The columns in the framework are a metamodel that answers the questions, what, how, when, who, where, and why to describe the enterprise.

4.1.2 Adaptation of the Zachman Framework to Incident Response Preparation

The only reported application of the Zachman framework to digital forensics is Leong’s (2006) FORZA model. In this case, Leong used Zachman to define eight different roles and responsibilities in a digital forensic investigation via a set of interrogative questions that can be utilized during an investigation. While Leong’s model provides a rigorous way to approach postincident data collection, the FORZA model does not address the issue of preparation, which will have an effect on the success of the investigation. Mandia, Prosise, and Pepe (2003), a highly cited resource in incident response, recommended six areas to be addressed in preincident preparation: identifying risk, preparing hosts, preparing networks, establishing policy/procedure, creating a response toolkit, and creating a team to handle incidents. With the addition of a new dimension, training, coupled with several special publications of the NIST (National Institute of Standards and Technology) and a few other resources, the Zachmam framework is modeled for the digital forensics preparation process (DeFranco and Laplante 2011). This new framework provides a model to analyze the vulnerabilities critically, gives suggestions for security and education, and presents a plan for the overall protection of an enterprise’s resources, data, and information.