Establishing and Managing a Successful Facility To order this title, and for more information, click here
By Andrew Jones Craig Valli
Description The need to professionally and successfully conduct computer forensic investigations of incidents and crimes has never been greater. This
has caused an increased requirement for information about the creation and management of computer forensic laboratories and the investigations
themselves. This includes a great need for information on how to cost-effectively establish and manage a computer forensics laboratory.
This book meets that need: a clearly written, non-technical book on the topic of computer forensics with emphasis on the establishment
and management of a computer forensics laboratory and its subsequent support to successfully conducting computer-related crime investigations.
Audience
Corporate security directors, law enforcement high-technology crime investigators, other security professionals and private investigators.
The secondary audiences will be IT professionals and academics.
Contents SECTION I: Computer Related Crime Investigations and Computer Forensics Management Support.
This section provides a background to computer
crime and addresses the Computer Forensics management issues related to Computer Forensic Incidents and Crime Investigations. It looks
at how investigations are carried out, what needs to be considered in the planning of an investigation and the conduct of the investigation
including the collection and storage of evidence. The section finishes with a number of case studies to highlight how things can go
well if they are done properly and how they can go wrong if they are not.
Chapter 1. A Short History of Computer-Related Crimes and
the Developing Need for Computer Forensics. This chapter will provide an overview of computer-related crimes from the less sophisticated
and localized dial-up computer crimes to today's sophisticated, global, network attacks; as well as the history of the development of
the computer forensics profession and increasingly formal computer forensics laboratories.
Chapter 2. An Introduction to Computer
Forensics. This chapter provides an overview of the important concepts associated with "computer forensics." It describes the potential
sources of evidence available in the typical microcomputer, how to conduct a search for evidence, and a method of conducting a search
in a systematic and effective manner.
Chapter 3. Types of Forensic Investigation. This chapter will include the reasons for carrying
out the investigation and the type of investigation that is being undertaken, for example single computer, network or mobile devices.
Chapter 4. Responding to Crimes requiring Computer Forensic Investigation. This chapter will talk about what actions are required,
the management considerations and just as importantly, what should not be done when responding to a high tech crime scene. It will deal
with the differing requirements that must be considered for the range of types of investigation that the laboratory may be called on
to take part in including; stand alone PCs, Servers, Networks, Live Acquisition and wireless and will discuss the management issues that
relate to the use of function specific tools.
Chapter 5. Management of the Collections of Evidence. As the title states, this chapter
will talk about the management issues that relate to the collection of high technology crime scene evidence, a crucial part of any high
technology investigation. It will also deal with issues such as continuity of evidence in of custody.
Chapter 6. Management of evidence
storage. This chapter will address the issues that relate to the storage of evidence and the management issues that need to be considered
to ensure that it is carried out effectively and to meet the relevant rules and legislation. We will also address the difficult question
of long term storage periods, a particular problem for Law Enforcement.
Chapter 7. High Technology Crimes: Case Summaries. This chapter
gives a range of cases that illustrate the types of incidents that may be encountered under the general grouping of high technology crimes.
There are examples of cases that have been successful and other examples that highlight that a lack of good procedures can lead to considerable
expense, loss of credibility and embarrassment. This chapter will also address the specific roles that the computer forensics laboratory
and staff play in each of the cases cited.
SECTION II: Creating a Computer Forensics Laboratory.
This Section will provide a background
explanation of Computer Forensics and address management issues related to the creation of a laboratory and a computer forensic investigations
laboratory. The section will include an introduction to computer forensics and the types of investigation that may be encountered and
will give advice on things that need to be considered when establishing a laboratory. The section will give advice on how to develop
a workable business plan and an insight into where to locate the lab and how big it should be. The section also deals with the vitally
important issue of quality assurance so that the efforts and risks taken are not wasted and the organisation gains and maintains a good
reputation. Finally the section looks at staff selection, training and support and the regulations, standards and legislation that will
need to be complied with if the lab is to be credible and successful.
Chapter 8. Establishing and Managing a Computer Forensics Laboratory.
The chapter will provide the reader with a discussion of the "basic how-to" of establishing and managing a computer forensics laboratory
based on real-world experience.
NOTE: It's based on the authors' many years of hands-on, real-world experiences in conducting computer-related
crime investigations and establishing and managing computer forensics laboratories. It is not a theoretical discussion as has been the
case by some inexperienced authors who have never conducted computer-related investigations nor established and managed computer forensics
laboratories.
Chapter 9. Scoping the requirement for the Laboratory. This chapter will draw upon the experience of the authors to
provide guidance on how to scope out the requirement for the laboratory. This will include guidance on the potential throughput and
the number of staff and the quantity and type of equipment that will be required to satisfy the anticipated workload. This chapter will
also discuss how to identify computer forensics laboratory requirements and establishing the required budget to support the development
of the laboratory.
Chapter 10. Developing the Business Plan. This chapter will cover the development of the business plan for the creation
and running of the computer forensics laboratory.
Chapter 11. The location and size of the Laboratory. This chapter will address a
range of issues that must be considered when deciding on the location of the laboratory. This will include the location of the laboratory
in terms of the geographic location, the location with regard to the owning organisation and the location of the laboratory within a
building.
Chapter 12. Selecting the staff. This chapter will discuss a range of the issues that are related to the selection of the
right staff for the laboratory. The chapter will include assessment of the suitability of staff, their qualifications and experience,
their references and, if required their background checks and security vetting. The chapter will also deal with the requirement for
the provision of support for staff including counseling and psychiatric assessment.
Chapter 13. Training. This chapter will address
the requirement for staff training and the achieving the balance between enough training to create and maintain an effective laboratory
and excessive training, which is likely to cause unnecessary costs and to leave the organisation vulnerable to poaching of staff by rival
companies or organisations. It will also address a strategy for the development of specialist areas within the teams. Specific entities
will be addressed where staff members can get the needed training both online and through a number of identified lectures and conferences;
as well as a sample staff training needs identification and project plan to address deficiencies and maintain currency in all aspects
of the profession of computer forensics laboratory specialist.
Chapter 14. Quality Assurance. This chapter will address the vitally
important issue of Quality Assurance and will describe when it should be carried out, who should do it and to what standards.
Chapter
15. Legislation, Regulation and Standards. This chapter will look at a range of the International, national and local legislation and
regulations that must be addressed if the Laboratory is to fulfill its role and be credible and efficient. The chapter will also look
at issues such as Data protection and Human rights laws and the impact that this may have on the resources and methods used to carry
out investigations.
SECTION III: Managing a Computer Forensics Laboratory and Computer-Related Crime Investigative Support
This Section
gives an overview of the management issues related to a computer forensics laboratory and the investigations profession. The section
looks at the roles within the laboratory and why and how to develop credible plans for the Laboratory at all levels. It also examines
a number of methods for the measurement of the effectiveness of the laboratory -- figures that will be vital in workload management and
supporting the plans that are put forward. The section also looks at the wider issues of information sharing and sources of valuable
information that can enhance the capability of the laboratory.
Chapter 16. Understanding the Role of the Computer Forensic Laboratory
Manager. The objective of this chapter is to describe and discuss the major functions of the Computer Forensics laboratory Manager that
need to be carried out and a description of the flow processes that can be used to establish the baseline in performing the computer
forensics laboratory functions.
Chapter 17. The Computer Forensics Laboratory Strategic, Tactical, and Annual Plans. The objective
of this chapter is to establish the plans for the Computer Forensics Laboratory that provide the subsets of the parent organization's
Strategic, Tactical, and Annual Plans. These plans will set the direction for the organization's high technology anti-crime program while
integrating the plans into organization's plans, thus indicating that the high technology anti-crime program is an integral part of the
organisation.
Chapter 18 Sources of information, Networking and Liaison. The objective of this chapter is to identify, describe and
discuss a range of information sources of various types, joining and establishing networks with your peers, and liaison with outside
agencies.
Chapter 19. Computer Forensics Investigation Laboratory Metrics Management System. The objective of this chapter is to outline
and discuss the identification, development and use of suitable metrics to assist in managing a high technology crime investigations
laboratory and high technology crime prevention program. The chapter will look at a number of initiatives such as those at the National
E Crime Prevention Centre and the UK Met Police/ ACPO initiative and the Internet Watch Foundation that have been undertaken around the
world, but specifically in the USA, Europe and Australia.
Chapter 20. Workload Management and the Outsourcing option. Having the right
level of resources to meet the demands that will be put on the Laboratory not always be achievable, but should be planned for. Outsourcing
is a management tool that can help in balancing the workload and can also help to save money. This chapter will look at the possibilities
of outsourcing this function and a process that can be used to make that determination.
SECTION IV: Future Computer Forensic Investigation
Challenges.
This Section looks at the challenges in computer forensic investigations and their management that are expected to affect
the people involved in the future. The section looks at the needs of the staff for a career path in the relevant disciplines and also
looks at the changing importance of computer forensics in the criminal justice system and the technological developments that are likely
to affect our ability to support investigations. The section finishes with some final thoughts by the authors.
Chapter 21. Developing
a Career in Computer Forensics Management. The objective of this chapter is to provide the computer forensic investigator with a career
development plan outline that can be used in developing a career as a computer forensic laboratory manager.
Chapter 22. The Future
of Computer Forensics, its supporting laboratory needs and its role in crime investigations. This chapter looks at the effect that changes
in the technologies and the ways in which they are used will affect computer forensics and the role that this plays in an increasing
range of criminal investigations. As computing devices become more ubiquitous, so the range of crimes that will potentially involve
computers will increase. This chapter will look at the implications of these changes and give advice on the issues that will need to
be considered,
Chapter 23. The Future of Computer Forensics in the Criminal Justice Systems. This chapter takes a look at the role
of computer forensics and its laboratory in the criminal justice system and the issues that will arise as technologies and crime change
and legislation is modified to keep pace.
Chapter 24. A Summary of Thoughts, Issues and Problems. This chapter discusses what might
happen in a dynamic organisation that drastically changes the computer forensics laboratory, the crime prevention program and the laboratory
manager's role.
Chapter 25. Conclusions. This chapter will summarize the book and provide a few final thoughts and pieces of advice
from the authors.
Appendices: This will include Computer Forensics related references and bibliography; and biographies of the authors.
Books and book related electronic products are priced in US dollars (USD), euro (EUR), and Great Britain Pounds (GBP). USD prices apply to the Americas and Asia Pacific. EUR prices apply in Europe and the Middle East. GBP prices apply to the UK and all other countries.
Establishing and Managing a Successful Facility
