4Digital Forensic Readiness

Ausra Dilijonaite

Cyber Risk Services, Deloitte AS, Oslo, Norway

By failing to prepare, you are preparing to fail.

—Benjamin Franklin

4.1 Introduction

Many television series with forensics subject matter depict gadgets and amazing hackers who can expose tiny, revealing details to investigators. These details then lead to breakthroughs in their cases. With the spice of drama and suspense, digital forensics seems truly exciting. But while the television series makes it seem convenient, exciting, and easy, real-life investigations require far more effort and preparation. This chapter examines the preparation part of the digital investigation process, which is called digital forensic readiness.

This chapter details the definition and rationale for digital forensic readiness, lays down main components to be included (people, processes, procedures, and technology), and discusses the difference between corporate and law enforcement digital forensic readiness. The chapter is based on the research performed in Dilijonaite (2014).

4.2 Definition

Digital forensic readiness is defined by answering the question “What does it mean to be ready?” Simply put, it means being prepared. The goal of digital investigation is to reconstruct the incident and find supporting or refuting evidence. Ultimately, the collected digital evidence can be used in a court of law. Thus, it follows: to be forensically ready means to be prepared to efficiently execute digital investigations ...

Get Digital Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.