EDC - Computer Forensics Toolkit

As a semi-nomadic analyst I often find that I need a tool or other item that I can't find locally easily. After you have purchased your nth cheap multiple bit screwdriver set, only to use it once before discarding, you know you have a problem. So in order prevent the stack of disposable tools of question quality being accumulated from various locations across MENA, I decided to put my own kit together. This way I had tools that I liked and knew I could depend on. 

What you see below is the "Maxpedition Mini Pocket EDC". I chose the organizer below because it could fit in a large cargo pocket if needed, but also had the MOLLE so it could be strapped to the outside of a pack. The flag patch hook&loop area on the organizer allowed me to personalize, or in this case label the organizer based on its' use (I have a cellphone toolkit I'll post about later). 

Image: Front side exterior of toolkit.

Image: Backside exterior of toolkit.

When selecting tools I wanted to make sure I ended up with something easy to carry, and hard to lose.

When selecting tools I tried to keep a couple of things in mind.

• Needed to fit in the  Organizer - Tools had to be able to fit in the organizer (4.5cm x 0.75cm x 6.5 cm). The organizer material has a little give to it so the listed dimensions are not exact.
• Shouldn't be too Small - I wanted to avoid a lot of little pieces. (I wasn't not complete successful in this as you will see below). Little items are easy to lose, and often hard to replace.
• Durable Construction - Couldn't pack extras, so each item needed to be durable enough that it could be dropped, kicked, fumbled, get wet, sandy, and dropped again.

The toolkit needed to hold the tools and components that I needed to disassemble a variety of devices in order to access the media inside. 

Image: Inside of the organizer.

As you can see, I've packed the organizer with a assortment of items. At the point this picture was taken I'm sure I've reached the maximum capacity of the toolkit. There really is not much room remaining for additional items. 

Let's get to the important question. What's in the toolkit. The following image is the all the items which can be found on the left hand side of the toolkit.

Image: Left hand side contents

1. Silver and black permanent marker pens. These can be used to mark evidence and other items.
2. China markers (AKA grease pencils). These can be used to mark smooth surfaces which the permanent markers can not.
3. Craft Knife. The blades are designed to be snapped off as needed.
4. Knife Sharpener. Useful for sharpening serrated blades.  
5. LokSak Waterproof Storage bags. These can be used to protect water sensitive components and other small items you would rather not get wet i.e. MicroSD adapters and other small components.
6. ESD Blunt Nose Tweezers. These are a heavier duty tweezers that has a nice wide gripping surface with grooves. It can grip on to the stubborn items that fine tip needle nose tweezers can't hold.
7. Multi-Tool Bits and adapter. A wide range of bits for the multi-tool on the right hand side of the toolkit. 
8. Small Phillips Driver. A small driver which can be used extract screws without needing to pulling the multi-tool. The driver can be dummy corded to the kit with 550 cord to prevent loss.
9. Stripped Screw Extractor. These pliers are designed to have an extra grippy nose so you can extract stripped screws. 
10. Small Metal Ruler. When measurements are important. 
11. Knife Sharpener. Keep your blade from going dull. Dummy corded to the toolkit.
12. Hemostat. Think of it as a nice lockable tweezers for when you don't have enough hands.
    

    

    Image: Left side items 1-6.

Image: Left side items 7-12.

The following image is the all the items which can be found on the right hand side of the toolkit.

Image: Right hand side contents.

1. Surgical Scissors. Nice strong safety scissors which quite durable. These were attach to the exterior of the toolkit. See the first exterior pictures.
2. Small LED Light. When you just need a little light.
3. Small Tweezers. General utility, for when the other tweezers are overkill or not sufficient for the task at hand.
4. ESD Small Driver Bits Screw Driver. For pulling apart small devices. I was of two minds on having a driver with so many small bits. Bits are easy to lose and hard to replace, but the compact design won. In the end I would figured that I would rather have more bit options and that I was not as likely to lose them. If you have a tendency to lose the driver bits, then get individual drivers. It will mean you will have less options, but just pick the drivers that you know you would need.
5. Small LED Flashlight. When you need more light. This model was selected because it uses AA batteries. I find in some countries the CR123A type batteries are just much too hard to replace.
6. Pocket Knife. When a you need a solid blade, but are too lazy to pull out the multi-tool.
7. ESD (AntiStatic) Brush. When you need to clean dust or unnamed gunk from something. This brush is meant to be used to on printed circuit boards, and should be good for most uses.
8. ESD Spudgers. Useful for opening small latches and ZIF connections when you are disassembling devices.
9. ESD Needle Nose Tweezers. Useful for holding extreme small screws, or fishing screws from a device when you drop them.   
10. Notebook.   Pictured is an all weather notebook. Rain, sun, fog, or snow ... you can take notes. There is also a Space Pen for writing, but it didn't get into the picture.
11. Miniature Locking Pliers. When the stripped screw removal tools fails you can always try this one.
12. MultiTool - Cut, saw, file, unscrew .. just as it is labeled ... Multi-Tool.

Image: Right hand side items 1-7.

Image:Right hand size items 8-12.

When I get around to taking pictures of my mobile forensics toolkit I'll post them. Currently, I'm fairly happy with the composition of this kit, but you never know when a better tool will come along. I have found that I'm not using the permanent markers and china pencils as much, but I rather have them than not. Everything else has been handy at one time or the other.

I've also had a ruggedized USB thumbdrive with this kit. Dummy corded to the internal lanyard. It was useful for keeping documentation and tools for when I needed them.