Appendix K: Investigative Workflow

Introduction

From the time when the initial event occurs, organizations must follow a consistent and repeatable process that encompasses several stages of information gathering (ie, preserving digital evidence, conducting interviewing), communication (ie, stakeholder reporting, escalations), and documentation (ie, standard operating procedures, incident/case management knowledgebase).
The goal of following a logical investigative process is to reduce the possibility for quick and uninformed decisions to be made at any time. However, understanding that the context of every investigation can be uniquely different, the logical workflow should still provide organizations with the ability to make the best and the most ...

Get Implementing Digital Forensic Readiness now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.