Digital Forensics Processing and Procedures

Digital Forensics Processing and Procedures

by David Lilburn Watson, Andrew Jones
Released August 2013
Publisher(s): Syngress
ISBN: 9781597497459

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab.

  • A step-by-step guide to designing, building and using a digital forensics lab
  • A comprehensive guide for all roles in a digital forensics laboratory
  • Based on international standards and certifications

Table of contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. About the Authors
  6. Technical Editor Bio
  7. Acknowledgments
  8. Preface
  9. Chapter 1. Introduction
    1. Abstract
    2. 1.1 Introduction
    3. Appendix 1 Some Types of Cases Involving Digital Forensics
    4. Appendix 2 Growth of Hard Disk Drives for Personal Computers
    5. Appendix 3 Disk Drive Size Nomenclature
  10. Chapter 2. Forensic Laboratory Accommodation
    1. Abstract
    2. 2.1 The Building
    3. 2.2 Protecting Against External and Environmental Threats
    4. 2.3 Utilities and Services
    5. 2.4 Physical Security
    6. 2.5 Layout of the Forensic Laboratory
    7. Appendix 1 Sample Outline for a Business Case
    8. Appendix 2 Forensic Laboratory Physical Security Policy
  11. Chapter 3. Setting up the Forensic Laboratory
    1. Abstract
    2. 3.1 Setting up the Forensic Laboratory
    3. Appendix 1 The Forensic Laboratory ToR
    4. Appendix 2 Cross Reference Between ISO 9001 and ISO 17025
    5. Appendix 3 Conflict of Interest Policy
    6. Appendix 4 Quality Policy
  12. Chapter 4. The Forensic Laboratory Integrated Management System
    1. Abstract
    2. 4.1 Introduction
    3. 4.2 Benefits
    4. 4.3 The Forensic Laboratory IMS
    5. 4.4 The Forensic Laboratory Policies
    6. 4.5 Planning
    7. 4.6 Implementation and Operation
    8. 4.7 Performance Assessment
    9. 4.8 Continuous Improvement
    10. 4.9 Management Reviews
    11. Appendix 1 Mapping ISO Guide 72 requirements to PAS 99
    12. Appendix 2 PAS 99 Glossary
    13. Appendix 3 PAS 99 Mapping to IMS Procedures
    14. Appendix 4 The Forensic Laboratory Goal Statement
    15. Appendix 5 The Forensic Laboratory Baseline Measures
    16. Appendix 6 Environment Policy
    17. Appendix 7 Health and Safety Policy
    18. Appendix 8 Undue Influence Policy
    19. Appendix 9 Business Continuity Policy
    20. Appendix 10 Information Security Policy
    21. Appendix 11 Access Control Policy
    22. Appendix 12 Change or Termination Policy
    23. Appendix 13 Clear Desk and Clear Screen Policy
    24. Appendix 14 Continuous Improvement Policy
    25. Appendix 15 Cryptographic Control Policy
    26. Appendix 16 Document Retention Policy
    27. Appendix 17 Financial Management Policy
    28. Appendix 18 Mobile Devices Policy
    29. Appendix 19 Network Service Policy
    30. Appendix 20 Personnel Screening Policy
    31. Appendix 21 Relationship Management Policy
    32. Appendix 22 Release Management Policy
    33. Appendix 23 Service Management Policy
    34. Appendix 24 Service Reporting Policy
    35. Appendix 25 Third-Party Access Control Policy
    36. Appendix 26 Acceptable Use Policy
    37. Appendix 27 Audit Committee
    38. Appendix 28 Business Continuity Committee
    39. Appendix 29 Environment Committee
    40. Appendix 30 Health and Safety Committee
    41. Appendix 31 Information Security Committee
    42. Appendix 32 Quality Committee
    43. Appendix 33 Risk Committee
    44. Appendix 34 Service Delivery Committee
    45. Appendix 35 Whistle Blowing Policy
    46. Appendix 36 Management Review Agenda
    47. Appendix 37 Document Control Checklist
    48. Appendix 38 Document Metadata
    49. Appendix 39 File-Naming Standards
    50. Appendix 40 Watermarks in Use in the Forensic Laboratory
    51. Appendix 41 Document Review Form
    52. Appendix 42 IMS Calendar
    53. Appendix 43 Audit Plan Letter
    54. Appendix 44 Audit Reporting Form
    55. Appendix 45 CAR/PAR Form
    56. Appendix 46 Opening Meeting Agenda
    57. Appendix 47 Closing Meeting Agenda
    58. Appendix 48 Audit Report Template
    59. Appendix 49 Root Causes for Non-Conformity
  13. Chapter 5. Risk Management
    1. Abstract
    2. 5.1 A Short History of Risk Management
    3. 5.2 An Information Security Risk Management Framework
    4. 5.3 Framework Stage 1 — ISMS Policy
    5. 5.4 Framework Stage 2: Planning, Resourcing, and Communication
    6. 5.5 Framework Stage 3: Information Security Risk Management Process
    7. 5.6 Framework Stage 4: Implementation and Operational Procedures
    8. 5.7 Framework Stage 5: Follow-up Procedures
    9. Appendix 1 Sample Communication Plan
    10. Appendix 2 Sample Information Security Plan
    11. Appendix 3 Asset Type Examples
    12. Appendix 4 Asset Values
    13. Appendix 5 Consequences Table
    14. Appendix 6 Some Common Business Risks
    15. Appendix 7 Some Common Project Risks
    16. Appendix 8 Security Threat Examples
    17. Appendix 9 Common Security Vulnerabilities
    18. Appendix 10 Risk Management Policy
    19. Appendix 11 The IMS and ISMS Scope Document
    20. Appendix 12 Criticality Ratings
    21. Appendix 13 Likelihood of Occurrence
    22. Appendix 14 Risk Appetite
    23. Appendix 15 Security controls from CobIT and NIST 800-53
    24. Appendix 16 Information Classification
    25. Appendix 17 The Corporate Risk Register
    26. Appendix 18 Comparison Between Qualitative and Quantitative Methods
    27. Appendix 19 Mapping Control Functions to ISO 27001
    28. Appendix 20 Mapping Security CONCERNS to ISO 27001
    29. Appendix 21 SoA Template
    30. Appendix 22 The Forensic Laboratory’s Security Metrics report
    31. Appendix 23 Mapping ISO 31000 and ISO 27001 to IMS Procedures
  14. Chapter 6. Quality in the Forensic Laboratory
    1. Abstract
    2. 6.1 Quality and Good Laboratory Practice
    3. 6.2 Management Requirements for Operating the Forensic Laboratory
    4. 6.3 ISO 9001 for the Forensic Laboratory
    5. 6.4 The Forensic Laboratory’s QMS
    6. 6.5 Responsibilities in the QMS
    7. 6.6 Managing Sales
    8. 6.7 Product and Service Realization
    9. 6.8 Reviewing Deliverables
    10. 6.9 Signing off a Case
    11. 6.10 Archiving a Case
    12. 6.11 Maintaining Client Confidentiality
    13. 6.12 Technical Requirements for the Forensic Laboratory
    14. 6.13 Measurement, Analysis, and Improvement
    15. 6.14 Managing Client Complaints
    16. Appendix 1 Mapping ISO 9001 to IMS Procedures
    17. Appendix 2 Mapping ISO 17025 to IMS Procedures
    18. Appendix 3 Mapping SWGDE Quality Requirements to IMS Procedures
    19. Appendix 4 Mapping NIST-150 Quality Requirements to IMS Procedures
    20. Appendix 5 Mapping ENFSI Quality Requirements to IMS Procedures
    21. Appendix 6 Mapping FSR Quality Requirements to IMS Procedures
    22. Appendix 7 Quality Manager, Job Description
    23. Appendix 8 Business Plan Template
    24. Appendix 9 Business KPIs
    25. Appendix 10 Quality Plan Contents
    26. Appendix 11 Induction Checklist Contents
    27. Appendix 12 Induction Feedback
    28. Appendix 13 Standard Proposal Template
    29. Appendix 14 Issues to Consider for Case Processing
    30. Appendix 15 Standard Quotation Contents
    31. Appendix 16 Standard Terms and Conditions
    32. Appendix 17 ERMS Client Areas
    33. Appendix 18 Cost Estimation Spreadsheet
    34. Appendix 19 Draft Review Form
    35. Appendix 20 Client Sign-off and Feedback Form
    36. Appendix 21 Information Required for Registering a Complaint
    37. Appendix 22 Complaint Resolution Timescales
    38. Appendix 23 Complaint Metrics
    39. Appendix 24 Laboratory Manager, Job Description
    40. Appendix 25 Forensic Analyst, Job Description
    41. Appendix 26 Training Agenda
    42. Appendix 27 Some Individual Forensic Certifications
    43. Appendix 28 Minimum Equipment Records Required by ISO 17025
    44. Appendix 29 Reference Case Tests
    45. Appendix 30 ISO 17025 Reporting Requirements
    46. Appendix 31 Standard Forensic Laboratory Report
  15. Chapter 7. IT Infrastructure
    1. Abstract
    2. 7.1 Hardware
    3. 7.2 Software
    4. 7.3 Infrastructure
    5. 7.4 Process Management
    6. 7.5 Hardware Management
    7. 7.6 Software Management
    8. 7.7 Network Management
    9. Appendix 1 Some Forensic Workstation Providers
    10. Appendix 2 Some Mobile Forensic Workstation Providers
    11. Appendix 3 Standard Build for a Forensic Workstation
    12. Appendix 4 Some Case Processing Tools
    13. Appendix 5 Policy for Securing IT Cabling
    14. Appendix 6 Policy for Siting and Protecting IT Equipment
    15. Appendix 7 ISO 20000-1 Mapping
    16. Appendix 8 Service Desk Manager, Job Description
    17. Appendix 9 Incident Manager, Job Description
    18. Appendix 10 Incident Status Levels
    19. Appendix 11 Incident Priority Levels
    20. Appendix 12 Service Desk Feedback Form
    21. Appendix 13 Problem Manager, Job Description
    22. Appendix 14 Contents of the Forensic Laboratory SIP
    23. Appendix 15 Change Categories
    24. Appendix 16 Change Manager, Job Description
    25. Appendix 17 Standard Requirements of a Request for Change
    26. Appendix 18 Emergency Change Policy
    27. Appendix 19 Release Management Policy
    28. Appendix 20 Release Manager, Job Description
    29. Appendix 21 Configuration Management Plan Contents
    30. Appendix 22 Configuration Management Policy
    31. Appendix 23 Configuration Manager, Job Description
    32. Appendix 24 Information Stored in the DSL and DHL
    33. Appendix 25 Capacity Manager, Job Description
    34. Appendix 26 Capacity Management Plan
    35. Appendix 27 Service Management Policy
    36. Appendix 28 Service Level Manager, Job Description
    37. Appendix 29 Service Reporting Policy
    38. Appendix 30 Policy for Maintaining and Servicing IT Equipment
    39. Appendix 31 ISO 17025 Tool Test Method Documentation
    40. Appendix 32 Standard Forensic Tool Tests
    41. Appendix 33 Forensic Tool Test Report Template
    42. Appendix 34 Overnight Backup Checklist
  16. Chapter 8. Incident Response
    1. Abstract
    2. 8.1 General
    3. 8.2 Evidence
    4. 8.3 Incident Response as a Process
    5. 8.4 Initial Contact
    6. 8.5 Types of First Response
    7. 8.6 The Incident Scene
    8. 8.7 Transportation to the Forensic Laboratory
    9. 8.8 Crime Scene and Seizure Reports
    10. 8.9 Postincident Review
    11. Appendix 1 Mapping ISO 17020 to IMS Procedures
    12. Appendix 2 First Response Briefing Agenda
    13. Appendix 3 Contents of the Grab Bag
    14. Appendix 4 New Case Form
    15. Appendix 5 First Responder Seizure Summary Log
    16. Appendix 6 Site Summary Form
    17. Appendix 7 Seizure Log
    18. Appendix 8 Evidence Locations in Devices and Media
    19. Appendix 9 Types of Evidence Typically Needed for a Case
    20. Appendix 10 The On/Off Rule
    21. Appendix 11 Some Types of Metadata That may be Recoverable from Digital Images
    22. Appendix 12 Countries with Different Fixed Line Telephone Connections
    23. Appendix 13 Some Interview Questions
    24. Appendix 14 Evidence Labeling
    25. Appendix 15 Forensic Preview Forms
    26. Appendix 16 A Traveling Forensic Laboratory
    27. Appendix 17 Movement Sheet
    28. Appendix 18 Incident Response Report
    29. Appendix 19 Postincident Review Agenda
    30. Appendix 20 Incident Processing Checklist
  17. Chapter 9. Case Processing
    1. Abstract
    2. 9.1 Introduction to Case Processing
    3. 9.2 Case Types
    4. 9.3 Precase Processing
    5. 9.4 Equipment Maintenance
    6. 9.5 Management Processes
    7. 9.6 Booking Exhibits in and out of the Secure Property Store
    8. 9.7 Starting a New Case
    9. 9.8 Preparing the Forensic Workstation
    10. 9.9 Imaging
    11. 9.10 Examination
    12. 9.11 Dual Tool Verification
    13. 9.12 Digital Time Stamping
    14. 9.13 Production of an Internal Case Report
    15. 9.14 Creating Exhibits
    16. 9.15 Producing a Case Report for External Use
    17. 9.16 Statements, Depositions, and Similar
    18. 9.17 Forensic Software Tools
    19. 9.18 Backing up and Archiving a Case
    20. 9.19 Disclosure
    21. 9.20 Disposal
    22. Appendix 1 Some International Forensic Good Practice
    23. Appendix 2 Some International and National Standards Relating to Digital Forensics
    24. Appendix 3 Hard Disk Log Details
    25. Appendix 4 Disk History Log
    26. Appendix 5 Tape log Details
    27. Appendix 6 Tape History log
    28. Appendix 7 Small Digital Media Log Details
    29. Appendix 8 Small Digital Media Device Log
    30. Appendix 9 Forensic CASE WORK Log
    31. Appendix 10 Case Processing KPIs
    32. Appendix 11 Contents of Sample Exhibit Rejection Letter
    33. Appendix 12 Sample Continuity Label Contents
    34. Appendix 13 Details of the Forensic Laboratory Property Log
    35. Appendix 14 Exhibit Acceptance Letter Template
    36. Appendix 15 Property SPECIAL HANDLINg Log
    37. Appendix 16 Evidence Sought
    38. Appendix 17 Request for Forensic examination
    39. Appendix 18 Client Virtual Case File Structure
    40. Appendix 19 Computer Details Log
    41. Appendix 20 Other Equipment Details Log
    42. Appendix 21 Hard Disk Details Log
    43. Appendix 22 Other Media Details Log
    44. Appendix 23 Cell Phone Details Log
    45. Appendix 24 Other Device Details Log
    46. Appendix 25 Some Evidence Found in Volatile Memory
    47. Appendix 26 Some File Metadata
    48. Appendix 27 Case Progress Checklist
    49. Appendix 28 Meeting the Requirements of HB 171
    50. Appendix 29 Internal Case Report Template
    51. Appendix 30 Forensic Laboratory Exhibit Log
    52. Appendix 31 Report Production Checklist
  18. Chapter 10. Case Management
    1. Abstract
    2. 10.1 Overview
    3. 10.2 Hard Copy Forms
    4. 10.3 MARS
    5. 10.4 Setting up a New Case
    6. 10.5 Processing a Forensic Case
    7. 10.6 Reports General
    8. 10.7 Administrator's Reports
    9. 10.8 User Reports
    10. Appendix 1 Setting up Organisational Details
    11. Appendix 2 Set up the Administrator
    12. Appendix 3 Audit Reports
    13. Appendix 4 Manage Users
    14. Appendix 5 Manage Manufacturers
    15. Appendix 6 Manage Suppliers
    16. Appendix 7 Manage Clients
    17. Appendix 8 Manage Investigators
    18. Appendix 9 Manage Disks
    19. Appendix 10 Manage Tapes
    20. Appendix 11 Manage Small Digital Media
    21. Appendix 12 Exhibit Details
    22. Appendix 13 Evidence Sought
    23. Appendix 14 Estimates
    24. Appendix 15 Accept or Reject Case
    25. Appendix 16 Movement Log
    26. Appendix 17 Examination Log
    27. Appendix 18 Computer Hardware Details
    28. Appendix 19 Non-Computer Exhibit Details
    29. Appendix 20 Hard Disk Details
    30. Appendix 21 Other Media Details
    31. Appendix 22 Work Record Details
    32. Appendix 23 Updating Case Estimates
    33. Appendix 24 Create Exhibit
    34. Appendix 25 Case Result
    35. Appendix 26 Case Backup
    36. Appendix 27 Billing and Feedback
    37. Appendix 28 Feedback Received
    38. Appendix 29 Organization Report
    39. Appendix 30 Users Report
    40. Appendix 31 Manufacturers Report
    41. Appendix 32 Supplier Report
    42. Appendix 33 Clients Report
    43. Appendix 34 Investigator's Report
    44. Appendix 35 Disks by Assignment Report
    45. Appendix 36 Disks by Reference Number Report
    46. Appendix 37 Wiped Disks Report
    47. Appendix 38 Disposed Disks Report
    48. Appendix 39 Disk History Report
    49. Appendix 40 Tapes by Assignment Report
    50. Appendix 41 Tapes by Reference Number Report
    51. Appendix 42 Wiped Tapes Report
    52. Appendix 43 Disposed Tapes Report
    53. Appendix 44 Tape History Report
    54. Appendix 45 Small Digital Media by Assignment Report
    55. Appendix 46 Small Digital Media by Reference Number Report
    56. Appendix 47 Wiped Small Digital Media Report
    57. Appendix 48 Disposed Small Digital Media Report
    58. Appendix 49 Small Digital Media History Report
    59. Appendix 50 Wipe Methods Report
    60. Appendix 51 Disposal Methods Report
    61. Appendix 52 Imaging Methods Report
    62. Appendix 53 Operating Systems Report
    63. Appendix 54 Media Types Report
    64. Appendix 55 Exhibit Type Report
    65. Appendix 56 Case setup details Report
    66. Appendix 57 Case Movement Report
    67. Appendix 58 Case Computers Report
    68. Appendix 59 Case Non-Computer Evidence Report
    69. Appendix 60 Case Disks Received Report
    70. Appendix 61 Case Other Media Received
    71. Appendix 62 Case Exhibits Received Report
    72. Appendix 63 Case Work Record
    73. Appendix 64 Cases Rejected Report
    74. Appendix 65 Cases Accepted
    75. Appendix 66 Case Estimates Report
    76. Appendix 67 Cases by Forensic Analyst
    77. Appendix 68 Cases by Client Report
    78. Appendix 69 Cases by Investigator Report
    79. Appendix 70 Case Target Dates report
    80. Appendix 71 Cases Within “x  ” Days of Target Date Report
    81. Appendix 72 Cases Past Target Date Report
    82. Appendix 73 Cases Unassigned Report
    83. Appendix 74 Case Exhibits Produced Report
    84. Appendix 75 Case Results Report
    85. Appendix 76 Case Backups Report
    86. Appendix 77 Billing Run Report
    87. Appendix 78 Feedback Letters
    88. Appendix 79 Feedback Forms Printout
    89. Appendix 80 Feedback Reporting Summary by Case
    90. Appendix 81 Feedback Reporting Summary by Forensic Analyst
    91. Appendix 82 Feedback Reporting Summary by Client
    92. Appendix 83 Complete Case Report
    93. Appendix 84 Processed Report
    94. Appendix 85 Insurance Report
  19. Chapter 11. Evidence Presentation
    1. Abstract
    2. 11.1 Overview
    3. 11.2 Notes
    4. 11.3 Evidence
    5. 11.4 Types of Witness
    6. 11.5 Reports
    7. 11.6 Testimony in Court
    8. 11.7 Why Cases Fail
    9. Appendix 1 Nations Ratifying the Budapest Convention
    10. Appendix 2 Criteria for Selection an Expert Witness
    11. Appendix 3 The Forensic Laboratory Code of Conduct for Expert Witnesses
    12. Appendix 4 Report writing Checklist
    13. Appendix 5 Statement and Deposition Writing Checklist
    14. Appendix 6 Non-Verbal Communication to Avoid
    15. Appendix 7 Etiquette in Court
    16. Appendix 8 Testimony Feedback Form
  20. Chapter 12. Secure Working Practices
    1. Abstract
    2. 12.1 Introduction
    3. 12.2 Principles of Information Security within the Forensic Laboratory
    4. 12.3 Managing Information Security in the Forensic Laboratory
    5. 12.4 Physical Security in the Forensic Laboratory
    6. 12.5 Managing Service Delivery
    7. 12.6 Managing System Access
    8. 12.7 Managing Information on Public Systems
    9. 12.8 Securely Managing IT Systems
    10. 12.9 Information Processing Systems Development and Maintenance
    11. Appendix 1 The Forensic Laboratory SOA
    12. Appendix 2 Meeting the Requirements of GAISP
    13. Appendix 3 Software License Database Information Held
    14. Appendix 4 Information Security Manager, Job Description
    15. Appendix 5 Logon Banner
    16. Appendix 6 The Forensic Laboratory’s Security Objectives
    17. Appendix 7 Asset Details to be Recorded in the Asset Register
    18. Appendix 8 Details Required for Removal of an Asset
    19. Appendix 9 Handling Classified Assets
    20. Appendix 10 Asset Disposal Form
    21. Appendix 11 Visitor Checklist
    22. Appendix 12 Rules of the Data Center
    23. Appendix 13 User Account Management Form Contents
    24. Appendix 14 Teleworking Request Form Contents
  21. Chapter 13. Ensuring Continuity of Operations
    1. Abstract
    2. 13.1 Business Justification for Ensuring Continuity of Operations
    3. 13.2 Management Commitment
    4. 13.3 Training and Competence
    5. 13.4 Determining the Business Continuity Strategy
    6. 13.5 Developing and Implementing a Business Continuity Management Response
    7. 13.6 Exercising, Maintaining, and Reviewing Business Continuity Arrangements
    8. 13.7 Maintaining and Improving the BCMS
    9. 13.8 Embedding Business Continuity Forensic Laboratory Processes
    10. 13.9 BCMS Documentation and Records—General
    11. Appendix 1 Supplier Details Held
    12. Appendix 2 Headings for Financial and Security Questionnaire
    13. Appendix 3 Business Continuity Manager, Job Description
    14. Appendix 4 Contents of the Forensic Laboratory BIA Form
    15. Appendix 5 Proposed BCMS Development and Certification Timescales
    16. Appendix 6 Incident Scenarios
    17. Appendix 7 Strategy Options
    18. Appendix 8 Standard Forensic Laboratory BCP Contents
    19. Appendix 9 Table of Contents to the Appendix to a BCP
    20. Appendix 10 BCP Change List Contents
    21. Appendix 11 BCP Scenario Plan Contents
    22. Appendix 12 BCP Review Report Template Contents
    23. Appendix 13 Mapping IMS Procedures to ISO 22301
    24. Appendix 14 Differences Between ISO 22301 and BS 25999
  22. Chapter 14. Managing Business Relationships
    1. Abstract
    2. 14.1 The Need for Third Parties
    3. 14.2 Clients
    4. 14.3 Third Parties Accessing the Forensic Laboratory
    5. 14.4 Managing Service Level Agreements
    6. 14.5 Suppliers of Office and IT Products and Services
    7. 14.6 Utility Service Providers
    8. 14.7 Contracted Forensic Consultants and Expert Witnesses
    9. 14.8 Outsourcing
    10. 14.9 Use of Sub-contractors
    11. 14.10 Managing Complaints
    12. 14.11 Reasons for Outsourcing Failure
    13. Appendix 1 Contents of a Service Plan
    14. Appendix 2 Risks to Consider With Third Parties
    15. Appendix 3 Contract Checklist for Information Security Issues
    16. Appendix 4 SLA Template for Products and Services for Clients
    17. Appendix 5 RFX Descriptions
    18. Appendix 6 The Forensic Laboratory RFx template checklist
    19. Appendix 7 RFX Timeline for Response, Evaluation, and Selection
    20. Appendix 8 Forensic Consultant’s Personal Attributes
    21. Appendix 9 Some Tips for Selecting an Outsourcing Service Provider
    22. Appendix 10 Areas to Consider for Outsourcing Contracts
  23. Chapter 15. Effective Records Management
    1. 15.1 Introduction
    2. 15.2 Legislative, Regulatory, and Other Requirements
    3. 15.3 Record Characteristics
    4. 15.4 A Records Management Policy
    5. 15.5 Defining the Requirements for Records Management in the Forensic Laboratory
    6. 15.6 Determining Forensic Laboratory records to be Managed by the ERMS
    7. 15.7 Using Metadata in the Forensic Laboratory
    8. 15.8 Record Management Procedures
    9. 15.9 Business Continuity
    10. Appendix 1 MoReq2 Functional Requirements
    11. Appendix 2 Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures
    12. Appendix 3 Types of Legislation and Regulation That Will Affect Record Keeping
    13. Appendix 4 Forensic Laboratory Record keeping Policy
    14. Appendix 5 Record Management System Objectives
    15. Appendix 6 Business Case Contents
    16. Appendix 7 Outline of the ERMS Project
    17. Appendix 8 Selection Criteria for an ERMS
    18. Appendix 9 Initial ERMS Feedback Questionnaire
    19. Appendix 10 Metadata Required in the ERMS
    20. Appendix 11 Sample e-Mail Metadata
    21. Appendix 12 Forensic Case Records Stored in the ERMS
    22. Appendix 13 Dublin Core Metadata Elements
    23. Appendix 14 National Archives of Australia Metadata Standard
    24. Appendix 15 Responsibilities for Records Management in the Forensic Laboratory
    25. Appendix 16 Metadata for Records Stored Off-Site
    26. Appendix 17 Records Classification System
    27. Appendix 18 Disposition Authorization
    28. Appendix 19 Additional Requirements for Physical Record Recovery
    29. Appendix 20 Specialized Equipment Needed for Inspection and Recovery of Damaged Records
  24. Chapter 16. Performance Assessment
    1. Abstract
    2. 16.1 Overview
    3. 16.2 Performance Assessment
  25. Chapter 17. Health and Safety Procedures
    1. Abstract
    2. 17.1 General
    3. 17.2 Planning for OH&S
    4. 17.3 Implementation and Operation of the OH&S Management System
    5. 17.4 Checking Compliance with OH&S Requirements
    6. 17.5 Improving the OH&S Management System
    7. Appendix 1 OH&S Policy Checklist
    8. Appendix 2 The Forensic Laboratory OH&S Policy
    9. Appendix 3 Health and Safety Manager Job Description
    10. Appendix 4 Some Examples of OH&S Drivers
    11. Appendix 5 The Forensic Laboratory OH&S Objectives
    12. Appendix 6 Sample Hazards in the Forensic Laboratory
    13. Appendix 7 Hazard Identification Form
    14. Appendix 8 Some Areas for Inspection for Hazards
    15. Appendix 9 Inputs to the Risk Assessment Process
    16. Appendix 10 OH&S Risk Rating
    17. Appendix 11 DSE Initial Workstation Self-Assessment Checklist
    18. Appendix 12 DSE Training Syllabus
    19. Appendix 13 DSE Assessors Checklist
    20. Appendix 14 Measurement of OH&S success
    21. Appendix 15 Specific OH&S Incident Reporting Requirements
    22. Appendix 16 OH&S Investigation Checklist and Form Contents
    23. Appendix 17 OH&S Incident Review
    24. Appendix 18 OHSAS 18001 Mapping to IMS Procedures
  26. Chapter 18. Human Resources
    1. Abstract
    2. 18.1 Employee Development
    3. 18.2 Development
    4. 18.3 Termination
    5. Appendix 1 Training Feedback Form
    6. Appendix 2 Employee Security Screening Policy Checklist
    7. Appendix 3 Employment Application Form
    8. Appendix 4 Employment Application Form Notes
    9. Appendix 5 Some Documents That Can Verify Identity
    10. Appendix 6 Document Authenticity Checklist
    11. Appendix 7 Verifying Addresses
    12. Appendix 8 Right To Work Checklist
    13. Appendix 9 Reference Authorization
    14. Appendix 10 Statutory Declaration
    15. Appendix 11 Employer Reference Form
    16. Appendix 12 Employer’s Oral Reference Form
    17. Appendix 13 Confirmation of an Oral Reference Letter
    18. Appendix 14 Qualification Verification Checklist
    19. Appendix 15 Criminal Record Declaration Checklist
    20. Appendix 16 Personal Reference Form
    21. Appendix 17 Personal Oral Reference Form
    22. Appendix 18 Other Reference Form
    23. Appendix 19 Other Reference Form
    24. Appendix 20 Employee Security Screening File
    25. Appendix 21 Top Management Acceptance of Employment Risk
    26. Appendix 22 Third-Party Employee Security Screening Provider Checklist
    27. Appendix 23 Recruitment Agency Contract Checklist
    28. Appendix 24 Investigation Manager, Job Description
    29. Appendix 25 Forensic Laboratory System Administrator, Job Description
    30. Appendix 26 Employee, Job Description
    31. Appendix 27 Areas of Technical Competence
    32. Appendix 28 Some Professional Forensic and Security Organizations
    33. Appendix 29 Training Specification Template
    34. Appendix 30 Training Proposal Evaluation Checklist
    35. Appendix 31 Training Supplier Interview and Presentation Checklist
    36. Appendix 32 Training Reaction Level Questionnaire
    37. Appendix 33 The Forensic Laboratory Code of Ethics
    38. Appendix 34 Termination Checklist
  27. Chapter 19. Accreditation and Certification for a Forensic Laboratory
    1. Abstract
    2. 19.1 Accreditation and Certification
    3. 19.2 Accreditation for a Forensic Laboratory
    4. 19.3 Certification for a Forensic Laboratory
    5. Appendix 1 Typical Conditions of Accreditation
    6. Appendix 2 Contents of an Audit Response
    7. Appendix 3 Management System Assessment Non-conformance Examples
    8. Appendix 4 Typical Closeout Periods
  28. Chapter 20. Emerging Issues
    1. Abstract
    2. 20.1 Introduction
    3. 20.2 Specific Challenges
  29. Appendix. Acronyms
  30. Bibliography
    1. International Standards
    2. National Standards
    3. Guidance from Authoritative Sources
  31. Index
  32. Glossary

Product information

  • Title: Digital Forensics Processing and Procedures
  • Author(s): David Lilburn Watson, Andrew Jones
  • Release date: August 2013
  • Publisher(s): Syngress
  • ISBN: 9781597497459