Computer Forensics Lab

The UNC Charlotte computer forensics lab is comprised of roughly 20 iMac workstations that can run both the OSX and Windows 7 operating systems. These machines currently have a multitude of computer forensic software installed on them. The most important software on the machine is the Forensics Toolkit (FTK) software from Access Data. This software allows students to acquire disk images of workstations and begin investigating them just as a forensics specialist would in any law enforcement agency. Through multiple labs, students are able to investigate real life scenarios. Through their investigations, students must pull web history, e-mails, instant messages, pictures, documents, and many other artifacts from the disk images. UNC Charlotte also utilizes that Password Recovery Tool Kit to aid them in having the ability to break into password protected files.

The forensics lab on campus is also stocked with many other tools that allow for students to become better trained in the art of forensics. Currently we have around 10 USB write blockers which allow students to examine evidence without tampering with the data. On the workstations, students have access to multiple other tools that may be useful in a forensic examination. Software such as Invisible Ink, HxD, Registry Viewer, Eraser, and multiple archiving tools are all available to students. Invisible Ink is utilized to help demonstrate how stenographic files can be created and how data can be retrieved from them. HxD allows the ability to modify and examine files on a hexadecimal level. The Registry Viewer tool assists in understanding how the Windows operating system works and what is modified when a user is accessing, making changes to, or utilizing a computer to perform a task. The Eraser tool gives students the ability to wipe data under the same standards that the DoD must follow which requires that a drive’s contents be written over with 0’s seven times.

These tools combined with real world scenario based lab’s create an environment for students to become familiar with the core concepts around computer forensics and better prepares them for investigations around both law enforcement cases as well as malware intrusions.

To gain access to the lab, you must have a sponsoring faculty member from the Department of Sofware and Information Systems. Your sponsoring faculty member will grant you access to the lab.