What data and/or equipment to collect
This is actually a very interesting question.  Things that might stand out are computer desktops, laptops and CD/DVD-ROMs.  It is however important to look around and try to find anything that can connect to the Internet or store information.  When considering this aspect, devices such as game consoles (Wii, PS3, etc) PDAs, cell phones, MP3 players, etc should all be considered as pertinent items to properly collect for evidence.

Another item most people might not consider are printers.  Many of the enterprise printers in use today have a hard drive, a web server and various other components within them.  You must consider those items as well.

Guidelines you would need to follow to establish a laboratory
In order to know that you have a proper lab you first need to know what type of investigating will be done at your lab and who your customers will be.  In addition you need to think about the physical aspects of the facility itself.  Is there going to be enough power, what about furniture, adequate doors and locks/access.

What type of building, where will it be located and what kind of access will it have.  In addition you have to consider the work area and layout of the lab.  In addition you have to think about minimal requirements such as book racks, spare parts, necessary software, workstation, etc.

Certification for the state laboratory
According to its website, the American Society of Crime Lab Directors (ASCLD)  provides guidelines for labs wishing to seek certification and accreditation.  According to their website, for a computer forensics lab to qualify it must meet the following steps:

1. Self-evaluation by applicant laboratory.
2. Application and supporting documents filed by applicant laboratory.
3. On-site inspection by a team of trained inspectors.
4. Inspection report considered by ASCLD/Laboratory Accreditation Board.
5. One year to remedy deficiencies before final decision by the Board.
6. Accreditation review completed by the laboratory annually.
7. Full re-inspection required every five years.

These seven steps will result in accreditation for the laboratory once the application for accreditation is completed and formal auditing is requested and completed according to the ASCLD.

I believe this is a certification the state laboratory would want to receive and maintain throughout its life.

Certification for an Investigator
There is usually some argument around the actual validity of a certification.  The certification is only as good as the accrediting organization.  When considering the question of expertise, there seems to be some legitimacy to the fact that a certification may not be needed.  The certification only serves as a basis that a person has an understanding of what needs to be done, not necessarily the knowledge that comes along with actually doing it.  Having said that, I would think that someone with the expertise would also want to show that they have the knowledge to achieve a certification in their field in order to help potential clients believe in their ability to do the work.

I believe that there are various certification that should be achieved by the investigator.  There are so many out there, that the investigator should chose what would work best for them based on past experience and future assumptions.  If they use a particular product and the vendor offers a certification, they should strongly consider if it would make sense to achieve it.

The main goal is that the investigator should have a certification that is highly respected and has validity with what they are doing and plan to do on a daily basis.

Don’t Miss it!

August 2-7, Caesars Palace Las Vegas, USA
This August, The Black Hat Briefings return to the venerable Caesars Palace Hotel and Casino for another installment of the premier North American technical information security conference. Every year the lineup of presentations helps define the security headlines for the following year and 2008 will be no exception.

Technology has greatly changed how we communicate in our personal and professional lives. Whether we’re shopping on line, sending e-mail or simply browsing our favorite internet site we must be aware that prying eyes are watching. Everything we do online is susceptible to being monitored and possibly reconstructed.

Data communications travels in mainly two forms, “in the clear” or encrypted. When data is traveling “in the clear”, it means that none of the communication is confidential. The data you are sending can easily be sniffed and reconstructed in its entirety. When communication is encrypted, the data portion of your transmission is protected through a mathematical equation that only your system and the destination computer can reverse. This allows you to be assured your communication is being handled privately with no unauthorized disclosure.

Encrypting your data is extremely important for protecting confidentiality. Whenever you send an e-mail from your home computer you are sending information “in the clear.” That means that anyone “listening” on the line between you and the destination can grab the information and reassemble it. Can you imagine the amount of damage that can be done if your information contained items such as username & passwords, social security number, or credit card numbers?

Make sure you are not caught sleeping at the wheel. Ensure you are taking appropriate actions to protect your information. If possible, use an e-mail encryption program and protect yourself by shopping only at sites that use encryption which is represented by a pad lock on the web page.

Accountability within a system means that anyone using the system is tracked and held accountable for their actions.  The organization must have methods in place to hold users accountable for their actions  Accountability applies to both intentional and unintentional actions.  When a user knows they are accountable for their actions on a system, hopefully, they will tend to avoid activities that could damage that system.

Some steps an organization could take to hold users accountable is an Acceptable Use Policy, Logon Banners and the auditing of changes to objects such as files & folders.

Please post comments & questions

The Certified Information Security Manager® (CISM®) certification program is developed specifically for experienced information security managers and those who have information security management responsibilities. The CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise’s information security (IS). The CISM certification promotes international practices and provides executive management with assurance that those earning the designation have the required experience and knowledge to provide effective security management and consulting services. Individuals earning the CISM certification become part of an elite peer network, attaining a one-of-a-kind credential. The CISM job practice also defines a global job description for the information security manager and a method to measure existing staff or compare prospective new hires.

http://www.isaca.org/Template.cfm?Section=CISM_Certification&Template=/TaggedPage/TaggedPageDisplay.cfm&TPLID=16&ContentID=4528

Please post comments or questions

As the first credential accredited by ANSI to ISO Standard 17024:2003 in the field of information security, the Certified Information Systems Security Professional (CISSP^®) certification provides information security professionals with not only an objective measure of competence but a globally recognized standard of achievement. The CISSP credential demonstrates competence in the 10 domains of the (ISC)² CISSP^® CBK^®.

The CISSP credential is ideal for mid- and senior-level managers who are working toward or have already attained positions as CISOs, CSOs or Senior Security Engineers.

https://www.isc2.org/cgi-bin/content.cgi?category=97

Please post comments or questions

The Systems Security Certified Practitioner (SSCP®) credential is ideal for those working towards or who have already attained positions as Senior Network Security Engineers, Senior Security Systems Analysts or Senior Security Administrators. The SSCP designation is frequently viewed as the first step on an information security career path.

 For more info visit https://www.isc2.org/cgi-bin/content.cgi?category=98

Please post comments & questions