O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Implementing Digital Forensic Readiness

Book Description

Implementing Digital Forensic Readiness: From Reactive to Proactive Process shows information security and digital forensic professionals how to increase operational efficiencies by implementing a pro-active approach to digital forensics throughout their organization. It demonstrates how digital forensics aligns strategically within an organization’s business operations and information security’s program. This book illustrates how the proper collection, preservation, and presentation of digital evidence is essential for reducing potential business impact as a result of digital crimes, disputes, and incidents. It also explains how every stage in the digital evidence lifecycle impacts the integrity of data, and how to properly manage digital evidence throughout the entire investigation. Using a digital forensic readiness approach and preparedness as a business goal, the administrative, technical, and physical elements included throughout this book will enhance the relevance and credibility of digital evidence. Learn how to document the available systems and logs as potential digital evidence sources, how gap analysis can be used where digital evidence is not sufficient, and the importance of monitoring data sources in a timely manner. This book offers standard operating procedures to document how an evidence-based presentation should be made, featuring legal resources for reviewing digital evidence.

  • Explores the training needed to ensure competent performance of the handling, collecting, and preservation of digital evidence
  • Discusses the importance of how long term data storage must take into consideration confidentiality, integrity, and availability of digital evidence
  • Emphasizes how incidents identified through proactive monitoring can be reviewed in terms of business risk
  • Includes learning aids such as chapter introductions, objectives, summaries, and definitions

Table of Contents

  1. Cover image
  2. Title page
  3. Table of Contents
  4. Copyright
  5. Preface
  6. Introduction
  7. About the Author
  8. Acknowledgments
  9. Section A. Digital Forensics
    1. Chapter 1. Understanding Digital Forensics
      1. Introduction
      2. History of Digital Crime and Forensics
      3. Prologue (1960–80)
      4. Infancy (1980–95)
      5. Childhood (1995–2005)
      6. Adolescence (2005–15)
      7. The Future (2015 and Beyond)
      8. Digital Forensics Overview
      9. Legal Aspects
      10. Collecting Digital Evidence
      11. Types of Forensic Investigations
      12. Digital Forensic Resources
      13. Summary
    2. Chapter 2. Investigative Process Models
      1. Introduction
      2. Existing Process Models
      3. Digital Forensic Readiness Model
      4. Summary
    3. Chapter 3. Evidence Management
      1. Introduction
      2. Evidence Rules
      3. Preparation
      4. Gathering
      5. Processing
      6. Presentation
      7. Summary
      8. Resources
  10. Section B. Digital Forensic Readiness
    1. Chapter 4. Understanding Forensic Readiness
      1. Introduction
      2. Digital Forensics and Information Security
      3. What Is Forensic Readiness?
      4. Cost and Benefit of Forensic Readiness
      5. Implementing Forensic Readiness
      6. Summary
    2. Chapter 5. Define Business Risk Scenarios
      1. Introduction
      2. What Is Business Risk?
      3. Forensic Readiness Scenarios
      4. Scenario Assessment
      5. Summary
    3. Chapter 6. Identify Potential Data Sources
      1. Introduction
      2. What Is a Data Source?
      3. Cataloging Data Sources
      4. External Data Considerations
      5. Data Exposure Concerns
      6. Forensics in the System Development Life Cycle
      7. Summary
    4. Chapter 7. Determine Collection Requirements
      1. Introduction
      2. Precollection Questions
      3. Evidence Collection Factors
      4. Data Security Requirements
      5. Summary
    5. Chapter 8. Establish Legal Admissibility
      1. Introduction
      2. Legal Admissibility
      3. Preservation Challenges
      4. Preservation Strategies
      5. Summary
      6. Resources
    6. Chapter 9. Establish Secure Storage and Handling
      1. Introduction
      2. Secure Storage Attributes
      3. Administrative Governance Foundations
      4. Backup and Restoration Strategies
      5. Summary
    7. Chapter 10. Enable Targeted Monitoring
      1. Introduction
      2. What is (Un)Acceptable Activity?
      3. Traditional Security Monitoring
      4. Modern Security Monitoring
      5. Analytical Techniques
      6. Implementation Concerns
      7. Summary
    8. Chapter 11. Map Investigative Workflows
      1. Introduction
      2. Incident Management Lifecycle
      3. Incident Handling and Response
      4. Investigation Workflow
      5. Summary
    9. Chapter 12. Establish Continuing Education
      1. Introduction
      2. Education and Training
      3. Digital Forensic Roles
      4. Balancing Business Versus Technical Learning
      5. Summary
    10. Chapter 13. Maintain Evidence-Based Reporting
      1. Introduction
      2. Importance of Factual Reports
      3. Types of Reports
      4. Arranging Written Reports
      5. Inculpatory and Exculpatory Evidence
      6. Summary
    11. Chapter 14. Ensure Legal Review
      1. Introduction
      2. Technology Counseling
      3. Laws and Regulations
      4. Obtaining Legal Advice
      5. Summary
      6. Resources
    12. Chapter 15. Accomplishing Forensic Readiness
      1. Introduction
      2. Maintain a Business-Centric Focus
      3. Do Not Reinvent the Wheel
      4. Understand the Costs and Benefits
      5. Summary
  11. Section C. Appendices
    1. Introduction
    2. Appendix A: Investigative Process Models
    3. Appendix B: Education and Professional Certifications
    4. Appendix C: Tool and Equipment Validation Program
    5. Appendix D: Service Catalog
    6. Appendix E: Cost–Benefit Analysis
    7. Appendix F: Building Taxonomy
    8. Appendix G: Risk Assessment
    9. Appendix H: Threat Modeling
    10. Appendix I: Data Warehouse Introduction
    11. Appendix J: Requirements Analysis
    12. Appendix K: Investigative Workflow
  12. Section D. Templates
    1. Introduction
    2. Template A: Test Case Document
    3. Template B: Investigator Logbook
    4. Template C: Chain of Custody Tracking Form
    5. Template D: Investigative Final Report
    6. Template E: Service Catalog
    7. Template F: Business Case Document
    8. Template G: Net Present Value
    9. Template H: Threat/Risk Assessment Report
    10. Template I: Data Source Inventory Matrix
    11. Template J: Project Charter Document
    12. Template K: Requirements Specification Document
  13. Bibliography
  14. Index