Digital Forensic Lab Setup

1
Digital Forensic (Lab Requirements) Prepar
ed by Syed Ubaid Ali Jafri  Head of Cyber
Defense Offensive Security Cybercrime
Investigator Advisor to Law enforcement
agencies Global Cyber Security / Forensic
Researcher Motivational Speaker  Whats App
380 50 757 4993  Website https//www.ubaidjafri.
com 
2
Table of Contents
3
Table of Contents
S. No Content Description Page No
1 Pre-requisite for setting up a Digital Forensic Environment 4
2 Hardware Requirements 6
3 Digital Forensic Lab Setup 9
4 Software Requirements 12
4
Pre-Requisite for setting up a Digital Forensic
Environment
5
Pre-requisite for setting up digital forensic
environment

• Before conducting any Digital forensic
  investigation an investigator must seek the
  answer of the following questions
• What is the Scope of Work of the Investigation,
  this scope of work covers the following
• Total No. of devices required for
  imaging/analysis purpose
• Timeline of the project and
• Expected outcomes to be shared with the client.
• What are the expectation of the client from the
  investigation company or investigator?
• Who will be the POC (Point of Contact) from
  client side. Suggested practices requires at
  least two Nominations from the client side in
  case of any issue.
• An Investigator must have the following Bag Pack
  ready whenever an investigation is required.
• Evidence Bags
• Chain of Custody Forms
• Evidence Acquisition forms
• Multiple bootable USBs of (DEFT Z, DEFT 8.2),
  Hiren Boot, Caine, SANS (SIFT)) etc.
• A dedicated Laptop for Digital forensic evidence
  identification which includes (Autopsy, FTK
  Imager, Encase) etc.
• A wire lock for forensic laptop.
• A set of screw driver for unscrewing of hard
  drive from (Laptop, Desktop) in case if the
  machine is broken.

6
Hardware Requirement
7
Hardware Requirement (1/2)
List of hardware required while conducting a
digital forensic investigation
S. No Suggested Hardware Suggested for Estimated Price Description
1 Laptop (Alienware, MSI, Bitmindz, FRED L) 32/64 GB RAM, Core i7, 2 G.B Graphic Card, 1 TB SSD and 1 TB SATA Hard Drive Mobile / Computer Forensic 6000 These powerful portable laptop was designed especially for IT-forensic analysis, it is compact and lightweight with no compromise made on performance.
2 DAVE NAS8-64TB Digital Forensics NAS RAID Vault Mobile / Computer Forensic 8500 Storage requirements around digital evidence, finding affordable, easy-to-manage, and scalable storage solutions can be a challenge. NAS provide a central storage management to store critical evidence including imaging files and recovered evidences in it.
3 Teel Tech Chip Off Computer / Laptop Forensic 3500 Teel Tech Chip-Off 2.0 provides students with a comprehensive education into performing forensics on memory chips used in today's mobile devices and other media.
4 PC 3000 Express SATA / SSD / SAS / IDE / 6200 PC-3000 Express is a hardware-software solution intended for diagnosing, repairing and recovering data from damaged HDDs based on SATA (Serial ATA)
5 Write Blocker (Tableau) Computer/ Laptop Forensic 5000 Write blockers are devices that allow you to read the information on the drive without the possibility of accidentally altering or writing to the disk.
6 Bootable USB Drives Computer / Laptop Forensic 200 Bootable USB drives helps investigator to Boot up their customized OS, in Digital forensic case, investigators use DEFT, CAINE, SIFT for imaging of laptop/desktop.
8
Hardware Requirement (2/2)
List of hardware required while conducting a
digital forensic investigation
S. No Suggested Hardware Suggested for Estimated Price Description
7 Tableau TX1 Forensic SATA / USB3 /PCIe / SAS / IDE / Network Share 8600 The Tableau TX1 Forensic Imager is the latest and greatest from Tableau and is a portable alternative to carrying a forensic workstation into the field. It is a network-enabled, fully-forensic imager that offers superior local and network imaging performance with no compromises.
8 Hard Drive Duplicator (4 Bay) SATA / SAS / IDE / 1200 Hard drive docks make it easy to repurpose internal drives without fiddling with enclosures or transferring data to external drives.
9 Forensic Crack Cabinets (Mission Dark) SATA / SAS / Laptop 5000 Forensic Crack Cabinet system solves multiple problems for forensics investigators and labs. This cabinet keeps devices charged, Locked, shielded during investigation.
Physical Security Physical Security Physical Security Physical Security Physical Security
1 KL Security Enterprises FireKing DP2150 External / Portable / Hard Drives / USB 13000 Fireproof Safe 1290 lbs, 6.1 cubic feet records safe capacity, 4.4 cubic feet data safe capacity. It can protect external hard drives, data backup tapes and paper documents!
2 Evidence Bags (Tritech Forensic) External / Portable / Hard Drives / USB 50 These Evidence Bags have a self-sealing adhesive strip that forms an instantaneous and permanent seal, making it impossible to reopen. It should be recommended for Hard drives, external drives, USB drives etc.
3 Bio Metric Thumb / Retina scan Physical Security 1000 Use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic.
4 Targus Defcon NCL Wirelock for Laptop (ASP66APX) Laptop 70 For physical security of the laptop.
9
Digital Forensic Lab Setup
10
Digital Forensic Lab Setup (1/2)
Digital forensic Lab can be of any design, but
some important areas which needs to be ensured
before setting up any Digital forensic Lab
Top View A certain solution for the
all-functionality digital forensic lab by
SalvationDATA
11
Digital Forensic Lab Setup (2/2)
Digital forensic Lab can be of any design, but
some important areas which needs to be ensured
before setting up any Digital forensic Lab

• Base list of requirements before setting up any
  Digital Forensic physical setup.
• Isolated Infrastructure of Digital Forensic
• Case Acceptance
• Evidence Preservation Locker
• Evidence Storage (NAS, Data Center)
• Digital Evidence Repairing
• Data Recovery Zone
• Computer Forensic Zone
• Mobile Forensic Zone
• Audio Forensic
• Video Forensic
• Digital Evidence Analysis Display center
• Conference Room for discussion
• Separate and Isolated Report generation
• machine for tacking of investigators.

12
Software Requirement
13
Software Requirement (1/2)
List of software's that are required while
conducting a digital forensic investigation, note
the mentioned data and estimated price are as of
July 2022.
S. No Suggested Software's Suggested for Estimated Price Description
1 DEFT (Digital Evidence Forensic Toolkit)SIFT (SANS investigative forensic toolkit)CAINE (Computer Aided Investigative Environment) Computer / Laptop / Mobile Forensic Free A live GNU/Linux distribution of free software based on Ubuntu for uses related to Computer Forensics containing an ISO image which is used to perform Imaging, analysis, and reporting.
2 DUMPIT / RAMMAP/ RAM CAPTURE / Volatility Computer / Laptop Memory Forensic Free Tool use to perform Memory forensic of Computer / Laptop.
3 Oxygen Forensic Detective Mobile Forensic 6000 Tool use to perform live imaging, and live data extraction from Android devices.
4 Smart Phone Forensic Pro (SPF) Mobile Forensic 4000 SPF Pro (Smart Phone Forensic System Professional) is a forensically sound system for extracting, recovering, analyzing and triage data from mobile devices
5 MOBIL edit Forensic Express Pro Mobile Forensic 5000 Extract and deeply analyze phone content including deleted data, application's data, passwords, geolocations
6 Access Data FTK Suite Computer / Laptop Forensic 6000 Create full-disk forensic images and process a wide range of data types from many sources, from hard drive data to mobile devices, network data and Internet.
7 Encase Forensic Computer / Laptop Forensic 4000 EnCase Forensic allows users to uncover hidden, deleted, or modified evidence from multiple sources such as computers, social media platforms, cloud services.
14
Software Requirement (2/2)
List of software's that are required while
conducting a digital forensic investigation, note
the mentioned data and estimated price are as of
July 2022.
S. No Suggested Software's Suggested for Estimated Price Description
8 Magnet Axiom Computer / Laptop / Mobile Forensic 3000 Magnet AXIOM quickly processes and readies evidence from smartphones and computers into one case file. The examination tools help forensics professionals to recover and examine evidence in a case file.
9 Cellebrite Mobile Forensic 15000 Cellebrite is law enforcement and digital intelligence leader that manufactures transfer, analysis data extraction devices for mobile smartphones.
10 SIMCon SIM Forensic 0 SIMCon is one of the best utilities for a forensic analysis of SIM cards. It had a low price and for government organizations, military, and police, it was provided free of charge. Besides its impressive functionality, SIMCon, from some SIM cards, can extract data protected by PIN code. For example, phonebook.
11 Dekart SIM Explorer SIM Forensic Freeware Dekart SIM Explorer is an intelligent SIM card processing tool, designed to view and edit the contents of GSM SIM, 3G USIM or CDMA R-UIM cards. Besides viewing and editing, the application can scan a SIM card in order to reveal unknown files