Implementing Digital Forensic Readiness: From Reactive to Proactive Process, Second Edition presents the optimal way for digital forensic and IT security professionals to implement a proactive approach to digital forensics. The book details how digital forensic processes can align strategically with business operations and an already existing information and data security program.
Detailing proper collection, preservation, storage, and presentation of digital evidence, the procedures outlined illustrate how digital evidence can be an essential tool in mitigating risk and redusing the impact of both internal and external, digital incidents, disputes, and crimes. By utilizing a digital forensic readiness approach and stances, a company’s preparedness and ability to take action quickly and respond as needed. In addition, this approach enhances the ability to gather evidence, as well as the relevance, reliability, and credibility of any such evidence.
New chapters to this edition include Chapter 4 on Code of Ethics and Standards, Chapter 5 on Digital Forensics as a Business, and Chapter 10 on Establishing Legal Admissibility. This book offers best practices to professionals on enhancing their digital forensic program, or how to start and develop one the right way for effective forensic readiness in any corporate or enterprise setting.
Table of Contents
I: ENABLING DIGITAL FORENSICS. Understanding Digital Forensics. Investigative Process Methodology. Digital Evidence Management. Ethics and Conduct. Digital Forensics as a Business. II: ENHANCING DIGITAL FORENSICS. Understanding Digital Forensic Readiness. Defining Business Risk Scenarios. Identify Potential Data Sources. Determine Collection Requirements. Establishing Legal Admissibility. Establish Secure Storage and Handling. Enabling Targeted Monitoring. Mapping Investigative Workflows. Establish Continuing Education. Maintaining Evidence-Based Reporting. Ensuring Legal Review. Accomplishing Digital Forensic Readiness. III: INTEGRATING DIGITAL FORENSICS. Forensics Readiness in Cloud Environments. Forensics Readiness with Mobile Devices. Forensics Readiness and the Internet of Things. IV: ADDENDUMS. A: Tool and Equipment Validation Program. B: Service Catalog. C: Cost-Benefit Analysis. D: Building a Taxonomy. E: Risk Assessment. F: Threat Modelling. G: Data Warehousing Introduction. H: Requirements Analysis. V: APPENDIXES. A: Investigative Process Models. B: Education and Professional Certifications. C: Investigative Workflow. VI: TEMPLATES. 1: Test Case. 2: Logbook. 3: Chain of Custody. 4: Investigative Final Report. 5: Service Catalog. 6: Business Case. 7: Net Present Value (NPV). 8: Threat Risk Assessment. 9: Data Source Inventory Matrix. 10: Project Charter. 11: Requirement Analysis Report.
Jason Sachowski has over twelve years of experience in digital forensic investigations, secure software development, and information security architecture. He currently manages a team of forensic investigators and data breach analysts for The Bank of Nova Scotia, commonly known as Scotiabank, Canada’s third largest and most international bank.
Throughout his career, Jason has performed hundreds of digital forensic investigations involving Enterprise servers, network logs, smart phones, and database systems. Complimentary to his technical experiences, he has also developed and maintained processes and procedures, managed large information security budgets, and governed the negotiation of third-party contracts.
In addition to his professional career, Jason is the author of book ‘Implementing Digital Forensic Readiness: From Reactive to Proactive Process’. He also serves as a contributing author and content moderator for DarkReading, is a subject matter expert for (ISC)2 professional exam development, and volunteers as an advocate for CyberBullying prevention and CyberSecurity awareness.
He holds several Information Security and Digital Forensic certifications including: Certified Information Systems Security Professional - Information Systems Security Architecture Professional (CISSP-ISSAP), Certified Cyber Forensics Professional (CCFP), Certified Secure Software Lifecycle Professional (CSSLP), Systems Security Certified Practitioner (SSCP), and EnCase Certified Examiner (EnCE).