Forensics Toolkit - Paiet/Tech-Journal-for-Everything GitHub Wiki

Forensics kit

• Digital forensics workstation
  • Plenty of horsepower
  • Can build your own
  • Can purchase dedicated forensic workstations from 3rd party vendors
  • Forensic software
• Write blockers
  • Keeps drives from being written back to
    • Blocks write permissions
      • Hence "write" blocker
  • Software and hardware versions
    • Software
      • https://github.com/msuhanov/Linux-write-blocker
    • Hardware
      • https://www.guidancesoftware.com/tableau/hardware/tx1
• Cables
  • Network
  • USB
    • Mini, Micro, C
  • Display
  • Lightning
  • Apple 30-pin dock cable
• Drive adapters
  • IDE to Sata
• Wiped removable media
  • Properly wiped!
    • Show Macbook disk utility
  • Of sufficient size
  • Includes...
    • External HDD
    • USB Flash drives
    • Blu-Ray
    • Portable NAS
• Cameras
  • Can quickly document the crime scene
• Crime tape
  • Cordon off the crime scene
• Tamper-proof seals
  • http://www.seals.com
• Documentation/forms
  • Chain of custody form
  • Incident response plan
  • Incident form
  • Call list/escalation list