Organizations need to get ready with Digital Forensic: Part 2

Integrating Forensic with other IT security activities

Forensic readiness is complementary to, and an enhancement of, many existing information security activities. 

1. Policy Update – Updating IT policies appropriately for inclusion of Digital Forensic related terms
2. Asset Management – It is important to know which assets are subject to target and potential sources for evidence gathering
3. Risk Management – It should be part of an information security risk assessment to determine the possible disputes and crimes that may give rise to a need for electronic evidence. 
4. Incident Response – It is closely related to incident response and business continuity, to ensure that evidence found in an investigation is preserved and the continuity of evidence maintained. 
5. Security Monitoring – It is part of security monitoring, to detect or deter disputes that have a potentially major business impact. 
6. Security Training – Forensic readiness also needs to be incorporated into security training, particularly for middle managers who have to deal with an incident in a multi-disciplinary team. 
7. DR/BCP – Forensic readiness can be tested as part of business continuity and disaster recovery exercises

Cost associated with Forensic readiness

The sorts of activities where costs will be incurred include: 

• Training IT and other relevant staff
• Systematic gathering of potential evidence
• Secure storage of potential evidence
• Preparation for incidents
• Enhanced capability for evidence retrieval
• Legal advice
• Developing an in-house Digital Forensic Investigation capability, if required