How to set up a digital forensics lab
Infosec Skills author and Paraben founder and CEO Amber Schroader talks about how to quickly and inexpensively set up your own home digital forensics lab.
0:00 - Creating your digital forensics lab
1:00 - Benefits of your own digital forensics lab
1:40 - Space needed for digital forensics lab
2:30 - Essential hardware needed for a forensics lab
5:01 - Important forensic lab upgrades
5:42 - Running your forensics lab
6:51 - Forensic lab projects
7:35 - Getting into forensic labs
8:04 - Outro
Transcript
[00:00:00] Chris Sienko: When it comes to digital forensics, book study can only take you so far. You're starting to sweat a little because the exam is coming up and you know you need some uninterrupted time to learn by working with real digital forensics tools. I'm happy to say that Amber Schroader, CEO of Paraben, is going to tell you how to quickly and inexpensively set up your own home digital forensics lab. It's a Cyber Work hack.
[00:00:26] CS: Welcome to a new series of short videos from InfoSec. The purpose is to give you quick, clear, and actionable answers to the questions that you have about learning cybersecurity. So today's guest is InfoSec skills author and Paraben Founder and CEO, Amber Schroader. Amber's main episodes of our Cyber Work Podcast, she's done two so far, plus a bonus, are among our very most popular episodes on the site. Today, Amber is going to walk us through something that I think a lot of you are going to be interested in, setting up your own home digital forensics lab.
Welcome, Amber.
[00:00:59] Amber Schroader: Thanks for having me.
[00:01:01] CS: So Amber, what are the main tasks one can do or practice with one's own digital forensics lab? Yeah. How does setting up your own lab helped you with your learning your study or practice of digital forensics?
[00:01:13] AS: I think it gives you an immediate experience point because a lot of times, it's hard to get into the point where you're doing field work in an organization. Perhaps if you do consulting on the side, this lets you actively apply what you're practicing in a regular job. I always heard that you don't make your primary retirement in your job. It's what you do after hours that really kind of makes that impact, and you can do that with a digital forensic lab at home. Just a lot of people don't think they can put it together.
[00:01:39] CS: Right. So this is something you can realistically create at home. Is that something – Like how much space or resources does something like this require?
[00:01:47] AS: It’s really just about having a private home office, and I say that it would be very difficult to do it probably, hey, it's part of my bedroom. You start losing a little bit of integrity there. But if you have a private separate room, that is your home office, you can maintain proper chain of custody, you can maintain all of your evidence, and you can still keep your equipment separate. So you know that you're able to maintain the best practices, which is what we have in digital forensics. It's a little different than some of the other InfoSec areas.
[00:02:12] CS: Okay. So this is definitely not a I can do it on mom's kitchen table kind of thing. You do need your own dedicated area.
[00:02:17] AS: You do need a dedicated area, absolutely. You need somewhere you can actually secure it. I think one of the first things you buy is actually a safe, believe it or not. It doesn't have to be huge, but you have to have somewhere where you can put your evidence to control it when you aren't physically with it.
[00:02:31] CS: Got it. Well, let's talk about the safe and the other parts of it. What are the bare bones essential pieces of hardware and software that you would need to set up a digital forensics lab of your own, and can you give me a sense of like how much it would cost for a basic setup like this?
[00:02:45] AS: Well, a safe, hey, it's perfect time to get him on the sales as you don't need anything really large. But you need to be able to fit whatever type of evidence you're processing in, phones, hard drives, etc., as well as what you process to. So your copies need to go in there as well.
For what you actually need physical equipment, you need a separate machine. So you need a machine that you function as a human being on. You do your email, and then you have to have one dedicated to forensics. Depending what you're doing with that will change how powerful that machine needs to be, of course.
I also like using virtual machines. I think they're a fantastic way to do forensics when you're on a budget because you can keep all your evidence inside that virtual machine, which is a bonus to it. You need software. There are some good open source platforms. There's good purchase platforms. Then if you're doing computers, you really need right blockers.
If you're doing phones, you need something that you can do as a Faraday cage. My budget-friendly Faraday cage is you go into Goodwill or other type thrift stores and buying an old microwave oven, cut the cord off the back, and it is a Faraday cage, a known fact. I know it's like a $10 Faraday cage. But who doesn't want a $10 Faraday cage?
[00:03:49] CS: Yeah. Can you talk more about that? What is that – How does that work?
[00:03:54] AS: So a Faraday cage really is just to block all the signals going into it. When you process smartphones and any type of mobile devices, you've got to control the signal with the device. So that's the best way to store it. Even though it's powered off, you never know what's going to happen. So you want to make sure you're maintaining that best chain of custody, and a great way to do it is that microwave. Just remember to cut off the power cord because someone accidentally has, of course, put it in there.
[00:04:14] CS: Oh, of course.
[00:04:15] AS: Yeah, you know. Then there was a fire, and it was bad. That's a bad lab practice, so yeah.
[00:04:20] CS: Again, just to reiterate, you made it clear, but I want to make sure I understand. Like if you're doing digital forensics at home with your own lab, you have to be doing it on a system that does not intersect with your personal computer work. Does it have to be sort of like cut off from like Wi-Fi, the Internet and everything?
[00:04:40] AS: Yeah. You can keep it on the Internet. Nowadays, tactics have changed. So you can do that. You think of how mobile's work, and you have to get new drivers, things like that. If I'm actually working on an active examination, I might disconnect for the Internet for that time period while I'm doing my analytics, that type of thing. But it's not quite the cone of silence level. It used to be back in the day. Now, you have a little bit more flexibility.
[00:05:02] CS: Are there any like tools or upgrades that you would consider as like upgrades if you feel like you have like the bare bones one, you got the cordless microwave, and all of the pieces for stage one? If you feel like you're getting really good at it, are there things that like make it easier or more convenient, if you have a little extra money spent?
[00:05:22] AS: I think go into getting a disc duplicator. That, obviously, is nice because it has a lot more of the automated price process with it. Some of those allow you remote examinations, which is fantastic, especially where everyone is kind of everywhere. But I would upgrade my software, and I know it's lame, I always upgrade my RAM. You can never have too much RAM in a machine. I really truly believe that.
[00:05:41] CS: Yeah. I agree. Yeah, yeah, yeah. So without showing your physical walkthrough here, what are the basic steps to get all of this hardware and software connected and running smoothly?
[00:05:54] AS: So the biggest part is I actually keep two separate workstations in my lab. They don't have to be big. I take old kitchen tables, whatever it may be, because I like to make sure when I'm doing forensics, I'm focused on that. Not, “Hey, let me go answer this email,” do anything like that. I kind of switch back and forth, so I like an L configuration. I keep all of my stuff catalogued.
I also have a camera, which I didn't mention earlier. But when I do evidence intake, I always make sure I take photos of everything because I want to document everything. That's a big part of digital forensics that’s different from the rest of InfoSec is we have to take a lot of notes because we want to make sure we’re not going to –
[00:06:29] CS: Is this like a standalone digital camera or a phone camera?
[00:06:32] AS: Yeah. I have one that's actually on an arm. It's connected to the table, and I have a an orange pad that sits underneath it that's actually part of a yoga mat. They're great because they're soft. It's great to put evidence on. It's not going to damage it. I just take pictures as it comes in because I've got my date time stamps, everything else. All comes apart is chain of custody.
[00:06:51] CS: So what's the first thing you would do with a basic digital forensic lab once you got it set up? Can you suggest a first project that you could use to get your hands dirty?
[00:06:59] AS: I always like your first project to make sure you're practicing all of your proper handling and everything else is I always did my kids. I made sure all of my equipment was working based on processing through a family member. Never your spouse or significant other. That gets really kind of awkward.
But I do my kids’ stuff. So I process it that same way. I said, “Here's the receipt.” Make sure if I'm doing at home, everyone knows when something comes in via FedEx or UPS and is marked as digital evidence that they're not handling it. They're not opening it because it's kind of training the people you're working with if you are doing it at home. So it's getting everyone used to that workflow.
[00:07:35] CS: Gotcha. So as we wrap up here, do you have any tips for our listeners who are wanting to get started and make the most out of their new digital forensics labs?
[00:07:43] AS: I think that they also need to work on paperwork. I know this is a part no one ever talks about, but you've got to have a set chain of custody, a letter of engagement, all the different protections that you put in place and usually a lot of different organizations. I myself share mine with others because, again, we don't all have to fund lawyers. We might as well share.
[00:08:01] CS: Yeah. All right. So for our listeners who are ready to get back to their studies, with their new tools and their new lab here, I'll just mention that you can find more of Amber Schroader on the InfoSec skills platform. So if you go look for our digital forensics section, you will find Amber's work all over there. So, Amber, thank you again for your time and insights today.
[00:08:23] AS: Thank you very much.
[00:08:24] CS: Thank you all for watching this episode. This is the first – This the early – [inaudible 00:08:29] again. This is the start of an ongoing series of videos and we have lots more to come. So make sure to subscribe and check back. Until then, we'll see you soon.
[00:08:38] CS: Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12 most in-demand cybersecurity roles. I ask experts working in the field how to get hired and how to do the work of these security roles, so you can choose your study with confidence. I'll see you there.
Subscribe to podcast
How does your salary stack up?
Ever wonder how much a career in cybersecurity pays? We crunched the numbers for the most popular roles and certifications. Download the 2024 Cybersecurity Salary Guide to learn more.
Weekly career advice
Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.
Q&As with industry pros
Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.
Level up your skills
Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.