book

Implementing Digital Forensic Readiness, 2nd Edition

by Jason Sachowski

May 2019

Intermediate to advanced

504 pages

13h 39m

English

CRC Press

Read now

Unlock full access

IntroductionThe Role of Technology in CrimeHistory of Digital Crime and ForensicsPrologue (1960s–1980s)Infancy (1980–1995)Childhood (1995–2005)Adolescence (2005–2015)The Future (2015 and Beyond)Evolutionary Cycle of Digital Forensics“Ad Hoc” Phase“Structured” Phase“Enterprise” PhasePrinciples of Digital ForensicsEvidence ExchangeForensics SoundnessAuthenticity and IntegrityChain of CustodyTypes of Forensics InvestigationsLegal AspectsJurisdictionDigital Forensics ResourcesSummary
IntroductionExisting Process ModelsDigital Forensics Readiness ModelSummary
IntroductionTypes of Digital EvidenceCommon Sources of Digital EvidenceLog FilesComputer SystemsInfrastructure DevicesVirtual SystemsCloud ComputingMobile DevicesExternal SourcesFederal Rules of EvidenceInvestigative Process MethodologyPreparationInformation Security ManagementLab EnvironmentHardware and SoftwareGatheringOperating ProceduresProcessingPresentationEvidence Storage NetworksSummary
IntroductionImportance of EthicsPrinciples of EthicsPersonal EthicsProfessional EthicsComputer EthicsBusiness EthicsEthics in Digital ForensicsCertifications and Professional OrganizationsDigital Forensics Certification Board (DFCB)International Association of Computer Investigative Specialists (IACIS)International Society of Forensics Computer Examiners (ISFCE)Principles for Digital ForensicsImpartiality and ObjectivityOpenness and DisclosureConfidentiality and TrustDue Diligence and Duty of CareCertifications and AccreditationsSummary
IntroductionThe Role of Digital Forensics in an EnterpriseStarting a Digital Forensics ProgramStep #1: Understand Business RisksStep #2: Outline Business ScenariosStep #3: Establish Governance FrameworkStep #4: Enable Technical ExecutionStep #5: Define Service OfferingsMaintaining a Digital Forensics ProgramEducational RoadmapForensics Toolkit MaintenanceKey Performance Indicators (KPI)Resource CapacityChallenges and StrategiesTeam PlacementIndustry RegulationPolitical InfluencesSummary
IntroductionWhat Is Digital Forensics Readiness?Costs and Benefits of Digital Forensics ReadinessCost AssessmentBenefits AnalysisImplementing Forensics ReadinessSummary
IntroductionWhat Is Business Risk?Forensics Readiness ScenariosScenario #1: Reduce the Impact of CybercrimeScenario #2: Validate the Impact of Cybercrime or DisputesMitigating Control LogsOverhead Time and EffortIndirect Business LossRecovery and Continuity ExpensesScenario #3: Produce Evidence to Support Organizational Disciplinary IssuesScenario #4: Demonstrating Compliance with Regulatory or Legal RequirementsScenario #5: Effectively Manage the Release of Court-Ordered DataScenario #6: Support Contractual and Commercial AgreementsScenario AssessmentSummary
IntroductionWhat Is a Data Source?Background EvidenceForeground EvidenceCataloguing Data SourcesPhase #1: Prepare an Action PlanPhase #2: Identify Data SourcesPhase #3: Document DeficienciesInsufficient Data AvailabilityUnidentified Data SourcesExternal Data ConsiderationsData Exposure ConcernsForensic ArchitecturesSystems LifecycleWaterfall and Agile ModelsSummary
IntroductionPre-collection QuestionsEvidence Collection FactorsBest Evidence RuleTimeMetadataCause and EffectCorrelation and AssociationCorroboration and RedundancyStorage DurationStorage InfrastructureData Security RequirementsSummary
IntroductionLegal AdmissibilityPreservation ChallengesPreservation StrategiesAdministrative ControlsPoliciesGuidelinesStandardsProceduresTechnical ControlsStorage SecurityIntegrity MonitoringCryptographic AlgorithmsRemote LoggingSecure DeliveryPhysical ControlsDeterDetectDenyDelaySummary
IntroductionSecure Storage AttributesLeast Privilege AccessEnd-to-End CryptographyIntegrity CheckingPhysical SecurityAdministrative Governance FoundationsPersonnelEvidence StorageEvidence HandlingIncident and Investigative ResponseAssurance ControlsBackup and Restoration StrategiesNear Real-Time Data ReplicationData ReplicationData Restoration from On-line Backup MediaData Restoration from Off-line Backup MediaSummary
IntroductionWhat Is (un)acceptable Activity?Digital Forensics in Enterprise SecurityInformation Security vs. Cyber SecurityDefense-in-DepthTraditional Security MonitoringModern Security MonitoringPositive SecurityAustralian Signal Directorate (ASD)Analytical TechniquesMisuse DetectionAnomaly DetectionSpecification-Based DetectionMachine LearningExtractive ForensicsInductive ForensicsDeductive ForensicsImplementation ConcernsSummary
IntroductionIncident Management LifecycleIntegrating the Digital Forensic Readiness ModelIncident Handling and ResponsePhase #1: Preparation“Event” versus “Incident”Policies, Plans, and ProceduresTeam Structure and ModelsCommunication and EscalationEscalation ManagementPhase #2: RespondDetectionAnalysisPrioritizationPhase #3: RestoreContainmentEradication and RecoveryPhase #4: LearnThe Incident Response Team (IRT)The Role of Digital Forensics During an IncidentPractitionerAdvisorInvestigation WorkflowTypes of Security InvestigationsSummary
IntroductionTypes of Education and TrainingAwarenessBasic KnowledgeFunctional KnowledgeProfessional CertificationSpecialized KnowledgeOrganizational Roles and ResponsibilitiesThe Digital Forensics TeamRolesTitlesAn Educational RoadmapTechnical KnowledgeIntroductoryIntermediateAdvancedNon-Technical KnowledgeIntroductoryIntermediateAdvancedDigital Forensics ExpertsSummary
IntroductionImportance of Factual ReportsTypes of ReportsCreating Understandable ReportsArranging Written ReportsInculpatory and Exculpatory EvidenceSummary
IntroductionThe Role of Technology in CrimeLaws and RegulationsInformation Technology (IT) LawCyberlaw or Internet LawComputer LawLegal PrecedenceBrady Rule: Inculpatory and Exculpatory EvidenceFrye versus Daubert Standard: General Acceptance TestingJurisdictionTechnology CounsellingObtaining Legal AdviceConstraintsDisputesEmployeesLiabilitiesProsecutionCommunicationInvolving Law EnforcementSummary
IntroductionMaintain a Business-Centric FocusDon’t Reinvent the WheelUnderstand Costs and BenefitsSummary
IntroductionBrief History of Cloud ComputingWhat Is Cloud Computing?CharacteristicsService ModelsDelivery ModelsIsolation ModelsChallenges with Cloud EnvironmentsMobilityHyper-ScalingContainerizationFirst RespondersEvidence Gathering and ProcessingForensics Readiness MethodologyStep #1: Define Business Risk ScenariosStep #2: Identify Potential Data SourcesStep #3: Determine Collection RequirementsEnterprise Management StrategiesCloud Computing GovernanceSecurity and Configuration StandardsReference ArchitecturesStep #4: Establish Legal AdmissibilityLayers of TrustStep #5: Establish Secure Storage and HandlingStep #6: Enable Targeted MonitoringStep #7: Map Investigative WorkflowsPhase #1: PreparationPhase #2: GatheringPhase #3: ProcessingPhase #4: PresentationStep #8: Establish Continuing EducationGeneral AwarenessBasic TrainingFormal EducationStep #9: Maintain Evidence-Based PresentationsStep #10: Ensure Legal ReviewContractual AgreementsSummary
IntroductionBrief History of Mobile DevicesChallenges with Mobile DevicesLossTheftReplacementLocal StorageCloud StorageEncryption“Burner” PhonesForensics Readiness MethodologyStep #1: Define Business Risk ScenariosStep #2: Identify Potential Data SourcesStep #3: Determine Collection RequirementsEnterprise Management StrategiesStep #4: Establish Legal AdmissibilityStep #5: Establish Secure Storage and HandlingStep #6: Enable Targeted MonitoringStep #7: Map Investigative WorkflowsPhase #1: PreparationPhase #2: GatheringPhase #3: ProcessingPhase #4: PresentationStep #8: Establish Continuing EducationGeneral AwarenessBasic TrainingFormal EducationStep #9: Maintain Evidence-Based PresentationStep #10: Ensure Legal ReviewSummary
IntroductionBrief History of the Internet of Things (IoT)What Is the Internet of Things (IoT)?Challenges with the Internet of Things (IoT)Form FactorSecurityPrivacyEvidence Gathering and ProcessingForensics ToolkitsForensics Readiness MethodologyStep #1: Define Business Risk ScenariosStep #2: Identify Potential Data SourcesStep #3: Determine Collection RequirementsStep #4: Establish Legal AdmissibilityZones of TrustStep #5: Establish Secure Storage and HandlingStep #6: Enable Targeted MonitoringStep #7: Map Investigative WorkflowsPhase #1: PreparationPhase #2: GatheringPhase #3: ProcessingPhase #4: PresentationStep #8: Establish Continuing EducationGeneral AwarenessBasic TrainingFormal EducationStep #9: Maintain Evidence-Based PresentationStep #10: Ensure Legal ReviewDiscriminationPrivacySecurityConsentSummary

Overview

Implementing Digital Forensic Readiness: From Reactive to Proactive Process, Second Edition presents the optimal way for digital forensic and IT security professionals to implement a proactive approach to digital forensics. The book details how digital forensic processes can align strategically with business operations and an already existing information and data security program.