Digital Forensic Readiness

Digital forensic tasks are commonly performed in reaction to some type of security event or incident. By operating under this context, there is extreme pressure put on the investigative team to work quickly to gather digital evidence before it is modified or lost. Generally, the objective of digital forensic readiness can be summarized as the ability to maximize the potential use of electronically stored information (ESI) while minimizing investigative costs. In addition to this primary objective, other benefits realized from digital forensic readiness include: legally gathering admissible evidence without interrupting business functions, gathering evidence required to validate the business impact of security events and incidents, permitting investigations to proceed at a cost lower than the cost of a security event or incident, and minimizing the disruption and impact to business functions. Even with a strong defense-in-depth strategy of administrative, physical, and technical security controls, organizations still need to operate under the mindset that security events and incidents will occur.