Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Jamesfl
New Today: 0
New Yesterday: 2
Overall: 29378

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 IE11 and Keywords
 Disk Image
 ZERO DAY EXPLOIT
 Senior Cyber Forensic Incident Response Consultant -Cambs UK
 A question for students and newbies

Computer Forensics World Forums


Pages Served
We received
51853031
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Help to setup computer forensic investigation team
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Help to setup computer forensic investigation team

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues
View previous topic :: View next topic  
Author Message
anuar653
Newbie
Newbie


Joined: Jun 01, 2017
Posts: 2

PostPosted: Thu Jun 01, 2017 4:57 pm    Post subject: Help to setup computer forensic investigation team Reply with quote

Hi

I have got some trouble in my workplace right now. Iím working at administrative department in private hospital. There was one major incident involving data theft and unauthorized disclosure of sensitive information that caused lawsuit which causes my hospital lost lot of money. We know that the culprit behind this incident is one of our staff, but we do not have evidence to pinpoint who has done it. The culprit had breach our server and steal those information.

Due to that incident, my hospital wants to setup digital forensic investigation team to ensure that the similar cases would not happen again in the future. I have zero knowledge on digital forensic investigation process therefore, I would like to as solution on:
1) what I need to do first to setup this investigation team
2) Is there any best practice regarding digital forensic investigation process that I can follow.
3) Job description of this team
4) Any tools that this team can use
5) Other input that might help me

I hope a response from all of you regarding this issue and maybe with your ideas/comments and solution can solve my cases.
Thank you


Last edited by anuar653 on Fri Jun 02, 2017 10:41 am; edited 1 time in total
Back to top
View user's profile
john9989
Newbie
Newbie


Joined: Jun 01, 2017
Posts: 1

PostPosted: Wed Jun 14, 2017 11:37 am    Post subject: Reply with quote

We seem to get a post about "How do I get into computer forensics?" everyday and no one seems to look at the previous posts, so I'm going to summarize the options when it comes to Certifications and Training...

Online training is always an option! Especially the CCE bootcamp. You can take it either from ISFCE's website (cftco.com) or from Kennesaw State University at kennesaw.edu/coned/sci/index.htm

Or if on a Linux platform, have them check out ftp .hq.nasa.gov/pub/ig/ccd/linuxintro/ - a Law Enforcement introductory guide to forensics with Linux. Written by Barry Grundy of NASA (yes, the space people).

Continuing on the Linux platform they could try Autopsy (a free forensic web browser front end for The Sleuth Kit) - both available for free at sleuthkit.org/

There are also a number of good pdf intro to forensics out there such as:

CERT First Responder Guide to Computer Forensics available at sei.cmu.edu/publications/documents/05.reports/05hb001.html

CERT First Responder Guide to Computer Forensics - Advanced available at cert.org/archive/pdf/05hb003.pdf

Investigations involving the Internet by NIJ available at ncjrs.gov/pdffiles1/nij/210798.pdf

National High Tech Crime Unit (UK) computer forensic guide available at devon-cornwall.police.uk/v3/pdfstore/ElecEvid.pdf

And then you have sites like forensicswiki.org/ Note the "s" at the end of forensic otherwise you end up at the wrong site.

And sites from people like Dan MARES (http://www.maresware.com/) and Paul SANDERSON (sandersonforensics.com/) who both offer free tools along with paid ones, and both have a plethora of links to other resources.

Personally I would not recommend them to jump into Brian Carrier's book as an intro into the world of forensics. It's an excellent resource for filesystems. But it may be a bit much for someone looking to get their feet wet.

With all of the above it's plenty to get someone introduced to the world of computer forensics. Some of the PDFs may be slightly dated.

But even so the principles will generally still be applicable.

Certifications

Civilian Certs....

CISSP - isc2.org

GCFA - giac.org/certifications/security/gcfa.php

CCE - certified-computer-examiner.com/

CCFT - htcn.org/cert.htm

EnCE - guidancesoftware.com/training/ence/index.asp

ACE - accessdata.com

Law Enforcement / Government only Certs....

CFCE - cops.org

CEECS - cops.org
Back to top
View user's profile
JamesBradford
Newbie
Newbie


Joined: Jun 13, 2017
Posts: 1

PostPosted: Wed Jun 14, 2017 11:41 am    Post subject: Re: Help to setup computer forensic investigation team Reply with quote

anuar653 wrote:
Hi

I have got some trouble in my workplace right now. Iím working at administrative department in private hospital. There was one major incident involving data theft and unauthorized disclosure of sensitive information that caused lawsuit which causes my hospital lost lot of money. We know that the culprit behind this incident is one of our staff, but we do not have evidence to pinpoint who has done it. The culprit had breach our server and steal those information.

Due to that incident, my hospital wants to setup digital forensic investigation team to ensure that the similar cases would not happen again in the future. I have zero knowledge on digital forensic investigation process therefore, I would like to as solution on:
1) what I need to do first to setup this investigation team
2) Is there any best practice regarding digital forensic investigation process that I can follow.
3) Job description of this team
4) Any tools that this team can use
5) Other input that might help me

I hope a response from all of you regarding this issue and maybe with your ideas/comments and solution can solve my cases.
Thank you


Hi
To setup investigation team, one of the considerations that your company needs to think about is on setting up electronic evidence forensic lab. This is to analyze the finding. If your company decides to outsource then it should be no problem. But, if you decide to have your own forensic laboratory, there are several parts that make up a forensics laboratory:

Physical requirement
- Physical floor space will be dictated by the size of the group that will occupy it.
- The space should be in a secure location or contain appropriate measures that will stop unauthorized access to the premises
- The seized equipment, as well as official certified evidentiary copies of seized data, will be stored in this vault and, with the appropriate enforced sign-out/in procedures
- There also needs to be adequate lockable storage space for various specialized equipment

Hardware requirement
- A number of computers is required, including a network server with large storage capacity
- This server will be used to manage, document and administer cases, store various software tools, and manage one-off specialist hardware.
- The hardware that must be managed will include, for example, devices like Rimage CD production units, CopyPro floppy disk readers, printers, etc. The evidentiary copy of seized data is usually written to CD or DVD and, because of the large capacity of current hard drives, this can be a time-consuming process. The Rimage, and other units like it, make it possible to create,
- Portable acquisition computers (the kit) will be required. Ideally, each should be configured identically with the standard forensics suite of tools and removable hard drives (the same standard hard drives as above) of various capacities. Each kit should have a robust carrying case that can accommodate extra hard drives, an array of associated connection plugs and converters, and a hard drive write blocker such as FastBlock.

Software requirement
- The standard forensics software packages, such as EnCase, Forensics Tool Kit, Password Recovery Tool Kit, etc,
- However, the software tools that are used comprise a far wider range that just as above. Many are freeware and many are not. No single tool performs the entire job of forensics acquisition, analysis and reporting, so we tend to use the right tool for the right task

Procedural requirement
- Methods and procedures are an important part of operating a successful forensics laboratory.
- The main issues that can and usually are attacked when evidence is presented in a court of law are credentials and methodology.
- close attention must be paid to strictly following and documenting the methodology formally adopted by the lab in the acquisition, analysis and reporting processes.
Hope this will help. Cheers!
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> General Computer Forensic Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. © 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.