Appendix K: Investigative Workflow


From the time when the initial event occurs, organizations must follow a consistent and repeatable process that encompasses several stages of information gathering (ie, preserving digital evidence, conducting interviewing), communication (ie, stakeholder reporting, escalations), and documentation (ie, standard operating procedures, incident/case management knowledgebase).
The goal of following a logical investigative process is to reduce the possibility for quick and uninformed decisions to be made at any time. However, understanding that the context of every investigation can be uniquely different, the logical workflow should still provide organizations with the ability to make the best and the most ...

Get Implementing Digital Forensic Readiness now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.