National standards
National standards provide a platform upon which computer forensic laboratories operate in the US (Nelson, Phillips & Steuart, 2010; Easttom, 2014). They are aimed to achieve practical and realistic computer forensic laboratory goals. All computer forensic laboratories in the US have to adhere to the national standards before they could be certified (Easttom, 2014).
The standard 1.3.3.1 provides essential information that is crucial for developing technical skills for personnel. The standard 1.4.2.6 outlines emerging technical procedures that should be fulfilled by computer forensic laboratories. The standard 1.4.2.8 provides a framework within which samples are handled in a computer forensic laboratory.
The standard emphasizes documentation that is aimed to maintain a high degree of the validity of the laboratory procedures. The standard 1.4.2.11 offers approaches that should be adopted to certify laboratory equipment and instruments. The standard also aims to ensure that adequate instruments are utilized to carry out laboratory procedures. The standard 1.4.2.12 offers guidelines that should be adhered to when maintaining computer forensic laboratory equipment and/or instruments.
All instruments and/ equipment should be maintained in a way that promotes safe and valid analysis. All testing laboratories should be certified to operate upon meeting the requirements of the standard 1.4.2.13 that offers the framework for calibration of equipment and/instruments. Finally, the standard 2.11.4 aims to ensure that all technical personnel of a computer forensic laboratory pass a mandatory competency test before a laboratory could be certified (Easttom, 2014).
Laboratory components
There are 5 main categories of components that are used in computer forensic laboratories (Nelson et al., 2010; Easttom, 2014). First, computer forensic laboratories should have specific facilities that are utilized to ensure secure working environments.
The environments could be achieved by adopting controls that prevent unauthorized access to digital information stored in computer systems. Second, laboratory configuration is an essential component of computer forensic laboratories that aim to put in place the required furniture and furnishing.
The following examples of configuration components are common in many computer forensic laboratories: desktops, bookcases, evidence safe or locker, LAN and server stations, storage shelves, and forensic software. Third, the equipment used in a computer forensics laboratory may depend on the type of operating systems, storage capacities of computer hard disks, tape media, and the type of forensic investigation mainly conducted in a laboratory.
Fourth, the software components used in the laboratory could be designed locally or purchased from commercial software developers. These are crucial programs that are used in data capture and analysis, among other uses. Fifth, reference materials offer excellent resources that professionals refer to when in need. The resources provide relevant answers to questions with regard to digital evidence and procedures (Easttom, 2014).
Working conditions
Working conditions of personnel in computer forensic laboratories differ from one facility to another. Technicians are involved in collecting and analyzing digital evidence. They could either investigate crime in the field or in the laboratory (Nelson et al., 2010). In most cases, forensic science technicians spend a considerable amount of time writing reports in the laboratory.
Although computer forensic experts work during normal business hours, they could be called upon to investigate urgent crimes within their areas of jurisdiction outside normal working hours. Crime scene investigators and experts in computer forensics appear in court as expert witnesses who provide detailed and specialized evidence regarding computer-related crimes (Easttom, 2014).
Standard laboratory equipment
Standard computer forensic equipment is used to support standard procedures and conditions in the laboratories. The equipment makes it possible for many computers used within the context of digital evidence investigations to be used along similar methods on each occasion (Nelson et al., 2010).
A mobile forensic workstation is used to collect digital evidence in the field. The equipment is also utilized to analyze suspected computer data. The rapid imaging device is an essential device used to copy suspect hard drives found in computers used to commit crimes. The equipment copy and retain the integrity of the data found in the hard disks. Interceptor equipment supports wireless networks that support airborne communications.
The equipment captures crucial contents of airborne communications in static and mobile locations. This is important because computer forensic experts have adopted the use of wireless networks to gather, analyze and store computer evidence (Taylor, Haggerty, Gresty & Lamb, 2011). In addition, forensic workstations could be used in the laboratory for the analysis of data obtained from the laboratory (Nelson et al., 2010; Easttom, 2014).
Tools
Computer forensic investigations involve the use of specific tools used in the analysis of computer memory (Easttom, 2014). The analysis is important because it identifies digital evidence hidden in computer memory devices like hard disks. MemGator interrogates files in a computer in order to isolate crucial evidence.
It gives a report to an investigator who decides the value of the information obtained. Memoryze is used to obtain memory from Microsoft Windows-based computers. In addition, the tool analyzes live memory in a running computer. Computer forensic investigators use PTFinder to search a memory of a computer that uses a Windows operating system. It identifies important threads and processes that can be placed into a file for further analysis.
References
Easttom, C. (2014). System forensics, investigations, and response (2nd ed.). Burlington, MA; Jones and Bartlett Learning.
Nelson, B., Phillips, A., & Steuart, C. (2010). Guide to computer forensics and investigations. Stamford, CT: CengageBrain. com.
Taylor, M., Haggerty, J., Gresty, D., & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.