Implementing Digital Forensic Readiness
eBook - ePub

Implementing Digital Forensic Readiness

From Reactive to Proactive Process

  1. 374 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Implementing Digital Forensic Readiness

From Reactive to Proactive Process

About this book

Implementing Digital Forensic Readiness: From Reactive to Proactive Process shows information security and digital forensic professionals how to increase operational efficiencies by implementing a pro-active approach to digital forensics throughout their organization. It demonstrates how digital forensics aligns strategically within an organization's business operations and information security's program. This book illustrates how the proper collection, preservation, and presentation of digital evidence is essential for reducing potential business impact as a result of digital crimes, disputes, and incidents. It also explains how every stage in the digital evidence lifecycle impacts the integrity of data, and how to properly manage digital evidence throughout the entire investigation. Using a digital forensic readiness approach and preparedness as a business goal, the administrative, technical, and physical elements included throughout this book will enhance the relevance and credibility of digital evidence. Learn how to document the available systems and logs as potential digital evidence sources, how gap analysis can be used where digital evidence is not sufficient, and the importance of monitoring data sources in a timely manner. This book offers standard operating procedures to document how an evidence-based presentation should be made, featuring legal resources for reviewing digital evidence.- Explores the training needed to ensure competent performance of the handling, collecting, and preservation of digital evidence- Discusses the importance of how long term data storage must take into consideration confidentiality, integrity, and availability of digital evidence- Emphasizes how incidents identified through proactive monitoring can be reviewed in terms of business risk- Includes learning aids such as chapter introductions, objectives, summaries, and definitions

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Implementing Digital Forensic Readiness by Jason Sachowski in PDF and/or ePUB format, as well as other popular books in Computer Science & Information Management. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Syngress
Year
2016
Print ISBN
9780128044544
eBook ISBN
9780128045015
Topic
Computer Science
Subtopic
Information Management
Index
Computer Science
Section C
Appendices

Introduction

Introduction

Digital forensic readiness requires organizations to strategically integrate its business functions and processes with its administrative, technical, and physical information security controls to maximize the use of digital evidence while minimizing investigative costs. By doing so, organizations are in a much better position to proactively detect and deter security events before they escalate into a more serious incident or reactive investigation.
While not directly related to how the digital forensic discipline is practiced, the supplemental business functions and processes discussed in this section of the book are essential to successfully implementing a digital forensic readiness. Using these business functions and processes as part of a digital forensic readiness program allows organizations to make much more appropriate and informed decisions about their business risks specific to the digital forensic investigations.
In this section, the business function and processes discussed throughout the book have been included as supplemental content to digital forensic readiness. While these materials can be used as part of the digital forensic readiness program, they have been included as stand-alone materials and can be referenced as independent functions and processes that can also be used in other contexts.

Appendix A: Investigative Process Models

Introduction

Ever since forensic science became an established component of digital forensics, there have been a number of suggested and proposed process models. As early as 1984, law enforcement agencies began developing processes and procedures around computer forensic investigations. This led to the determination that as a result of bypassing, switching, or not following correct processes, the investigation could result in incomplete or missed evidence.
To examine the specified process models, the components of each model have been standardized to describe the activities performed as part of the investigative workflow. The term ā€œprocess modelā€ is used to represent all activities included in the proposed investigative workflow. The term ā€œphaseā€ is used to represent the high-level components within the process model and the term ā€œtaskā€ is used to represent the specific activity within the higher-level components.
There has been several digital forensic process models developed over the years to address either a specific need, such as law enforcement, or with a generalized scope with the intention that the process model could be adopted universally. While there might be some process models absent from the table below, Table A.1 contains a chronological list of process models including a unique identifier, the author(s), the publication year, and the number of phases included in the model.

Process Models

It is important to note that inclusion of the process models in Table A.1 does not suggest that these are better or recommended over other models that were not included. The following sections further dissect all process models, identified in Table A.1, in greater detail to extract the phases and better understand how the process model is structured.

[M01] Computer Forensic Investigative Process (1995)

Consisting of four phases, this model was proposed as a means of assuring evidence handling during a computer forensic investigation followed scientifically reliable and legally acceptable methodologies (Figure A.1).
ā€¢ Acquisition requires that digital evidence is collected using acceptable methodologies only after receiving proper approval from authorities
ā€¢ Identification interprets digital evidence and converts it into a readable human format
ā€¢ Evaluation determines the digital evidenceā€™s relevancy to the investigation
ā€¢ Admission documents relevant digital evidence for legal proceedings
Table A.1
Digital Forensic Process Models
IDNameAuthor(s)YearPhases
M01Computer Forensic Investigative ProcessM. Pollitt19954
M02Computer Forensic Process ModelUS Department of Justice20014
M03Digital Forensic Research Workshop Investigative Model (Generic Investigation Process)Palmer200...

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Preface
  6. Introduction
  7. About the Author
  8. Acknowledgments
  9. Section A. Digital Forensics
  10. Section B. Digital Forensic Readiness
  11. Section C. Appendices
  12. Section D. Templates
  13. Bibliography
  14. Index