Appendix C: Investigative Workflow

Introduction

The logical flow from the time the initial event occurs requires organizations to follow a consistent and repeatable process that encompasses several stages of information (i.e., preserving digital evidence, conducting interviewing) gathering, communication (i.e., stakeholder reporting, escalations), and documentation (i.e., SOPs, incident/case management knowledge base).

The goal of following a logical investigative process is to reduce the possibility of quick and uninformed decisions being made at any time. However, with the understanding that the context of every investigation can be uniquely different, the logical workflow should still provide organizations with the ability to make the best and most educated decisions related to what actions are to be performed next.

The investigative workflow illustrated in Figures AC.1, AC.2, AC.3, AC.4 encompasses each business risk scenario as discuss further in Chapter 7, “Defining Business Risk Scenarios.” While the specific business risk–naming conventions have not been used in the workflow that follows, the methodology and approach take into consideration the workflow and activities required to address each risk scenario as it occurs.

Image

Figure AC.1 Investigative workflow—process initiation.

Image

Figure AC.2 Investigative workflow—volatile data process.

Image

Figure AC.3 Investigative workflow—targeted forensics process.

Image

Figure AC.4 Investigative workflow—broad audit process.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.147.6.10