Organizations need to get ready with Digital Forensic: Part 2
Integrating Forensic with other IT security activities
Forensic readiness is complementary to, and an enhancement of, many existing information security activities.
- Policy Update – Updating IT policies appropriately for inclusion of Digital Forensic related terms
- Asset Management – It is important to know which assets are subject to target and potential sources for evidence gathering
- Risk Management – It should be part of an information security risk assessment to determine the possible disputes and crimes that may give rise to a need for electronic evidence.
- Incident Response – It is closely related to incident response and business continuity, to ensure that evidence found in an investigation is preserved and the continuity of evidence maintained.
- Security Monitoring – It is part of security monitoring, to detect or deter disputes that have a potentially major business impact.
- Security Training – Forensic readiness also needs to be incorporated into security training, particularly for middle managers who have to deal with an incident in a multi-disciplinary team.
- DR/BCP – Forensic readiness can be tested as part of business continuity and disaster recovery exercises
Cost associated with Forensic readiness
The sorts of activities where costs will be incurred include:
- Training IT and other relevant staff
- Systematic gathering of potential evidence
- Secure storage of potential evidence
- Preparation for incidents
- Enhanced capability for evidence retrieval
- Legal advice
- Developing an in-house Digital Forensic Investigation capability, if required