Introduction

Regardless of how strong an organization defenses, there will come a time when the weakest link is exposed leading to some type of incident. When that time comes, organizations turn to the highly specialized skills of digital forensic investigators to parse through and extract evidence from the complex volumes of data.

Unfortunately, there are times when an incident occurs and organizations are unable to support the digital investigation process with the electronic data needed to conduct analysis and arrive at credible and factual conclusions. Not only does this slow down the digital investigation process, it also places additional overhead on people and system to reactively identify where relevant electronic data is and work to have it properly collected and preserved to support the investigation. In comparison, the ability to collect and preserve electronic data before something happens enhances the digital investigation process by pro-actively streamlining activates and reducing overhead.

This book has been written from the business perspective of the digital forensics discipline.

This book is not designed to provide detailed technical knowledge of digital forensic science or how to perform digital forensic investigations. This book is written from a nontechnical business perspective and is intended as an implementation guide for preparing your organization to enhance its digital forensic readiness by moving away from being reactive and becoming proactive with investigations.

While the basic principles, methodologies, and techniques of digital forensic science are covered, this book focuses on outlining—in detail—where, what, and how an organization can enhance its people, processes, and technologies to implement effective and proactive digital forensic readiness.