Contents
Section I
ENABLING DIGITAL FORENSICS
1 Understanding Digital Forensics
The Role of Technology in Crime
History of Digital Crime and Forensics
Evolutionary Cycle of Digital Forensics
Principles of Digital Forensics
Types of Forensics Investigations
2 Investigative Process Methodology
Digital Forensics Readiness Model
Common Sources of Digital Evidence
Investigative Process Methodology
Information Security Management
Certifications and Professional Organizations
Digital Forensics Certification Board (DFCB)
International Association of Computer Investigative Specialists (IACIS)
International Society of Forensics Computer Examiners (ISFCE)
Principles for Digital Forensics
Due Diligence and Duty of Care
Certifications and Accreditations
5 Digital Forensics as a Business
The Role of Digital Forensics in an Enterprise
Starting a Digital Forensics Program
Step #1: Understand Business Risks
Step #2: Outline Business Scenarios
Step #3: Establish Governance Framework
Step #4: Enable Technical Execution
Step #5: Define Service Offerings
Maintaining a Digital Forensics Program
Key Performance Indicators (KPI)
Section II
ENHANCING DIGITAL FORENSICS
6 Understanding Digital Forensic Readiness
What Is Digital Forensics Readiness?
Costs and Benefits of Digital Forensics Readiness
Implementing Forensics Readiness
7 Defining Business Risk Scenarios
Scenario #1: Reduce the Impact of Cybercrime
Scenario #2: Validate the Impact of Cybercrime or Disputes
Recovery and Continuity Expenses
Scenario #3: Produce Evidence to Support Organizational Disciplinary Issues
Scenario #4: Demonstrating Compliance with Regulatory or Legal Requirements
Scenario #5: Effectively Manage the Release of Court-Ordered Data
Scenario #6: Support Contractual and Commercial Agreements
8 Identify Potential Data Sources
Phase #1: Prepare an Action Plan
Phase #2: Identify Data Sources
Phase #3: Document Deficiencies
Insufficient Data Availability
9 Determine Collection Requirements
10 Establishing Legal Admissibility
11 Establish Secure Storage and Handling
Administrative Governance Foundations
Incident and Investigative Response
Backup and Restoration Strategies
Near Real-Time Data Replication
Data Restoration from On-line Backup Media
Data Restoration from Off-line Backup Media
12 Enabling Targeted Monitoring
What Is (un)acceptable Activity?
Digital Forensics in Enterprise Security
Information Security vs. Cyber Security
Traditional Security Monitoring
Australian Signal Directorate (ASD)
13 Mapping Investigative Workflows
Integrating the Digital Forensic Readiness Model
Incident Handling and Response
Policies, Plans, and Procedures
The Incident Response Team (IRT)
The Role of Digital Forensics During an Incident
Types of Security Investigations
14 Establish Continuing Education
Types of Education and Training
Organizational Roles and Responsibilities
15 Maintaining Evidence-Based Reporting
Creating Understandable Reports
Inculpatory and Exculpatory Evidence
The Role of Technology in Crime
Information Technology (IT) Law
Brady Rule: Inculpatory and Exculpatory Evidence
Frye versus Daubert Standard: General Acceptance Testing
17 Accomplishing Digital Forensic Readiness
Maintain a Business-Centric Focus
Section III
INTEGRATING DIGITAL FORENSICS
18 Forensics Readiness in Cloud Environments
Brief History of Cloud Computing
Challenges with Cloud Environments
Evidence Gathering and Processing
Forensics Readiness Methodology
Step #1: Define Business Risk Scenarios
Step #2: Identify Potential Data Sources
Step #3: Determine Collection Requirements
Enterprise Management Strategies
Security and Configuration Standards
Step #4: Establish Legal Admissibility
Step #5: Establish Secure Storage and Handling
Step #6: Enable Targeted Monitoring
Step #7: Map Investigative Workflows
Step #8: Establish Continuing Education
Step #9: Maintain Evidence-Based Presentations
19 Forensics Readiness with Mobile Devices
Brief History of Mobile Devices
Challenges with Mobile Devices
Forensics Readiness Methodology
Step #1: Define Business Risk Scenarios
Step #2: Identify Potential Data Sources
Step #3: Determine Collection Requirements
Enterprise Management Strategies
Step #4: Establish Legal Admissibility
Step #5: Establish Secure Storage and Handling
Step #6: Enable Targeted Monitoring
Step #7: Map Investigative Workflows
Step #8: Establish Continuing Education
Step #9: Maintain Evidence-Based Presentation
20 Forensics Readiness and the Internet of Things
Brief History of the Internet of Things (IoT)
What Is the Internet of Things (IoT)?
Challenges with the Internet of Things (IoT)
Evidence Gathering and Processing
Forensics Readiness Methodology
Step #1: Define Business Risk Scenarios
Step #2: Identify Potential Data Sources
Step #3: Determine Collection Requirements
Step #4: Establish Legal Admissibility
Step #5: Establish Secure Storage and Handling
Step #6: Enable Targeted Monitoring
Step #7: Map Investigative Workflows
Step #8: Establish Continuing Education
Step #9: Maintain Evidence-Based Presentation
Addendum A: Tool and Equipment Validation Program
Addendum C: Cost-Benefit Analysis
Addendum D: Building a Taxonomy
Addendum G: Data Warehousing Introduction
Addendum H: Requirements Analysis
Appendix A: Investigative Process Models
Appendix B: Education and Professional Certifications
Appendix C: Investigative Workflow
Template 4: Investigative Final Report
Template 7: Net Present Value (NPV)
Template 8: Threat Risk Assessment
Template 9: Data Source Inventory Matrix
Template 11: Requirement Analysis Report
18.225.98.18