A lot of people seem fascinated when I tell them what I do for a living (well, one of the things), so I thought I’d write a blog post about it.
The specific strand of my life that generates all the interest is forensic investigation. To be fair, it is a pretty awesome job and I do feel like a badass when I’m doing it. But a lot of it is way less glamourous than people seem to expect, probably because they’ve watched too much CSI.
So what do I do, if it’s not all ultra-glamourous labs, flashy command lines and 45-minute mysteries?
Well, here’s a look at my desk.
And here’s a description of the items on it.
If anyone tells you that when you’re starting out as a forensic examiner, you’ll need loads of expensive equipment, they’re wrong. Sure, when you get to working on the huge cases, you probably will. But if you’re doing that, then you’ll probably be working at other people’s offices, and they’ll have more than enough equipment to keep you going.
My computer is an HP Stream 11. I bought it because it was cheap (£179 at Argos) and because it was pink. Yes, I basically am Penelope Garcia.
I do have a more powerful machine which I use when I need to. It runs Kali Linux, which comes with its own built-in forensics tools, which is very handy. But if I’m using third-party tools, they often don’t have support for Linux, so I end up running them on Windows 8.1 (ugh, I know) on my little pink machine.
2. 1TB External Hard Drive
I bought this because I needed extra disk space, and because it’s turquoise.
It’s a Verbatim Store ‘n’ Go USB 3.0 portable hard drive. I use it for backing up my systems, and for extra storage space. My little pink laptop isn’t huge in the storage department.
3. Multi-USB Port Thingy
I had trouble explaining what I was looking for when I went into shops. “I need a thing that, like, plugs in other things, so you can have lots of USB… things?” I am not always eloquent.
My friend Sikandar said I could pick one of these up in the pound shop, but I have yet to find one there. I bought this one from Argos, and it does the job swimmingly.
My little pink machine only has two USB ports, and if you’re forensically imaging something you’re going to need more than that. With this, you can plug in multiple USBs and use them all at once. Like magic.
It’s a Belkin 4 Port Ultra Slim Mains Powered USB Hub. Try saying that in a hurry.
4. SIM Reader
Today’s job was to forensically analyse some mobile devices, so I needed a SIM reader. This pulls information from a SIM card and presents it to you on a computer screen, so you can sift through it for anything that looks suspicious.
Mine is a Dekart SIM card reader for Windows. I bought it because it had good reviews on Amazon, and because… you guessed it… it’s a pretty colour.
It arrived quickly and it came with some SIM reading software which actually did a better job at getting information from SIM cards than the very expensive forensics software I was testing a couple of weeks ago.
5. Multi-charger Thing
You can’t see #5 properly in the picture, but it’s worth a shout-out because it’s (a) very cheap and (b) very useful. It’s a USB with a load of leads on the end, each one connects to a different kind of charger. They’ll fit most modern phones/smartphones/etc. And I got it at the pound shop.
6. 32GB USB
I picked this up when I was in Barcelona using my very limited Spanish, so I have no idea what I bought, other than that it’s a 32GB USB stick.
When you forensically analyse something, you take what we call an “image”, which basically just means dumping all the information from the device in exactly the configuration it’s in when you find it. This means that if you then do something that changes the state of the device – for example, if it runs out of battery and turns off, or if the screen locks – you still have all the evidence.
Forensic images are also useful if you have to mess about with the device in some way. This isn’t recommended in forensic examinations, but sometimes it’s required to interact with a device for one reason or another. If you’re going to do that, imaging it first means that when you get to court, you can show all the changes you made from the original state onwards.
This USB is one that I used to store the image of a 16GB Hudl2 device.
7. Codemeter Stick
This is a piece of equipment from AccessData. I’m using a few of their pieces of software for my current investigations, and this USB has all the licensing information, so that when I start up the programs, my computer knows they’re legit. And more importantly, so do a judge and jury.
8. Police Coaster
My coaster also gets a shout-out, because it’s forensics-related.
Viper is a new police initiative which should help victims when they’re identifying people in a line-up.
In the past, when you go into a police station to identify someone who’s done something terrible to you, you have to actually see them in person. They can’t see you, but still. It feels horrible and invasive.
Viper means you can do it all through video instead, and you don’t have to be in the same space as the person who made your life hell. Which is a very nice idea, and it makes me smile every time I pick up my cup of coffee.
9. MPE+ Investigator
This is the software I’m using to sift through the images I’ve taken.
I’ve made copies of the information on the devices, and (if you’re using AccessData to make the copies) they come back as an AD1 file. You can then upload these files into MPE+ Investigator, which is free to download and use, and it’ll show you all your data, laid out nice and neatly. Here’s one I made earlier (again, this is my own phone’s SIM card, don’t worry. I’m not just sharing investigation data on my blog.):
So, that’s a day in the life. Or rather, a desk in the life. And a rough overview of how it all works.
In other news, I got home today to discover that someone had dumped a stolen backpack on my doorstep.
Life Pro Tip: If you’re going to dump a stolen item anywhere, the doorstep of a forensic investigator might not be the best place to choose.
Remarkably, none of these are affiliate links or things I was reviewing in exchange for free stuff. I kinda feel like they should be though, so if you have something you’d like me to review, let me know.