Implementing Digital Forensic Readiness, From Reactive to Proactive Process by Sachowski, Jason -- Read -- Imperial Library of Trantor

Index

Cover image Title page Table of Contents Copyright Preface Introduction About the Author Acknowledgments Section A. Digital Forensics

Chapter 1. Understanding Digital Forensics

Introduction History of Digital Crime and Forensics Prologue (1960–80) Infancy (1980–95) Childhood (1995–2005) Adolescence (2005–15) The Future (2015 and Beyond) Digital Forensics Overview Legal Aspects Collecting Digital Evidence Types of Forensic Investigations Digital Forensic Resources Summary

Chapter 2. Investigative Process Models

Introduction Existing Process Models Digital Forensic Readiness Model Summary

Chapter 3. Evidence Management

Introduction Evidence Rules Preparation Gathering Processing Presentation Summary Resources

Section B. Digital Forensic Readiness

Chapter 4. Understanding Forensic Readiness

Introduction Digital Forensics and Information Security What Is Forensic Readiness? Cost and Benefit of Forensic Readiness Implementing Forensic Readiness Summary

Chapter 5. Define Business Risk Scenarios

Introduction What Is Business Risk? Forensic Readiness Scenarios Scenario Assessment Summary

Chapter 6. Identify Potential Data Sources

Introduction What Is a Data Source? Cataloging Data Sources External Data Considerations Data Exposure Concerns Forensics in the System Development Life Cycle Summary

Chapter 7. Determine Collection Requirements

Introduction Precollection Questions Evidence Collection Factors Data Security Requirements Summary

Chapter 8. Establish Legal Admissibility

Introduction Legal Admissibility Preservation Challenges Preservation Strategies Summary Resources

Chapter 9. Establish Secure Storage and Handling

Introduction Secure Storage Attributes Administrative Governance Foundations Backup and Restoration Strategies Summary

Chapter 10. Enable Targeted Monitoring

Introduction What is (Un)Acceptable Activity? Traditional Security Monitoring Modern Security Monitoring Analytical Techniques Implementation Concerns Summary

Chapter 11. Map Investigative Workflows

Introduction Incident Management Lifecycle Incident Handling and Response Investigation Workflow Summary

Chapter 12. Establish Continuing Education

Introduction Education and Training Digital Forensic Roles Balancing Business Versus Technical Learning Summary

Chapter 13. Maintain Evidence-Based Reporting

Introduction Importance of Factual Reports Types of Reports Arranging Written Reports Inculpatory and Exculpatory Evidence Summary

Chapter 14. Ensure Legal Review

Introduction Technology Counseling Laws and Regulations Obtaining Legal Advice Summary Resources

Chapter 15. Accomplishing Forensic Readiness

Introduction Maintain a Business-Centric Focus Do Not Reinvent the Wheel Understand the Costs and Benefits Summary

Section C. Appendices

Introduction Appendix A: Investigative Process Models Appendix B: Education and Professional Certifications Appendix C: Tool and Equipment Validation Program Appendix D: Service Catalog Appendix E: Cost–Benefit Analysis Appendix F: Building Taxonomy Appendix G: Risk Assessment Appendix H: Threat Modeling Appendix I: Data Warehouse Introduction Appendix J: Requirements Analysis Appendix K: Investigative Workflow

Section D. Templates

Introduction Template A: Test Case Document Template B: Investigator Logbook Template C: Chain of Custody Tracking Form Template D: Investigative Final Report Template E: Service Catalog Template F: Business Case Document Template G: Net Present Value Template H: Threat/Risk Assessment Report Template I: Data Source Inventory Matrix Template J: Project Charter Document Template K: Requirements Specification Document

Bibliography Index