Setting up a Digital Forensic Lab Part 2

Written by Amber Schroader

August 7, 2020

Now that you have your mind around what it takes to set up the equipment of the lab it is time to start looking at staffing the lab and the management of the flow of the lab. This can be the hardest part because you are dealing with people and what they need on top of what you need digitally. This is where the flexibility required to deal with digital data is required.

Hiring the Right People

When looking for people in digital forensics that have the skills you need to produce the proper results out of your lab there are a few factors to look at.

Focus of Lab

When deciding to do digital forensics it is important to know what type of data you are going to be dealing with. Based on the type of data will tell you where you want to focus on the skills for the team members you want in the lab.

 Focus of Cases

Not all good examiners can find data with all types of cases. If you are dealing with a lot of financial fraud cases you will want someone who understands how numbers work and what type of data they should be looking for. This is very different than the type of data you would be looking for with a child exploitation case. Understanding the data you are looking for makes a big impact on the skills you look for in a team member.

 Lab Feel & Attitude

Not everyone agrees that the feel or attitude of the lab matters, but it can affect the overall productivity of the lab if you get someone in that does not fit. Make sure if you are going to be strict on the processes that you pick team members that can follow clear directions and are okay with doing the same processes over and over.


In a field like digital forensics where it is not regulated as a standard science, the industry is gauged by the certifications that the different examiners hold. Most of the certifications in the field of digital forensics are done by a vendor of some type. Some courses will include certifications as part of the course cost, and others will not. Make sure you read the fine print of what you are getting and also how often you will need to be recertified. All certifications should have a testing component and most will have a lab with it as well. It should not just be based on the attendance of the course.

I will break down the training and certifications into two categories based on vendors.

Software Vendors

All of the different specialized tools in digital forensics have a certification associated with them. Many times, these certifications are about the competency of the user in the operation of the tool in the process of an examination. Team members must hold multiple certifications in this category so that they are competent in the operation of multiple tools. Although people might have preferences on tools they must be able to use more than one tool. As mentioned prior the process of cross-validation is a requirement in the field to confirm that all the data was found in the investigation.

Training Vendors

The other vendors are those that provide training courses that are “vendor-neutral” that teach the fundamentals of the field. Be mindful of these course selections as many times the “vendor-neutral” side is not truly followed. You need to ensure the course focuses on the principles and what needs to be done in a process and no on a method of a tool. Vendors such as Paraben can offer courses like this that are not specific to tool operation such as the Digital Forensics Fundamentals Course. This course goes through what you should know to do digital forensics and discusses a large variety of tools in the course. The courses and certifications that fall in this category can be very expensive so shop around and look for both paid and open source options for learning. However, certification will typically have a fee with it.

Some training vendors include:

InfoSec Institute



There are many more that fall in this category, ask others what courses they have liked. Make sure the method that is used for teaching is complementary to how you learn materials. 

When selecting team members make sure you vary what skills and certifications each team member has to keep your lab well rounded and skilled in a large variety of digital skillsets.

Management of Lab

Management is the hardest part of the process if you do not understand what the team members are doing. There are many courses out there that allow someone in a management position to learn the fundamentals of the processes that should be used. It is always recommended that at least one of these courses are attended.

Managing Expectations of Data

In addition to managing people, managers must also manage the expectations of the client with the data. This is the harder part of the equation because each case that is processed is going to have different data. It is important to understand and explain to clients the difference in data types and most cases the recovery of data. Clients can assume you can work a miracle and that doesn’t happen. Keep the expectations realistic and be honest and upfront with your clients.

The key to dealing with a team and with clients is all about good expectations that are followed up with good procedures. By clearly defining deliveries for both then you have the best chances for success in delivering data and reports promptly. This makes everyone happy in the end and allows your lab to have a strong reputation.

Forensic-Impact Articles

Small Businesses: Don’t Make These 7 Common Cybersecurity Mistakes

Small Businesses: Don’t Make These 7 Common Cybersecurity Mistakes

Guest Blog Post: Lance Cody-ValdezHackers are going after SMBs with a vengeance – 43 percent of all cyberattacks are directed toward these smaller companies, according to a Hacked report.  SMBs make for “soft” targets, as many don’t have basic cybersecurity safeguards...

Why is Triage a good step in Digital Forensics?

Why is Triage a good step in Digital Forensics?

Many people discount the value of triage. Investigators try to obtain all the data at once, which can be costly and unproductive. With the data gap gone between mobile and computer-related data, you can analyze terabytes now without breaking a sweat. Triage and...

Fall is full of new data in iOS 16 messages

Fall is full of new data in iOS 16 messages

With each fall we see changes in the smartphone world with new firmware updates that bring extra spice to the pumpkin spice season. This year was not an exception with iOS 16 showing lots of new data that will add to our digital investigations. iOS 16 held a lot of...