Inside lab vs Outside lab

Written by Amber Schroader

February 11, 2020

Many organizations try to balance the value of having an in-house team for digital forensics vs. outsourcing the services. To break it down, we are going to look at it from the perspective of the public sector vs. the private sector.

The public sector in the U.S. primarily has in-house teams that do their digital forensic work, with the processing of only certain cases going to outside parties. This system has been the norm for many years and has kept a lot of labs very busy. However, many of the smaller departments do not have the same benefits as the larger labs due to having smaller budgets and fewer officers, who sometimes split their duties between normal casework and digital forensics. This split in duties is when smaller departments must choose between doing forensics in-hours or using a larger lab.

From the perspective of a smaller lab, the value of doing digital forensics in-house allows there to be more control regarding time and returns for casework. Although there are always budget concerns when setting up a digital forensic lab, the cost should not be the primary issue. There is a large range of tools to choose from for digital forensics. Labs can choose from open-source (free) software to budget-friendly software, like that offered by Paraben, Elcomsoft, Sumuri, and others. Investment in digital forensic capabilities for a smaller lab can be under $5,000 for just the software and under $10,000 for the software plus training to get started. Smaller labs can benefit from budget-friendly software options and online training to maximize smaller budgets and to shorten the case closure time.

With the private sector, the lab choices are a little different as they don’t have centralized outside lab options. The private sector is typically competing against one another with casework, so rarely do you see them collaborative with cross-processing or with community tools. Setting up a lab in the private sector can be simpler than setting up a lab in the public sector. However, the setup of a lab in the private sector can impact the end goal of the business, which is to make money. With more and more solo examiners popping up, it is important to understand the fundamentals of offering services that allow your in-house lab to be as profitable as possible.

When looking at service profitability in the private sector, the highest expense is the overhead for the lab. The expense of tools and technology is always the hardest to absorb since multiple tools should be utilized for cross-validation when doing digital forensics. To maximize profit margins, it is smart to choose some of the open-source options for cross-validation. It is also important to consider where the overlap of your tools is and to make sure that you purchase tools with a little overlap to maximize the lab’s capabilities. It is always a good idea to communicate with your tool providers to let them know which features benefit your lab and new features your lab desires. You should also follow the tool providers on social media for tips and tricks they may share and to not miss out on any freebies that they may offer. Working with a vendor in digital forensics is different than just going to your local retail chain since you are starting a relationship. That relationship should be one that will benefit your organization with services that can help you grow your business.

The final concern in the private sector is what happens when an examiner is out of their skill scope. The skill scope is where an examiner feels they are the most proficient with their skills and where they believe they do the best job. When an examiner goes beyond their skill scope, they risk the evidence in the case. Knowing their skill scope allows for examiners in both the public and the private sector labs to explore other options, such as the use of a larger lab. A larger lab typically has more examiners with specific skill sets, which allows the work on a case to be divided. In a lab in the public sector, if you have a case out of your examiner’s skill scope, it is the perfect opportunity to work with a larger regional lab to get help with the case. In a private sector lab, sending the casework to a larger regional lab is not an option, so it is a good opportunity to look at the professional services offered by your technology providers.

Having an in-house lab with smartly budgeted tools can be the most beneficial for both a public sector lab as well as a private sector lab. Looking past some of the higher-priced tools to multiples of the mid-range tools with training and open-source tools are smarter options for smaller labs to increase their examiner’s skill scope.  An increased skill scope for an examiner means a larger variety of cases can be booked which leads to an increase in revenue. 

Framework for Mobile Forensic Capabilities White Paper

Go through the value of processing mobile devices internally in your lab with this white paper that reviews what it takes.

Forensic-Impact Articles

E3:Universal Top Performer in SourceForge

E3:Universal Top Performer in SourceForge

The people have spoken.E3:Universal has just been recognized as a category Top Performer by SourceForge. The SourceForge category Top Performer is awarded to select products that have recently attained significant praise from user reviews on SourceForge. We are very...

How to get started in the field of digital forensics

How to get started in the field of digital forensics

When you think of different career paths in the field of cyber you might not always notice the field of digital forensics. However, if you have a passion for all things digital and keen attention to detail this field could be the perfect place for you where a job is...

E3 Forensic Platform Version 3.2 Released

E3 Forensic Platform Version 3.2 Released

Paraben’s version 3.2 of the E3 Forensic Platform was released with a bang with support for new artifacts and new capabilities when it comes to Malware investigations. “With so many cases revolving around malware and ransomware, it was important that we make sure we...