11 items every digital field investigation kit must contain

Are you a cyber crime investigator? Do you often need to collect digital evidence at the crime scene??

How do you prepare? What do you carry with you? Do you have a ready Field Investigation Kit with all the necessary supplies to carry with you at a minute's notice?

A wise man once said “it is better to sweat in preparation than to bleed in battle“. The key to any successful investigation is preparation. Proper preparation results in collection of evidence at the crime scene in a manner acceptable in a court of law and results in successful prosecutions.?

An ideal kit is one which will help you overcome the hurly-burly of gathering and assembling all the prerequisites required before visiting a crime scene. The Digital Evidence Seizure Kit (aka DESKTM) is what makes the difference between 24/7 preparedness and an evidence collection nightmare. This is an ideal solution containing all the basic essentials which may be required by the digital forensic first responder.?

Now let’s see what all things are required during a field investigation which need to be a part of your DESK:-

1. First and foremost the ruggedized case which you can just grab and go. The very first thing that a good field investigation kit is required to be built around is the waterproof military standard hard case which contains everything you need and more for your crime scene investigation.?
2. One write Blocker to rule them all - This is one of the most essential elements of your DESK. This needs to be able to handle all sorts of interfaces and work at high enough speeds to save time at the scene of the crime. At this point there are two options - one can carry a number of different write blockers with the additional cables and adapters or one can go in for an all in one write blocker that can handle most of the interfaces out there. This single composite handy unit reduces the number of things one has to carry.? Depending upon the circumstances, this allows the IO to preview the data at the crime scene itself and conduct an on-site investigation in order to find potential evidence. So the all in one writeblocker is the preferred choice.
3. Disk Duplicator. As it is a field investigation, speed is of the essence. The need for speed is very critical in these cases. The faster you image a hard drive, the less time you’ll spend during the investigation. Therefore it is very essential to? use a very high end portable disk duplicator like the Falcon Neo. It will help you create an image at the crime scene itself, saving you a lot of time and some extra effort. The Falcon Neo works at speeds exceeding 50GB/min and using that can make the difference between a few hours of productive effort or an all nighter to collect the data.
4. A Triage Tool is another essential for the crime scene. It helps you identify and zero in on the potential evidence that needs to be seized from the incident location.
5. Hard disks are inherently fragile and easily damaged. As repositories of digital evidence improper transportation can cause irreparable damage to both the data and your case. Hence it is essential to prevent in-transit damage to hard disk drives. Hence a rigid case is required at the time of the seizure so that the evidence hard drive is saved from any transportation damage caused by intentional or unintentional rough handling.
6. One of the key requirements when it comes to mobile forensics is that of isolating the phone from the telecom or wifi network at the time of seizure. Faraday Bags are used for this. Though these may appear to be normal bags/pouches but they are actually made of special material which doesn't let electromagnetic waves pass through and hence isolates the gadget from any kind of external communication. This prevents external access after seizure and hence protects against possible tampering. These come in various sizes and can be used for Phones, tablets, laptops etc.
7. Camera. As you enter the crime scene the very first thing after securing the area is to document what you see there. This step includes clicking pictures, making notes and sketching. So there is a need for a good quality camera for you to capture those minute crime scene details, which could be critical at the time of the trial.?
8. A whole bunch of different connectors and adapters which you may require during the field investigation.?
9. A good tool kit with Screwdrivers of different sorts, pliers etc is one of the most essential items when it comes to seizing electronic evidence.
10. Last but not the least is the Tablet containing the Digital Evidence Seizure Application – This application provides the facility to fill the seizure memo (the IF4 form) in digital format. A very special feature of this application is that it uses OCR (Optical Character Recognition) technology where you just need to click a picture of the evidence (such as a hard disk or a mobile phone) and it will automatically recognise and fill in the details like make, model, serial number etc in the IF4 form. This reduces a huge amount of manual work as well as helps mitigate the chance of errors which may occur while filling the seizure memo manually.
11. The bag and tag kit - all miscellaneous packing and labeling material for documenting and transporting the evidence while maintaining the chain of custody.

What items do you keep in your Field Investigation Kit and why?