Digital Forensics Lab Setup
Re: Setting Up A Digital Forensic Lab. If network network forensic is to be taught, tools like Nessus and Wireshark would be needed. The forensic workstation does not have to be the state of art PCs. They can be 35 year old machine (with 4080GB hard disk, 1GB Ram). FAT12 file systems would be relatively easy to start with for general file systems.
To provide secure and reliable resources for the lab it was decided that the existing VMware infrastructure being used in the CS department would be leveraged. The lab environment partially exists of:. 1 HP AMD based blade server running the VMware ESXi Advanced 4.0 hypervisor with 4 ethernet NICs.
For each, the instructions are in PDF form, and there are also LaTeX source files available upon request. Each builds upon the previous projects, so expect to at least read and follow the setup instructions from all previous labs if you choose to do them out of order. Digital Forensics / Incident Response Forms, Policies, and Procedures. Some of these documents were used within an ASCLD/LAB accredited laboratory operating to ISO 17025 standards and others have been used within a U.S. Fallout 4 loverslab children. Federal Agency in the national security space providing cybersecurity, digital forensics, and incident response for classified and unclassified networks.
iSCSI based SAN. HP c3000 blade enclosure. Virtual Connect network switch in blade enclosure.
6 virtual servers running the msploit virtual machine, each with one virtual NIC (the virtual exploitable servers). 1 virtual server running Ubuntu-based linux, with latest security patches, configured with 2 virtual NICS (the primary virtual server)The switch in the blade enclosure has at least one of its uplinks connected to the public network. Another port on the blade switch is configured as a VLAN which is non routable and inaccessible from the public network.
A third port must be configured with the same VLAN that the iSCSI storage SAN is configured for.The physical blade running the VMware ESXi Advanced 4.0 hypervisor is configured wherein one NIC is mapped to the switch port that is configured for the public network. Another NIC is mapped to the switch port that is configured for the private VLAN. A virtual ‘VMware network’ needs to be created for each of these 2 connections.The primary virtual server is configured with two virtual NICS. One NIC is mapped to the public virtual network and is assigned with a publicly routable ip address. The 2nd NIC is mapped to the private virtual network and is assigned a private non-routable ip address.
Forensics Lab Technician
The linux OS on the primary server is configured to allow inbound SSH connections from the public network and has a routing table capable of allowing users to ssh to hosts on the private network it is connected to. Users must first connect to this host before they can ‘ssh’ to the private servers.The virtual exploitable servers are each configured with 1 virtual NIC. Each NIC is mapped to the private virtual network and is assigned a unique ip address in that VLAN range.Local linux accounts are created on the primary virtual server. The virtual machine for the exploitable machines comes preconfigured with an account of ‘msfadmin’ with the same password.The virtual machines (primary and exploitable) are created using the VMware Virtual Center tools and their files are located on the Vmware filesystem located on the iSCSI SAN. An assumption is being made that the iSCSI san has been preconfigured and the VMware ESXi hypervisor has been configured to use the SAN for virtual machine storage. The iSCSI san should be on a separate VLAN than the virtual machines and should be connected to the network switch located in the blade enclosure.
Digital Forensics Lab Setup Software
This requires that the network switch must also be configured with at least one port utilizing the network VLAN that the iSCSI SAN is configured for. Setting up the iSCSI SAN and VMware connectivity to it is out of the scope of this document.It should be noted that the virtual machines could instead be located directly on the blade assuming it has its own storage.- Material by Ken Kleiner.