Write a professional memo detailing a plan for acquiring tools you may need for a forensic investigation as part of an incident response. Also include anything you may need for data handling and storage. Include rough costs for what you are recommending. You will need to justify the expenditure. Keep in mind that since this would be for a company, anything you acquire would be only part-time use so you need to make sure you can justify any costs (meaning don’t just go for top of the line everything and say it’s worth it — you may need to be creative about what tools you get to keep costs down as low as possible). You do not and will not have ‘carte blanche’ for expenditures. Keep your costs as low as possible. You will have to research and document your costs. Making statements such as ‘it depends on the situation or on management’s decision’ will not receive credit.
Tool Selection Resources
Review the Network Forensics related Briefings, Arsenal, Features, Events, etc. of recent BlackHat (https://www.blackhat.com (Links to an external site.)) and Digital Forensics Conference (https://www.osdfcon.org/ (Links to an external site.)), and the articles in JDFSL (http://commons.erau.edu/jdfsl/ (Links to an external site.)).
Determine your single area of focus, e.g., Tools, Evidence Acquisition, Evidence Analysis, Strategy, Remote Access, etc. Review the project in your focus area in Open Source space (e.g., https://github.com/cugu/awesomeforensics (Links to an external site.)).