USA: +1(669)289-8683 
Sign in
I need an introduction, abstract, budget and conclusion for this paper. I am paying 25
Physical Requirement:
Several important factors should be considered in the design and construction of a forensic science laboratory. Location, security, and design are the physical aspects that will be discussed in this portion of the paper. Location includes where to place your laboratory, and weather to build, or to use an existing building. Security includes how the building should be secured, through the use of key pads, biometrics, or lock and key. Another consideration for security is physical security with a guard or cameras. Finally design of the laboratory will be discussed. Design includes workstations, floor plans and storage. It should also be noted that when constructing a forensic laboratory there is not a one size fits all design that has to be followed. Forensic laboratories will differ based on user needs. In order for the forensic laboratory to run smooth and efficient the design must support and optimize an analyst field of expertise. In addition to support and optimize, hands on experience in the field and understanding of the investigative process and knowledge of the law is also helpful (Jones,
1. Location
When considering requirements for constructing a computer forensics laboratory location is one of the main requirements. The decision to build or to use an established building is based on what the laboratory is going to be used for. Technology changes day by day and second by second therefore whatever is decided the forensic laboratory must be flexible and adaptable for those technology changes. Building or using an established office or office building are considerations that must be made based on need. Location of the building should also be part of the requirement for placement. Rural or urban setting should also be reviewed for building placement or existing structure. Another factor to be considered includes environment. Preventing unauthorized access should be a main priority, because questions of chain of custody as it pertains to evidence could be raised. The question of to build or not to build is extremely important for the location of a forensics laboratory.
2. Security
Securing the forensics lab is of utmost importance. Several factors must be reviewed in order to be sure that the digital forensics lab is secure. “Issues such as site access, proximity of secured and unsecured parking areas, and even landscaping have impactions regarding the efficiency and security of the overall site and building design (?????).” Security requirements of a digital forensic lab will vary as to need and staff. Room size, small or large is a factor. Locking storage containers are needed for evidence, shelves for software and hardware is also something to ponder. Logs and audits of evidence, hardware and software is a requirement. Chain of custody logs are another must in digital forensics. Another factor that must be observed is visitor logs. Knowing who is in and out of the facility can make a difference in a case, good or bad. If there is a disaster such as fire, flood, tornado can the lab recover from it? Is the evidence safe and secure along with hardware and software? One more piece to think about is physical security. Will there be a security guard present or will a surveillance system be established or both? Control over all security aspects is a hard task to obtain, but it should be made a priority in order to keep the case as solid as possible.
3. Design
Once a physical location has been found and established and the building/office has been secured is where the design phase can be started. Forensic laboratory design consists of 3 main categories: workstations, floor plans and storage area. Included in the design are desktops that have ample room for the forensic analysis to break down computers and work on evidence from it. There should be book cases to hold reference materials and software packages used for analysis. Storage containers or an evidence safe which is large enough to hold evidence such as hard drives, CD-ROMs, cellular phones, smartphones, laptops, storage media, and any other hardware used to pull data from as evidence. Other items to contemplate in the design of the digital forensic laboratory are floor plans. How many stations will the lab have? How many storage or evidence lockers will it have? Are there going to be bookcases to hold no evidence materials? Where will the shelves to store equipment that is not in use go? These will also very based on the type of lab and the size of the lab as well. LAN and server stations will also be needed in the laboratory in order for the analysts to work on multiple jobs and to establish a network. Space should also be considered for other computer hardware to go along with network servers. Additional data ports may be required as well as a dedicated phone line or phone lines. “Design workstations to minimize the exposure of highly sensitive materials (e.g., place computer monitors displaying sensitive information in such a way that only the case examiner can view it) (n.a., 2008).” The design of the lab will very based on the need of the operation and the size of the organization as well. There is no uniform set in stone way to design a digital forensics lab. What must be kept in mind is how it can be best designed to suit the needs of the staff responsible for completing the forensic work.
Lab proposal
In order to meet the objectives outlined above for location, security and design Team Delta makes the following proposals for constructing a computer forensic laboratory our company. First we recommend that it be understood that technology changes and it must be met with an open embrace. Doing so will limit the headaches involved and make a stressful situation at a minimum. In order to satisfy the requirement for the building and location we propose the use of an existing office building in an area that does not have much in the way of traffic around it. The existing office building will not require a new building be constructed thus our budget will be considerably lower as a result of this. Having an office building in a low traffic area will not draw attention to it and hopefully reduce damage that could result from crime and curiosity. The security requirement is the most important of the three. If you forensics laboratory is not secure you run the risk of having the case thrown out in a court of law. Kelly makes a great point when stating “If the standard is not met, allegations of tampering, sloppy practices, or unreliable use of equipment can taint your hard work. What you are protecting is the equipment and evidence that is to be used in a court of law (Kelly, 2001).” Having an existing office in an office building will allow us to have one entrance to the laboratory. This allows for easier control of who comes into our lab. The room must have floor-to-ceiling walls. For example there must not be any drop ceilings or false floors. Drop ceilings have tiles that can be popped out and false floors have the same in floor panels that can be popped out. The door to the lab must be a combination lock and key along with a keypad combination lock. Limiting access to visitors is a must. Security cameras need to be in place outside the lab and inside the main lab also. Evidence storage containers must have a camera on them as well as work stations and work benches. A sign in log of who enters the lab with date, time in and time out must be maintained at all times. We want to be as sterile and controlled just like a medical laboratory (Kelly, 2001). Next our lab requires evidence storage containers. This is where we will store hard drives and the like. The must be made of steel be secured with locks that have a limited key distribution. Making sure that policies and procedures are followed require auditing to be in place. The audits should include an inspection of the physical building itself, a check of the doors and locks, a review of log sheets, and chain of custody forms. Finally the design or set up of the lab should be as follows. Our lab is a mid-size lab that requires two storage/evidence cabinets. Only one workbench is required for our laboratory. No less than six forensic work stations should be available for use. Our forensic laboratory should also include two PC’s that have Internet/Intranet access. The final piece to the puzzle is the book cases for reference materials, software and hardware.
References:
Kelly, J. (2001). Building a computer forensics laboratory. Information systems security. Retrieved from Google November 3, 2013.
Jones, A. (n.d.). Building a digital forensics laboratory: establishing and managing a successful facility. Retrieved from Google October 27, 2013.
Mount, M., (2010). New thinking: digital forensics. Architecture and engineering facility design requirements. Retrieved from Google November 3, 2013.
Yao, W., Chu, C., Liu, B., and Li, Z. (2010). Designing a virtual lab for computer forensics. Procedings of the 14th colloquium for information systes security education. Retrieved from Google October 27, 2013.
n.a. (2008). A guide for planning and implementing a computer forensic unit. The national institute of justice. Retrieved from Google October 27, 2013.
Policy and Accreditation Requirement-
This section of the paper talks about the legal requirements that XYZ, Inc. needs to take in consideration before setting up a digital forensic laboratory that may include various accreditations. The goal of a digital forensic laboratory is to provide a safe and secure facility that supports our federal and state agencies and our legal system. Therefore different types of policies and guidelines are required. In addition, quality assurance programs are vital for forensic laboratories. Some of these programs include SWGDE, ASCLD/LAB and ISO 17025. Our team recommends XYZ, Inc keep a closer attention to these programs as they are an essential need of accreditations.
Since XYZ, Inc. is building a new digital forensic laboratory, therefore it will be required to follow all construction codes and standards depending on the location. Each state and county may have different codes to protect general public safety since each building has its own occupancy and environmental requirement. These codes are also known to be the minimum standards of design and implementation. Other than structural requirement, there are no enacted laws that may require having digital forensic laboratory accreditation but it is still a great practice to have a lab with accreditations as it may be required in court of law. There are Federal Statutes to take in consideration including Electronic Communications Privacy Act (ESPA), Cable Communiations Policy Act (CCPA), Patriot Act of 2001, and Privacy Protection Act of 1980 (PPA). Many of these acts do not affect the operation of digital forensic laboratory but there could be a problems or limitation with processing and obtaining information or even touching evidence. For example, due to invasion of privacy, ESPA establishes many limitations for law enforcement agencies to seize and access evidence. In addition, XYZ, Inc. will be required to have many operational policies including administrative policy, security policy, and other standard and procedures required by accreditation programs.
Importance of ASCLD/LAB-
The ASCLD, also known as American Society of Crime Laboratory Directory is a widely used program by many law enforcement agencies, designed to certify various type of forensic labs such as DNA, fingerprint, digital forensic and others based on how each lab is organized and managed. ASCLD was formed in 1973, sponsored by FBI as a non-profit professional society of crime laboratory directors to promote excellence in forensic science field. Through ‘self assessment,’ organizations who had overcome the challenges in improving themselves were later known as American Society of Crime Laboratory Directory/Laboratories Accreditation Board (ASCLD/LAB) (Whitcomb, 2007).
The members of ASCLD/LAB known as ‘Delegate Assembly’ are assigned administrators of accredited laboratory to certify digital evidence forensic lab. According to the ASCLD-LAB official website, the organization offers three different programs of accreditation including “ASCLD/LAB-International Testing Program, ASCLD/LAB-International Breath Alcohol Calibration Program and ACSCLD/LAB Legacy Program” (ASCLD-LAB, n.d). For the purpose of this lab, ASCLD/LAB-International Testing Program will fit for XYZ, Inc. laboratory. Since the program covers accreditation of ‘Digital & Multimedia Evidence’ testing. In addition, the program is based on ISO/IEC 17025:2005, supplemental requirement, and policies and guidelines stated under ASCLD Manual 2008.
Role of ISO/IEC 17025:2005-
ISO/IEC 17025:2005 is also an accreditation program for forensic laboratories and it has been adopted by ASCLD. Many international communities’s including U.S, U.K, Germany and others, highly support the program due to the general requirements for carrying out testing using laboratory assigned methods. Combination of ASCLD and ISO/IEC 17025:2005 has re-categorized ASCLD standards and made things that were “important” are now known as “essential” for accreditation. It is important to understand the requirements of the programs including “management requirement, document control, subcontracting tests and calibrations, service to the customer, corrective action, prevention actions, internal audits, and measurement traceability and many others” (Jones & Valli, 2009, pp. 267). These requirements means to report any types of changes in management level, qualifications, proficiency tested personnel’s, annual audit logs, and other measurable standards and policies.
Use of SWGDE and NIST-
Scientific Working Group on Digital Evidence (SWGDE) and National Information Security Technology (NIST) Handbook 150 are some procedures and general guidelines that XYZ, Inc. may want to consider for quality control. The purpose of SWGDE is to provide guidelines and instructions to maintain credibility and quality assurance via Quality Assurance Manual (QAM) for laboratories performing digital forensic examinations (SWGDE, 2012, Ver.3.0). It is important to know that QAM may be required for digital forensic lab to receive accreditation of ASCLD/LAB and ISO/IEC 17025:2005. To ensure quality control process under SWGDE laboratory manual, management and technical requirements are required to meet level of accreditation under ISO/IEC 17025. These requirements are also mentioned above. Lastly, NIST Handbook 150 has come up with some general guidelines and requirement under National Voluntary Laboratory Accreditation Program (NVLAP) for proficiency testing. This program does not provide accreditation and guidelines can be amended based on individual lab needs to improve proficiency (NIST Handbook 150, 2006). NVLAP guidelines do take in consideration of ISO/IEC 17043 and it is consistent with international standards.
How to Apply for ACLD/LAB accreditation-
References:
ASCLD-LAB, n.d. American Society of Crime Laboratory Directors/ Laboratory Accreditation Board. Retrieved from:
www.ASCLD-LAB.ORG
.
ASCLD/LAB-International Program overview 2010 Edition, 2013. Retrieved from: http://www.ascld-lab.org/wp-content/uploads/2013/09/AL-PD-3041_Intl_2010_Program_Overview_v2.2_unmked
Jones, A. & Valli, C. (2009). Building a Digital Forensic Laboratory: Establishing and Managing a successful facility. Butterworth Heinemann and Syngress Publishing Inc. MA. (pp.267).
SWGDE, 2012, SWDGE Model Quality Assurance Manual for Digital Evidence laboratorires. Ver. 3.0. Retrieved from:
https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/2012-09-13%20SWGDE%20Model%20QAM%20for%20Digital%20Evidence%20Laboratories-v3.0
Whitcomb, C.M. 2007. The Evolution of Digital Evidence in Forensic Science Laboratories. Retrieved from:
http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display&article_id=1321
Policy and Accreditation Requirement-
This section of the paper talks about the legal requirements that XYZ, Inc. needs to take in consideration before setting up a digital forensic laboratory that may include various accreditations. The goal of a digital forensic laboratory is to provide a safe and secure facility that supports our federal and state agencies and our legal system. Therefore different types of policies and guidelines are required. In addition, quality assurance programs are vital for forensic laboratories. Some of these programs include SWGDE, ASCLD/LAB and ISO 17025. Our team recommends XYZ, Inc keep a closer attention to these programs as they are an essential need of accreditations.
Since XYZ, Inc. is building a new digital forensic laboratory, therefore it will be required to follow all construction codes and standards depending on the location. Each state and county may have different codes to protect general public safety since each building has its own occupancy and environmental requirement. These codes are also known to be the minimum standards of design and implementation. Other than structural requirement, there are no enacted laws that may require having digital forensic laboratory accreditation but it is still a great practice to have a lab with accreditations as it may be required in court of law. There are Federal Statutes to take in consideration including Electronic Communications Privacy Act (ESPA), Cable Communiations Policy Act (CCPA), Patriot Act of 2001, and Privacy Protection Act of 1980 (PPA). Many of these acts do not affect the operation of digital forensic laboratory but there could be a problems or limitation with processing and obtaining information or even touching evidence. For example, due to invasion of privacy, ESPA establishes many limitations for law enforcement agencies to seize and access evidence. In addition, XYZ, Inc. will be required to have many operational policies including administrative policy, security policy, and other standard and procedures required by accreditation programs.
Importance of ASCLD/LAB-
The ASCLD, also known as American Society of Crime Laboratory Directory is a widely used program by many law enforcement agencies, designed to certify various type of forensic labs such as DNA, fingerprint, digital forensic and others based on how each lab is organized and managed. ASCLD was formed in 1973, sponsored by FBI as a non-profit professional society of crime laboratory directors to promote excellence in forensic science field. Through ‘self assessment,’ organizations who had overcome the challenges in improving themselves were later known as American Society of Crime Laboratory Directory/Laboratories Accreditation Board (ASCLD/LAB) (Whitcomb, 2007).
The members of ASCLD/LAB known as ‘Delegate Assembly’ are assigned administrators of accredited laboratory to certify digital evidence forensic lab. According to the ASCLD-LAB official website, the organization offers three different programs of accreditation including “ASCLD/LAB-International Testing Program, ASCLD/LAB-International Breath Alcohol Calibration Program and ACSCLD/LAB Legacy Program” (ASCLD-LAB, n.d). For the purpose of this lab, ASCLD/LAB-International Testing Program will fit for XYZ, Inc. laboratory. Since the program covers accreditation of ‘Digital & Multimedia Evidence’ testing. In addition, the program is based on ISO/IEC 17025:2005, supplemental requirement, and policies and guidelines stated under ASCLD Manual 2008.
Role of ISO/IEC 17025:2005-
ISO/IEC 17025:2005 is also an accreditation program for forensic laboratories and it has been adopted by ASCLD. Many international communities’s including U.S, U.K, Germany and others, highly support the program due to the general requirements for carrying out testing using laboratory assigned methods. Combination of ASCLD and ISO/IEC 17025:2005 has re-categorized ASCLD standards and made things that were “important” are now known as “essential” for accreditation. It is important to understand the requirements of the programs including “management requirement, document control, subcontracting tests and calibrations, service to the customer, corrective action, prevention actions, internal audits, and measurement traceability and many others” (Jones & Valli, 2009, pp. 267). These requirements means to report any types of changes in management level, qualifications, proficiency tested personnel’s, annual audit logs, and other measurable standards and policies.
Use of SWGDE and NIST-
Scientific Working Group on Digital Evidence (SWGDE) and National Information Security Technology (NIST) Handbook 150 are some procedures and general guidelines that XYZ, Inc. may want to consider for quality control. The purpose of SWGDE is to provide guidelines and instructions to maintain credibility and quality assurance via Quality Assurance Manual (QAM) for laboratories performing digital forensic examinations (SWGDE, 2012, Ver.3.0). It is important to know that QAM may be required for digital forensic lab to receive accreditation of ASCLD/LAB and ISO/IEC 17025:2005. To ensure quality control process under SWGDE laboratory manual, management and technical requirements are required to meet level of accreditation under ISO/IEC 17025. These requirements are also mentioned above. Lastly, NIST Handbook 150 has come up with some general guidelines and requirement under National Voluntary Laboratory Accreditation Program (NVLAP) for proficiency testing. This program does not provide accreditation and guidelines can be amended based on individual lab needs to improve proficiency (NIST Handbook 150, 2006). NVLAP guidelines do take in consideration of ISO/IEC 17043 and it is consistent with international standards.
How to Apply for ACLD/LAB accreditation-
References:
ASCLD-LAB, n.d. American Society of Crime Laboratory Directors/ Laboratory Accreditation Board. Retrieved from:
www.ASCLD-LAB.ORG
.
ASCLD/LAB-International Program overview 2010 Edition, 2013. Retrieved from: http://www.ascld-lab.org/wp-content/uploads/2013/09/AL-PD-3041_Intl_2010_Program_Overview_v2.2_unmked
Jones, A. & Valli, C. (2009). Building a Digital Forensic Laboratory: Establishing and Managing a successful facility. Butterworth Heinemann and Syngress Publishing Inc. MA. (pp.267).
SWGDE, 2012, SWDGE Model Quality Assurance Manual for Digital Evidence laboratorires. Ver. 3.0. Retrieved from:
https://www.swgde.org/documents/Current%20Documents/SWGDE%20QAM%20and%20SOP%20Manuals/2012-09-13%20SWGDE%20Model%20QAM%20for%20Digital%20Evidence%20Laboratories-v3.0
Whitcomb, C.M. 2007. The Evolution of Digital Evidence in Forensic Science Laboratories. Retrieved from:
http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=display&article_id=1321
Payingattention to the starting bugdet and the budget over the three years Here is what I propose. The lab has over 100 employees and in the next three years is looking to expand. I am requested that all hires already have their security clearance which for this lab should be top secret. Deleting this expense for new hires helps us to save our budget for other items. Here is the list that will be included in the proposal.
Personnel
Forensic Managers- Quality Manager, Operational Manager, Technical Manager and Health and Safety Manager
Computer Forensic Investigator I and II
Computer Forensic Examiner I and II
Certified Computer Forensic Technician I and II
Commuter Forensic Technician Assistant
Building Operations Employees
Training and Certification
We will provide training and continuing education for all personnel. We will have a written training document that will be approved my management. We will have a partnership with the SysAdmin, Audit, Network Security, SANS Institute who provides all training material for our personnel. This training will comply with the national standards and focus on the knowledge, abilities and skillsets necessary to conduct digital and multimedia investigation and evidence seizure. Professional development is important and these requirements will also be mandatory for all technical personnel. We encourage all investigators to join the International Association of Computer Investigative Specialist (IACIS).
Other certification we will provide to new hires as well as renewals includes:
Certified Computer Examiner (CCE)
Certified Hacking Forensic Investigator (CHFI)
GIAC Certified Forensic Analyst and Forensic Examiner
Professional Certified Investigator (PCI)
EnCase Certified Examiner (EnCE),
AccessData Certified Examiner (ACE)
Global Information Assurance Certification (GIAC).
Your team is tasked with analyzing and documenting requirements for constructing a standard computer forensics laboratory for a recently launched company — XYZ, Inc.. XYZ, Inc is experiencing extremely rapid growth with over 100 employees and continuing to hire new talent. XYZ specializes in cybersecurity related to the critical infrastructure industry.
Your team’s analysis should take into consideration physical, technical, and legal requirements related to the computer forensics laboratory. In addition, you should consider potential lab certification requirements in this requirements analysis.
After your requirements analysis is completed — your team will develop a forensic laboratory proposal for the company. This proposal should include physical, environmental, technical hardware/software, and personnel recommendations. The proposal should also include the estimated initial and projected 3 year annual costs for this new computer forensics laboratory. The budget costs should include physical operating environment, technical assets, and personnel salary costs.
The company has recently received venture funding specially for this tasking and it’s initial budget limitations for this forensics laboratory are as follows:
Initial start-up costs — $750,000
Maximum annual three (3) year operating/update costs — $575,000 per year
