Forensic readiness planning
A forensic readiness plan is an important part of a strategic Incident Response plan. Without both forensic readiness plan and incident response plans, any organisation is severely limiting investigations into an IT Security incident. For example, it is not possible to effectively investigate a network incident unless secure logging has been enabled on network and/or endpoint devices.
A large number of corporate investigations never result in legal action. Data does not, therefore, require to be handled in a forensically sound manner. However, it is always possible for an investigation to uncover some illegal activity that has to be handed over to the local law enforcement agencies. If suspect media has not been handled correctly, the whole prosecution case may be jeopardised. Compliance with a forensic readiness plan will ensure all staff involved in any investigation are aware of the correct procedures to follow when handling digital evidence.
Benefits of forensic readiness planning
It gives an organisation the ability to use digital evidence to minimise the cost of an investigation.
- It addresses a number of key business risks by providing evidence to detect and deter crime such as fraud, information theft, internet abuse and by preparing an organisation for the use of digital evidence in its own defence.