Chapter II

Komputer Forensik

Physical Security Needs of a Forensic Lab For a forensic lab, security is paramount. The following are some of the physical security considerations of a lab: Access to emergency services: There should be easy access to emergency services, such as the fire department. Emergency service vehicles must be able to easily access the site and the buildings on the site. The site must also have an area that allows for shipping and receiving without compromising the physical security measures of the lab. Lighting at the site: The site must have proper lighting designed to augment security and discourage vandalism and unauthorized access to the lab. It should be similar to the campus lighting of a university that conducts night classes. Physical environment of the lab: The following design features should be avoided: ď‚› Bushes within 10 feet of the lab premises ď‚› Clusters of bushes around the premises ď‚› Tall evergreen trees

Structural design of parking: The parking lot of the lab must be divided into certain levels. These are a few recommendations for designing the levels of parking:  Level 1: Unsecured level that must be close to the visitor’s entrance  Level 2: Partially secured and fenced-in area used for shipping, biological and toxic waste pickup, and various other activities that require minimum security  Level 3: Secured place where staff can access the lab at any hour of the day and that can be accessed using only proximity keys or card keys  Level 4: High-security area that only authorized personnel can access and that security personnel monitor

Physical Security Recommendations Basic Requirements Basic security needs, such as keeping a log register at the entrance of the lab, should not be overlooked. The log register should contain the following information for each visitor: • name of the visitor • date and time of the visit • purpose of the visit • name of the official the visitor has come to see • place the visitor has come from • address of the visitor

Fire-Suppression Systems The following are some fire-suppression systems that should be in place in a forensic lab: ď‚› Dry chemical fire extinguisher system to deal with fires that occur due to chemical reactions ď‚› Sprinkler system that should be checked frequently to make sure it is still working Fire extinguishers should be placed within and outside the lab. Before the fire extinguishers are in place, the lab personnel and the guards should be given instructions on how to use them so that in case of a fire the trained staff will know how to use the equipment effectively.

Fire Safety Fire can be disastrous in a forensic lab. Any electrical device can be a source of fire, though this does not generally happen with computers. On a few occasions, short circuits can also damage cables. These short circuits might even ignite flammable items close by. Fires may break out in computers if the servo-voice coil actuators in a hard drive freeze due to damage in the drive. If the actuators freeze, the head assembly stops moving. The internal programming of the disk tries to force the head assembly to move by applying more power to the servo-voice coil actuators. The components of the drive can handle a certain amount of power before they fail and overload the ribbon cable connecting the drive to the motherboard. These ribbon cables do not respond well to excessive power. High voltage passed through a ribbon cable causes sparks to fly.

Work Area of a Computer Forensic Lab The forensic lab should be built in an area where human traffic is light. An ideal lab consists of two forensic workstations and one ordinary workstation with Internet connectivity. The number of forensic workstations varies according to the number of cases and processes handled in the lab.

General Configuration of a Forensic Lab A forensic lab should have the following: ď‚› Workstations: A forensic lab should have both forensic and nonforensic workstations for investigative purposes. There should be ample space in which to disassemble a workstation if the need arises during the investigative process. ď‚›

UPS: Power failure during an investigative process can be costly for an investigator. The need for an uninterruptible power supply (UPS) arises as a preventive measure. Separate backup power generators are recommended for a forensic lab. Any electrical connections should be monitored, as any fluctuations in voltage may also disrupt the power supply or damage electrical equipment.

Required Forensic Tools • • • •

Storage Bags (Wireless storage bag, Passport bags) Remote Chargers Write Block Protection Devices Data Acquisition Tools (Cables, Rapid action imaging devices (RAIDs),SIM card readers, Video-capture devices)

Forensic Archive and Restore Devices Mobile Forensic Laptops Forensic Workstations Imaging Workstations (drives, CDs, DVDs, USB drives, and


• •

media cards.)

Type of Investigations                 

Child pornography and sexual exploitation Use of e-mail, instant messaging, and chat Computer hacking and network intrusion Copyright infringement Software piracy Intellectual property disputes Identity theft Online auction fraud Credit card fraud Other financial frauds and schemes Telecommunications fraud Threats, harassment, and/or stalking Extortion and/or blackmail Online gambling Drug abuse and/or distribution Employee or employer misconduct Theft, robbery, and/or burglary

