Digital forensics and cybersecurity: Setting up a home lab
Setting up your home digital forensics lab can help you gain crucial experience in cybersecurity needed to land a job. Learning about digital forensics techniques and tools is one thing, but organizations want to know that you have the skills to put that knowledge into practice. Infosec Skills author and Paraben founder and CEO Amber Schroader has tips on inexpensively setting up your home digital forensics lab.
But what is a digital forensics lab? It is a workspace dedicated to recovering and examining digital assets and evidence found on computers, smartphones or other technical devices.
Unsure about setting up a lab and what digital forensic lab equipment you'll need? You need a little space and a small amout of funds to do it, and Schroader said the immediate experience gained from having one is crucial.
Paraben CEO and Founder Amber Schroader discusses building an inexpensive home digital forensics lab in this episode of Cyber Work Hacks.
“It's what you do after hours that makes that impact, and you can do that with a digital forensic lab at home,” Schroader says. “Just a lot of people don't think they can put it together.”
How to set up a cybersecurity lab at home
Schroader recommends a private home office, as creating a lab in your bedroom can be cumbersome. But really, any place where you can have a proper chain of custody, maintain evidence and keep equipment separate will work. Maintaining best practices is crucial in digital forensics.
One of the first places to begin is buying a safe; you need a place to put evidence like phones and hard drives when you’re away. It would be best if you had a virtual machine dedicated to forensics.
Learn Digital Forensics
“I think they're a fantastic way to do forensics when you're on a budget because you can keep all your evidence inside that virtual machine, which is a bonus,” Schroader says. “You need software. There are some good open-source platforms. There are good purchase platforms. Then, if you're doing computers, you need write-blockers," which prevent data from being written to devices while examining it.
If you are using phones, you need a Faraday cage. Schroader recommends purchasing an old microwave oven at Goodwill or another used item thrift store. Cut the cord off, and you have your Faraday cage.
But what exactly is a Faraday cage?
“A Faraday cage is just to block all the signals going into it,” Schroader explains. “When you process smartphones and any type of mobile devices, you've got to control the signal with the device. So that's the best way to store it. Even though it's powered off, you never know what will happen. So, you want to make sure you're maintaining that best chain of custody, and a great way to do it is that microwave.”
And don’t do the work on your personal computer; you should have a separate computer for the job.
Paul Giorgi of XM Cyber shares tips for setting up a home cybersecurity lab in this episode of Cyber Work Hacks.
If you have some extra money, a disc duplicator is recommended.
“That is nice because it has much more of the automated process,” Schroader says. “Some of those allow you remote examinations, which is fantastic, especially where everyone is kind of everywhere. But I would upgrade my software, and I know it's lame; I always upgrade my RAM. You can never have too much RAM in a machine. I truly believe that.”
Building a digital forensics lab
Schroader keeps two separate workstations in her lab set on old kitchen tables. She switches back and forth in an L configuration. She keeps a camera for evidence intake.
“I always make sure I take photos of everything because I want to document everything,” Schroader says. “That's a big part of digital forensics different from the rest of information security. We have to take a lot of notes.”
Items are placed on a yoga mat so they aren’t damaged.
Once your lab is set up, you’ll want to begin a project. Make sure everything works. Make sure nobody else at home is handling your items. Get used to a proper workflow.
Learn Digital Forensics
“I think [those with new home labs] also need to work on paperwork,” Schroader says. “I know this is a part no one ever talks about, but you've got to have a set chain of custody, a letter of engagement, all the different protections that you put in place."
She added, "I share mine with others because, again, we don't all have to fund lawyers. We might as well share.”
Check our Amber Schroaders and others' forensics training courses for more on digital forensics.
Learn Digital Forensics
Build your digital forensics skills with hands-on training in Infosec Skills. What you'll learn- Forensics concepts
- Computer forensics
- Mobile forensics
- Network forensics
- And more
In this Series
- Digital forensics and cybersecurity: Setting up a home lab
- Top 7 tools for intelligence-gathering purposes
- iOS forensics
- Kali Linux: Top 5 tools for digital forensics
- Snort demo: Finding SolarWinds Sunburst indicators of compromise
- Memory forensics demo: SolarWinds breach and Sunburst malware
- Digital forensics careers: Public vs private sector?
- Email forensics: desktop-based clients
- What is a Honey Pot? [updated 2021]
- Email forensics: Web-based clients
- Email analysis
- Investigating wireless attacks
- Wireless networking fundamentals for forensics
- Protocol analysis using Wireshark
- Wireless analysis
- Log analysis
- Network security tools (and their role in forensic investigations)
- Sources of network forensic evidence
- Network Security Technologies
- Network Forensics Tools
- The need for Network Forensics
- Network Forensics Concepts
- Networking Fundamentals for Forensic Analysts
- Popular computer forensics top 19 tools [updated 2021]
- 7 best computer forensics tools [updated 2021]
- Spoofing and Anonymization (Hiding Network Activity)
- Browser Forensics: Safari
- Browser Forensics: IE 11
- Browser Forensics: Firefox
- Browser forensics: Google chrome
- Webinar summary: Digital forensics and incident response — Is it the career for you?
- Web Traffic Analysis
- Network forensics overview
- Eyesight to the Blind – SSL Decryption for Network Monitoring [Updated 2019]
- Gentoo Hardening: Part 4: PaX, RBAC and ClamAV [Updated 2019]
- Computer forensics: FTK forensic toolkit overview [updated 2019]
- The mobile forensics process: steps and types
- Free & open source computer forensics tools
- An Introduction to Computer Forensics
- Common mobile forensics tools and techniques
- Computer forensics: Chain of custody [updated 2019]
- Computer forensics: Network forensics analysis and examination steps [updated 2019]
- Computer Forensics: Overview of Malware Forensics [Updated 2019]
- Incident Response and Computer Forensics
- Computer Forensics: Memory Forensics
- Comparison of popular computer forensics tools [updated 2019]
- Computer Forensics: Forensic Analysis and Examination Planning
- Computer forensics: Operating system forensics [updated 2019]
- Computer Forensics: Mobile Forensics [Updated 2019]
- Computer Forensics: Digital Evidence [Updated 2019]
- Computer Forensics: Mobile Device Hardware and Operating System Forensics
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Digital forensics
Digital forensics
Digital forensics
Digital forensics
Snort demo: Finding SolarWinds Sunburst indicators of compromise