Digital forensics has been a discipline of information security for decades. Since the digital forensics profession was formalized as a scientific discipline, the principles, methodologies, and techniques have remained consistent despite the evolution of technology and can ultimately be applied to any form of digital data. Within a corporate environment, digital forensics practitioners are often relied upon to maintain the legal admissibility and forensic viability of digital evidence in support of a broad range of different business functions.
Why This Book
Regardless of how strong an organization’s defenses are, there will come a time when the weakest link is exposed, leading to some type of incident or event. When that time comes, organizations turn to the highly specialized skills of digital forensics practitioners to parse through and extract evidence from the complex volumes of data.
Unfortunately, there are times when an incident or event occurs and organizations are unable to support the digital investigation process with the electronic data needed to conduct analysis and arrive at conclusions. Not only does this slow down the digital investigation process, it also places additional overhead on people and systems to reactively identify where relevant electronic data is and work to have it properly collected and preserved to support the investigation. In comparison, the ability to collect and preserve electronic data before something happens enhances the digital investigation process by streamlining activities, reducing overhead, and enabling a proactive approach to incidents or events.
Who Will Benefit from This Book
This book was written from a non-technical business perspective to provide readers with realistic methodologies and strategies related to how the people, process, and technology aspects of digital forensics are integrated throughout an enterprise to support different business operations.
While this book does cover the fundamental principles, methodologies, and techniques of digital forensics, it largely focuses on outlining how the people, process, and technology areas are used to defend the enterprise through integrating digital forensics capabilities with key business functions.
The information contained in this book has been written to benefit people who:
• Are employed, both directly or indirectly, in the digital forensics profession and are working to implement digital forensics readiness capabilities within their organization
• Are employed in the information security profession and are interested in implementing security controls that enable proactive digital forensics capabilities
• Are academic scholars pursuing non-technical business knowledge about requirements for enabling proactive digital forensics capabilities throughout an enterprise environment
Who Will NOT Benefit from This Book
This book is not designed to provide readers with technical knowledge about digital forensics, including the “hands-on” and “how-to” aspects of the discipline; such as how to forensically acquire a hard drive.
How This Book Is Organized
This book is organized into six thematic sections:
Section 1: Enabling Digital Forensics outlines the fundamental principles, methodologies, and techniques applied unanimously throughout the digital forensic discipline.
Section 2: Enhancing Digital Forensics analyses additional considerations for enabling and enhancing digital forensic capabilities throughout an enterprise environment.
Section 3: Integrating Digital Forensics addresses best practices for integrating the people, process and technologies components of digital forensics across an enterprise environment.
Section 4: Addendums provides complimentary content that discusses topics and subject areas not directly related to Digital Forensics.
Section 5: Appendixes provides supplementary content that expand topics and subject areas discussed in throughout other sections of this book.
Section 6: Templates supply structured templates and forms used in support of the digital forensic and business functions/processes covered throughout.