Appendix C: Investigative Workflow

Introduction

The logical flow from the time the initial event occurs requires organizations to follow a consistent and repeatable process that encompasses several stages of information (i.e., preserving digital evidence, conducting interviewing) gathering, communication (i.e., stakeholder reporting, escalations), and documentation (i.e., SOPs, incident/case management knowledge base).

The goal of following a logical investigative process is to reduce the possibility of quick and uninformed decisions being made at any time. However, with the understanding that the context of every investigation can be uniquely different, the logical workflow should still provide organizations with the ability to make the best ...

Get Implementing Digital Forensic Readiness, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.