The Handbook of Archival Practice by Unknown

Author:Unknown
Language: eng
Format: epub
Publisher: ROWMAN & LITTLEFIELD
Published: 2021-07-26T00:00:00+00:00

Forensic Training: Teaching organizational staff how to comply with forensic best practices.

Forensic Culture: A set of shared beliefs, assumptions, and practices that shape and direct members’ attitudes and behaviors toward forensic readiness.

Management Support: Support of the forensic program by the management of an organization.

Forensic Governance: The implementation of processes and structures in an organization that set and monitor responsibilities and practices within a forensic program.

In order to achieve these objectives, an organization needs a forensic strategy that takes into consideration its special settings and circumstances (e.g., industry, size, risks, and regulatory requirements). The forensic strategy must be in line with the overall organizational objectives, and it must be adaptable to change. The forensic-related tasks in the program will be performed by the forensic stakeholders. Forensic stakeholders include the technical forensic team, system administrators, incident response team, etc. However, the technical forensic expertise may also be outsourced to external parties. The forensic team will need to utilize software and hardware to perform the forensic tasks. Some of these technologies may be outsourced if external parties are employed. The organization IT infrastructure must be architected in a way that increases its production, retention, and protection of potential digital evidence. The architecture must not violate any laws (e.g., privacy rights). Examples of such architecture include: enabling system logs and storing these logs in a dedicated secure server, retaining customers’ transactions for a certain length of time, and implementing mechanisms in the system to ensure that users are traceable.

Several objectives may be achieved by organizations being forensically ready. Forensic readiness helps organizations satisfy regulatory requirements. Examples of such requirements include: being able to respond to incidents, ensuring that incidents are reported, making data discoverable, and retaining financial records. Forensic readiness also helps organizations to produce evidence that can be used for legal purposes (e.g., prosecution, legal defense, e-discovery orders, and commercial disputes) and internal purposes (e.g., disciplinary actions, unfair dismissal claims, internal hearings, records management, and demonstrating validity of contracts). Another objective that may be achieved by being forensically ready is the ability to respond to incidents in a forensically sound manner. Forensic response may range from simply knowing how to preserve the scene and report incidents to running full internal investigations. Additionally, being forensically ready may help organizations to achieve other non-forensic related objectives such as: improving the security posture, reducing investigation costs, reducing disruption of investigations on business, maintaining the reputation of the organization, improving the interaction interface with law enforcement, evaluating the impact of incidents, and being able to recover data.

All staff in the organization must develop basic forensic awareness and learn how to respond, and to whom an incident should be reported. The level of staff awareness could be raised through training and the enforcement of a forensic policy. Policy and training educate the staff on what is/is not acceptable in the program, their roles and responsibilities, what is being monitored, their privacy expectations, consequences of noncompliance, etc. The forensic policy and training could be integrated with the relevant provisions of the security program.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.