Forensic Readiness planning

Forensic readiness planning refers to a set of processes required to achieve and maintain forensic readiness. It is the process of building a structure that enables an organization to deal with legal procedures, following a criminal offence. This structure equips the organization to properly deal with incidents and evidence while covering every side of the criminal procedure.

The following steps describe the key activities in Forensic readiness planning:

1. Identify the potential evidence required for an incident:

Define the aim of proof assortment, gather information to determine evidence sources that may facilitate wear down the crime, and design the best ways of collection. Produce an evidence requirement statement unitedly with the people liable for managing the business risk and the ones running and monitoring information systems. Possible evidence files embrace IT audit and device logs, network logs, and system data.

2. Determine the supply of the proof:

Forensic readiness should include data of all the sources of potential proof gift. Determine what presently happens to the potential proof data and its impact on the business whereas retrieving the information.

3. Establish a policy for firmly handling and storing the collected proof:

Secure the collected proof in such manner that it’s out there for retrieval whenever needed within the future. outline a policy for safe storage and management of potential proof likewise as outline security measures to shield legitimacy of the info and proof integrity whenever somebody tries to access, use, move, or store further digital info. Within the parlance of incident res-ponders, this can be the process of continuity of proof within the OK and chain of custody within the United Rates. Document the records of who controls and who had access lathe evidence.

Also Read : Forensic Readiness an Overview

4. Identify if the incident requires full or formal investigation:

Incidents are of different types. Estimate the event and evaluate it to envision if it requires a full or formal investigation or may be neglected supported its impact on the business. Escalate an incident only if it’s a major impact on business continuity.

5. Train the staff to handle the incident and preserve the proof:

Incident management needs a strong and well-qualified workforce, thus ensure that the staff has obtained appropriate training required for fulfilling their roles. it’s also necessary to ensure that staff members are competent to perform any role related to the handling and preservation of evidence.

6. Create a special method for documenting the procedure:

Special method of documenting is critical to answer some queries similarly as support the answers it provides. Documenting the complete process will help recheck the process if it yields false results and provide a backup for future reference. It’ll conjointly help present the evidence in a court of law.

7. Establish a legal board to guide the investigation process:

All investigation processes ought to have a legal stance and the organization should seek legal recommendation before taking any action on the incident. This is often because some incidents might injury the company’s name. Type a legal board consisting of experienced personnel who perceive the company’s stance and may offer sound advice on the strength of the case and recommend any action.

8. Forensic Readiness Procedures: Forensic Policy

Forensics policy will set guidelines for the employees, investigating personnel, and authorities to contribute to the forensics investigation process. It is a set of procedures describing the actions an organization must take to preserve and extract forensic evidence during an incident. Organizations must create a forensics policy and implement it for the incident responders to follow. In organizations, the Chief Information Security Officer CISO will be responsible to set proper guidelines in association with other security and audit personnel.

Related Product : EC-Council Certified Incident Handler | ECIH v2

While creating a forensic policy, organizations must consider the following points:

Under legally admissible conditions and circumstances, authorized personnel should monitor, verify, store, and process the computers and networks to conduct investigations.
Define the roles and responsibilities of the personnel who handle the incidents under a separate policy. They should be aware of the forensic policy.
Outline the roles and responsibilities, including the behaviour and activities of every person involved in the process of computer forensics.
The policy should contain the things that individuals must do and must avoid. Mention the use of tools and the extent to use them.
Mention the actions required to perform during accidental information exposure.
Define the monitoring conditions of the networks and systems, the warning signs, and terms the staff must accept before accessing systems.
Address the inadvertent disclosure of sensitive information, along with data retention methods and tools used for that purpose.
Define what actions should and should not be performed under normal and special conditions during incidents
Ensure that forensic policies contain clear statements that address all major forensic considerations
Determine the points of contact PIDCs) during an incident
Ensure that authorized personnel monitor systems and networks, perform forensic investigations, and assume custody of the physical and digital evidences
Ensure that the forensic policy is consistent with the other security policies in an organization

Forensic readiness planning is part of a quality information risk management approach. Risk areas have to be identified and assessed and measures must be taken to avoid and minimize the impact of such risk. Infosavvy gives training on ECIH v2 course in which you will learn module Forensic investigation. Accreditation by EC-Council in Mumbai Location.

Questions related to this topic

  1. How do you preserve evidence at a crime scene?
  2. What are the steps involved in forensic analysis?
  3. How do you handle digital evidence?
  4. What is computer forensics and what role does it play in responding to a computer incident?

Top Incident Handling Knowledge

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us –

Leave a Comment