Skip to main content
Val’s blog

Learn Computer Forensices Section 2: The Forensic Analysis Process

·530 words·3 mins·
Book
Valentin B
Author
Valentin B
Focusing on mastering penetration testing and digital forensics
Table of Contents
Learn-Computer-Forensics - This article is part of a series.
Part 0: William Oettinger - Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence, 2nd Edition
Part 1: Learn Computer Forensices Section 1: Acquiring Evidence
Part 2: This Article

1 Introduction
#

In this chapter we will be going through the forensic analysis process which will enable you to conduct an efficient investigation. Without this process you will waste time examining data. It is also important to be familiar with the tools you use as getting valid results are important when deployed. Finally, critical thinking will determine the best investigation or exam method.

The forensic analysis process is made up of five subsets:

  • Pre-investigation considerations
  • Understanding case information and legal issues
  • Understanding data acquisition
  • Understanding the analysis process
  • Reporting your findings

2. Pre-investigation considerations
#

The pre-investigation determines your capabilities and equipment requirements such as hardware, personnel, and training budget. Your equipment will need to adapt to the changes in methods of hiding data or conducting criminal activities which will require adjustments during an investigation.

2.1 The Forensic Workstation
#

Questions such as what CPU, RAM, SSD and OS you can use and these don’t come cheap. There is the option to build your own workstation or pre-made forensic workstation which high ends comes with:

  • Dual Intel Xeon Gold 5220 18-Core processors
  • 128GB DDR4 RAM
  • 1TB SSD for the operating system
  • 1TB M.2 NVMe SSD for temporary files and processing
  • 2TB M.2 NVMe SSD for databases
  • Eight 6TB hard drives configured in RAID 10 for evidence
  • A 30-series GDDR6 Graphics Processing Unit (GPU) such as the NVIDIA RTX 3070 or 3080 A common bottleneck is data transfer which an SSD is ideal for speeds compared to a HDD, also CPU and RAM is important when performing forensics analysis. You may not be able to take your workstation everywhere which a forensics laptop might be ideal.

Sometimes you must leave the lab, which means additional portable equipment will be required in a response kit

2.2 The Response Kit
#

Digital evidence is not always delivered to your workspace, sometimes you will need to respond to a third-party location to acquire evidence. You will need the proper tools to accomplish a full diagnosis which will require a response kit.

This will include but not exclusive to documentary paperwork, pens, and storage containers for digital evidence. This kit is unique to each individual forensic investigator. No kit is perfect; all kits is subject to improvement which may include:

  • Digital camera: Used to document the scene upon arrival, which if testifying in official proceedings, you will need to be factual as to what you saw as you arrived. Some organizations require all actions performed by the forensic investigator to be recorded as they collect digital evidence
  • Latex or nitrile gloves: This protects you from biohazards, leaving fingerprints
  • Notepads: Used to document your actions on the scene, perfect to maintain information such as who you talk to, who secured the scene, basic facts of the case. A sketch may also be required depending on your organization’s policies
  • Organizational paperwork: Property report for seizing evidence, and it lists exactly what was taken, where it was taken from, and any specific identifying marks or serial numbers on items.
  • Paper storage bags/antistatic bags: Used to store digital evidence to avoid unauthorised access or static electricity from being generated which can damage components.

🚧 Writing under construction 🚧

Learn-Computer-Forensics - This article is part of a series.
Part 0: William Oettinger - Learn Computer Forensics: Your one-stop guide to searching, analyzing, acquiring, and securing digital evidence, 2nd Edition
Part 1: Learn Computer Forensices Section 1: Acquiring Evidence
Part 2: This Article

Related

Learn Computer Forensices Section 1: Acquiring Evidence
·1248 words·6 mins
Book Digital Forensics Digital Evidence Investigation Process Forensic Tools Forensic Methodology Response Kit Data Acquisition Legal Compliance Career & Training Cybercrime
1 What is Digital Forensics # In the 21st century where everything in life is connected to an electronic device ranging from doorbells, smartphones, and social media.