A Bit About Taking a Byte Out of Digital Forensics Laboratories
“…the Internet is the crime scene of the 21st century.” – Cyrus Vance, District Attorney, New York County (Manhattan)1
With the invention of new types of digital media comes the introduction of new types of crimes. The ever-present access to the internet by increasingly sophisticated mobile devices allows criminals to act anytime and anywhere. Combating cybercrime is the purview of the digital forensics laboratory—a relative newcomer on the forensic scene. What are the requirements for designing laboratory spaces that best support this ever changing section?
The general surroundings of the computer forensics section are like the other sections within a crime laboratory. The section is secure and accessible only by those who work in it. A bio-vestibule for entry, generally a place to put on personal protective gear, wash one’s hands, and provide a negative pressure zone for air flow, into the digital forensics section is not necessary but could be utilized. Finishes in the room may be different than in other sections in the building—carpeting may be used in the main laboratory space provided that it is anti-static. Specialty spaces may still require continuous flooring, particularly if they are wet areas.
Furnishing in the main laboratory space is typically accomplished with specialty furniture systems designed for computer stations. Mechanical systems can be of a recirculating type, different than typical laboratory spaces and more akin to office areas. Mechanical systems should have design concepts in place to ameliorate noise, to provide additional cooling in high computer use areas, and to allow for more laminar-type airflow into spaces where small parts and pieces are being manipulated. Digital forensic laboratories are heavily electrically supported and care needs to be taken in the preparations for clean power, multiple circuits for support, and uninterruptible power supply for power outages.
What other items continue to evolve to support computer forensic laboratories?
Data: While access to data networks is important in all laboratories, the computer forensics section will need to access both the general crime lab network and a separate, stand-alone network within the computer forensics section. Not only is the number of data drops important, but also ease of access to cabling and drop points. While data cabling trays are typically found above the ceiling, the computer forensic section is one area where locating the cabling tray below the ceiling may be advantageous for changes to data cabling. Hard wired data is a thing of the past you say? Quite often we find that while wireless technology is available to other parts of a laboratory, the needs of the digital forensic laboratories dictate the more secure use of direct cabling. Depending on the type of cable used, a wired connection can also provide faster data transfer rates than wireless connections. This is one area that will continue to change as technology evolves.
Shielding: Due particularly to the requirement for taking cell phones and other two-way transmitting devices off-grid, there is a need for areas of the computer forensic section to be shielded from communication with the outside world. There are two basic concepts for shielding, each with their own pros and cons. Some facilities may have the throughput to support, and the preference for, shielding an entire room. This requires special attention in the facility design, to build-in the shielding materials in the floors, walls, roofs, and doors, as well as shielding the room’s utility service penetrations and can be quite expensive. An alternative to the built-in approach is the use of a prefabricated shielded room assembled within the building, providing a shielding solution that simplifies the general building construction.
The second concept for addressing shielding requirements would be by the use of faraday boxes—equipment that can sit on benches. Pros of such a solution include the portability of these devices—from bench-to-bench or even the ability to utilize the unit in the field. Cons to the faraday boxes include working on a device through a gloved/portal system and limitations on the size of the enclosure. Certainly a combination of these concepts may be helpful, and the location of the facility in relation to radio frequency signals such as cell towers may also influence design approaches.
Laboratory Notification System: Based on the types of work often found in the computer forensics section of a laboratory, much of this information is sensitive in nature not only from an evidentiary standpoint, but can be disturbing to view or listen to. Tours are common in some forensic facilities and this may include the digital forensics section. While it is possible to arrange laboratory spaces to limit direct lines of sight to computer screens, notification systems are often incorporated to alert the computer forensics personnel of the presence of visitors to the section. There are many ways of providing this notification depending on access policies. If the laboratory is amenable to tours at any time, a signal light system with a switch at the entrance to the lab can be used to signal the presence of visitors in order for laboratory users to protect audio and visual materials. If access to the computer forensic section is limited to times when evidence is not actively being processed, an in use light outside the lab unit can be used to notify the lab tour guide that it is not appropriate to enter the lab at that time. Laboratory notification is also imperative in separate audio and video review rooms where an in-use light outside of those rooms is necessary for controlling entry.
Computer forensics areas will continue to evolve to keep up with the technology that is being employed for criminal activity. The design of space to support such efforts will also continue to evolve based on these changes. Computer forensics laboratories for fighting cybercrime will continue to be built in areas were none exist today. As former Attorney General Janet Reno has said, “Everybody should want to make sure that we have the cyber tools necessary to investigate cybercrimes and to be prepared to defend against them and to bring people to justice who commit it.”2
- Bray, Chad et al. “Accounts Raided in Global Bank Hack.” The Wall Street Journal. Oct. 1, 2010.
- “Exit Interview with Janet Reno.” A NewsHour with Jim Lehrer Transcript. Jan. 18, 2001 http://www.pbs.org/newshour/bb/politics/jan-june01/reno_1-18.html
Susan Halla (email@example.com) is a Senior Forensic Planner leading projects from inception to completion for Crime Lab Design providing full architectural and engineering services for forensic and medical examiner facilities worldwide.