You should have read our previous article, Starting a Career in Digital Forensics. This article will give you a solid understanding of resources that can help you gain foundational knowledge in different areas of digital forensics. This article will focus on the experience required to get a job in digital forensics, and how to set up a home lab to use the techniques.
You will be able to communicate clearly during interviews and understand why certain data is important during digital forensics investigations. Let’s now set up a home lab.
Establishing a Home Lab Environment
There are many ways to set up your home lab. However, we will focus on the most cost-effective and affordable way to do it. Open-source tools are available, so you don’t need to spend any money on the software or virtual machines required for your lab. If you don’t have one, the only thing that might be required is a computer with at minimum 12GB RAM and an up-to-date i5 processor.
You will need a hypervisor in order to host your VM’s, such as Oracle VM VirtualBox and VMWare Workstation Player. VMWare Workstation Pro is an option if you are willing to spend a little more. VMWare Workstation Player is not free and you can’t take snapshots of your VMs. VirtualBox is also available for free and will allow you take snapshots. VirtualBox is what I use, and I have never had any problems using it. VirtualBox is my recommendation as a free hypervisor. Below are the links to each one:
Learn how to become a security expert with SPOTO’s Cybersecurity Training
Start training We recommend you purchase a Windows 10 machine. These machines are Edge developer versions, so they have a short life span. They are great for learning how to acquire Windows images and extract volatile data from Windows systems. These are available here:
A Linux VM is also required to perform forensic tasks. SIFT Workstation is highly recommended because it comes preloaded with many useful tools. You can find this here:
Either you can download the pre-built.ova from SANS or you can install it directly on top of an Ubuntu desktop. Both methods can be found at the link.
We recommend that you download and install the Skadi Server in addition to the machines already mentioned. This will greatly assist in the collection and analysis volatile data on a computer system. It provides a collection executable (CyLR.exe) as well as a Kabana instance for data analysis.
The Windows 10 and Linux VM virtual machines are all you need. You should set up the VMs so they can communicate with one another. This will allow you to get the information you need directly from each VM, without having to use your host. You can find instructions on how to set them up in VirtualBox here.
What do you gain from a lab environment?
This question can be answered by simply practicing digital forensic techniques and learning how to communicate intelligently about them through their practical application.
We’ll be covering some of the simplest techniques that can be used in a lab environment. Also, we’ll discuss where files can be obtained to analyze and what tools are available.
You will need to be familiar with the tools required to perform various digital forensic techniques. There are many tools already installed on SIFT Workstation, as we have stated. There are also Windows tools that can be used during an investigation to extract useful information.
What Techniques Can You Learn in a Laboratory?
You must always be prepared for any digital forensic investigation.