With the opening of the IT Security and Forensics Hub at Temasek Polytechnic on the 27th July 2015, students from the TP ISACA Student Group were honored to give Minister for Communications and Information and Minister-in-charge of Cyber Security Dr Yaacob Ibrahim and several industrial guests a tour in the Forensics Lab. The esteemed visitors were mainly introduced to the workflow involved and forensic tools utilized in a forensic investigation.
The students have demonstrated the first stage of an investigation – acquisition by connecting the mobile device evidence to the UFed touch from Cellbrite which is used in mobile forensics investigation. Subsequently, an extraction of the phone data to the removable drive is performed. The importance of ensuring that no data would be written into the original evidence while the original evidence is being copied is emphasized as well, as the students present a forensic tool called write-blocker.
Next, proceeding to the analysis stage of an investigation, Physical Analyzer, a software also developed by Cellbrite, was shown to the guests. The software displays a variety of data sources stored in the mobile device that allows investigators to analyze the patterns of the suspect’s behavior.
Finally, at the last stage – reporting, the students illustrated the use of Encase, an industry standard forensic tool, by presenting the important information in an organized and structured manner. Additionally, UFed Link Analysis, another forensic tool used for reporting, was exhibited. It is able to correlate evidence that has been acquired to the case and automatically generates a timeline which would be included in the report for submission in court.
With the quick overview of the forensics tools and workflow stages, the tour with Dr Yaacob and the valued visitors has successfully ended.