can get 160gb for around $60 each so figure a dozen for $800 shipped
5. A copy of FTK for whatever the going price is, let's say $2,000 to $4,000
6. An office to put this stuff in that is air conditioned and secure
7. Training in how to use FTK, $2,000 per class
8. An extra $2,000 for little stuff, tools and misc
9. This does not include $5,000 for a cell phone kit or the training to use it
10. Understand that part of your job is to support yourself by educating your boss on what you do and why it is valuable and necessary and make sure he understands that he has to do the same with his boss.
11. Building your own lab is a lot of fun so enjoy it.
12. I forgot $400-$600 for a good UPS (min 1,000 watts) we only use APC and like them a lot
13. Something tells me I have exceeded fifteen thousand )
14. Make sure to allow extra money for little stuff you find out you need later on in the middle of an investigation and you can't proceed without it.
15. If I left anything out it is only because I am in a hurry. I am in the middle of two investigations. Now is your chance to make it the way you want it. After the lab is built you are stuck with it. You better ask for twenty thousand. Make it twenty five just to be safe. You may want a copy of Encase as well.
By the way…
When I said hardware write blocker I really meant USB write blocker. This will let you image flash drives and USB hard drives. You already have an IDE/SATA/SCSI hard drive write blocker on your FRED in the form of the Tableau Ultrabay which is worth it's weight in gold. You cannot buy them separately. Yes there is another company building forensic machines but they do not have the Ultrabay. Tableau only sells them through Digital Intelligence. Yes you can build your own but there is no substitute for a FRED. After you have used it for a couple of years you will agree with me. If you are on a low budget you can get a Paraben hard drive write blocker and image to a laptop but you are going to get tired moving the data around. The FRED gives you a place to store your cases and room to work.
If you are going into the field to image hard drives like I do you are going to need a Logicube imaging device. We have been using the MD5 for about five years now and it works fine but it a little slow because it is old. They have newer models now that are faster but also more expensive. We paid $850 for our MD5 and if you want an Echo or a Sonix it will cost you somewhere around $3,000 to $4,000. I also use my MD5 in the lab when I have a field tech bring the hard drive in and wait while I clone it and then give him back the original. Since you are on an island you may have access to all your computers where you can bring the drive into the lab and image it into your FRED. AFter you do that however you have to store the original for a number of years in your locker. You must then either clone it and put it back and store the copy or keep the original and put a blank back in the computer and reload it. Your choice.
Greetings,
I'd actually suggest a laptop with a write blocker for imaging in the field. You can use the same system as a low end analysis machine, it gives you more imaging options than a dedicated solution like the Logicube or HardCopy, it is inexpensive, it is more flexible, and it is easy to upgrade.
-David
gemstones,
Good to have you back with us. It helps to know the country in question because that gives a greater insight into the existing legislative/regulatory framework within which the lab exists, as mentioned above. The other point, which I don't think has been raised, is that there are probably a small number of countries which would give some members pause before assisting a government sponsored initiative - I'm fairly sure that's not the case here 😉
Jamie
Welcome my Bajan brother… well I am half Bajan at least… I is funnt that you are here, I aways wondered what some of the W.I. contries were up to with reagrds to Digital Forensics. Anyway, shoot me a PM or email sometime.
Daimon
Tell your boss to budget fifteen thousand US dollars.
Then tell him to order the following
1. One Digital Intelligence standard FRED - $5,000
2. One hardware write blocker - for instance Wiebetech or Tableau, around $500 or less
3. A Secureall fireproof security cabinet to store evidence - $1,000 for the cabinet and $200 to $500 for shipping depending on distance
4. A case of blank SATA hard drives. You can get 160gb for around $60 each so figure a dozen for $800 shipped
5. A copy of FTK for whatever the going price is, let's say $2,000 to $4,000
6. An office to put this stuff in that is air conditioned and secure
7. Training in how to use FTK, $2,000 per class
8. An extra $2,000 for little stuff, tools and misc
9. This does not include $5,000 for a cell phone kit or the training to use it
10. Understand that part of your job is to support yourself by educating your boss on what you do and why it is valuable and necessary and make sure he understands that he has to do the same with his boss.
11. Building your own lab is a lot of fun so enjoy it.
12. I forgot $400-$600 for a good UPS (min 1,000 watts) we only use APC and like them a lot
13. Something tells me I have exceeded fifteen thousand )
14. Make sure to allow extra money for little stuff you find out you need later on in the middle of an investigation and you can't proceed without it.
15. If I left anything out it is only because I am in a hurry. I am in the middle of two investigations. Now is your chance to make it the way you want it. After the lab is built you are stuck with it. You better ask for twenty thousand. Make it twenty five just to be safe. You may want a copy of Encase as well.
Thanks so much for the advice. Would you suggest going with a FRED as oppose to buying a regular PC to serve as the main forensic machine?
Welcome my Bajan brother… well I am half Bajan at least… I is funnt that you are here, I aways wondered what some of the W.I. contries were up to with reagrds to Digital Forensics. Anyway, shoot me a PM or email sometime.
Daimon
Always good to welcome a brother. They are now coming up to speed in the forensic arena and seeing the need for it.