Firms should put in place forensics plans for incidents that may require computer evidence to be handed over, according to an influential security body.
The Information Assurance Advisory Council (IAAC) published a report earlier this week, that aims to provide organizations with guidance on retaining computer forensics evidence.
Evidence of disputed transactions, suspected fraud, complaints of negligence, cyber attacks and theft of data is required to support an organization's position in legal proceedings, according to the Directors' and Corporate Advisors' Guide to Digital Investigations and Evidence.
Formulating a "forensics readiness plan" would enable organizations to be prepared for high-frequency, low-impact situations, and should go hand in hand with a disaster-recovery plan, according to the report's author, professor Peter Sommer.
"Unless the organization has developed a detailed planned response to typical risk scenarios, much potential evidence will never be collected or will become worthless as a result of contamination," wrote Sommer, a visiting professor for the London School of Economics. "What is needed is a forensic readiness plan."
Businesses should first identify the threats faced by their organization that may require digital forensic evidence. Firms should then identify to what extent they can already collect that evidence, and what remains to be done. Once organizations have familiarized themselves with potential legal issues--including admissibility, data protection and limits to surveillance--an action plan should be produced, wrote Sommer.
An IAAC guide to digital forensics was first made available in 2005. The present guide was written from scratch by Sommer, in response to changes in technology and the law since 2005.
Play video
There are currently no comments for this post.