Digital Forensics Processing and Procedures

1st Edition

Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements

Authors: David Lilburn Watson Andrew Jones
Paperback ISBN: 9781597497428
eBook ISBN: 9781597497459
Imprint: Syngress
Published Date: 17th September 2013
Page Count: 880
53.95 + applicable tax
42.99 + applicable tax
69.95 + applicable tax
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab.

Key Features

  • A step-by-step guide to designing, building and using a digital forensics lab
  • A comprehensive guide for all roles in a digital forensics laboratory
  • Based on international standards and certifications


Forensic laboratories (police, government or civilian), Expert witnesses for digital forensic cases, Legal professionals, Forensics regulators, Investigators involved with seize of digital evidence (police forces, IT departments, HR departments)

Table of Contents

About the Authors

Technical Editor Bio



Chapter 1. Introduction


1.1 Introduction

Appendix 1 Some Types of Cases Involving Digital Forensics

Appendix 2 Growth of Hard Disk Drives for Personal Computers

Appendix 3 Disk Drive Size Nomenclature

Chapter 2. Forensic Laboratory Accommodation


2.1 The Building

2.2 Protecting Against External and Environmental Threats

2.3 Utilities and Services

2.4 Physical Security

2.5 Layout of the Forensic Laboratory

Appendix 1 Sample Outline for a Business Case

Appendix 2 Forensic Laboratory Physical Security Policy

Chapter 3. Setting up the Forensic Laboratory


3.1 Setting up the Forensic Laboratory

Appendix 1 The Forensic Laboratory ToR

Appendix 2 Cross Reference Between ISO 9001 and ISO 17025

Appendix 3 Conflict of Interest Policy

Appendix 4 Quality Policy

Chapter 4. The Forensic Laboratory Integrated Management System


4.1 Introduction

4.2 Benefits

4.3 The Forensic Laboratory IMS

4.4 The Forensic Laboratory Policies

4.5 Planning

4.6 Implementation and Operation

4.7 Performance Assessment

4.8 Continuous Improvement

4.9 Management Reviews

Appendix 1 Mapping ISO Guide 72 requirements to PAS 99

Appendix 2 PAS 99 Glossary

Appendix 3 PAS 99 Mapping to IMS Procedures

Appendix 4 The Forensic Laboratory Goal Statement

Appendix 5 The Forensic Laboratory Baseline Measures

Appendix 6 Environment Policy

Appendix 7 Health and Safety Policy

Appendix 8 Undue Influence Policy

Appendix 9 Business Continuity Policy

Appendix 10 Information Security Policy

Appendix 11 Access Control Policy

Appendix 12 Change or Termin


No. of pages:
© Syngress 2013
eBook ISBN:
Paperback ISBN:

About the Author

David Lilburn Watson

David Lilburn Watson heads up Forensic Computing Ltd, a specialist forensic recovery and investigation company. He is responsible for the coordination and efficient delivery of the computer forensic and electronic evidence recovery services, digital investigations, and provides support for a broad range of investigative, security and risk consulting assignments. He is a Certified Fraud Examiner (CFE) and a Certified Information Forensic Investigator (CIFI), a Certified Computer Crime Investigator (CCCI), an Advanced Certified Computer Forensics Technician (CCFT). In addition to specialised forensic certifications he is a Certified Information Security Systems Professional (CISSP), a Certified Information Systems Manager (CISM) and a Certified Information Systems Auditor (CISA). David has also led Forensic Computing Ltd to ISO 27001 and ISO 9001 certification, making FCL one of very few consultancies to hold such important credentials in the field of forensic services.

Affiliations and Expertise

is head of Forensic Computing Ltd, a specialist forensic recovery and investigation company.

Andrew Jones

After 25 years service with the British Army’s Intelligence Corps, Andy Jones became a business manager and a researcher and analyst in the area of Information Warfare and computer crime at a defence research establishment. In Sept 2002, on completion of a paper on a method for the metrication of the threats to information systems, he left the defence environment to take up a post as a principal lecturer at the University of Glamorgan in the subjects of Network Security and Computer Crime and as a researcher on the Threats to Information Systems and Computer Forensics. At the university he developed and managed a well equipped Computer Forensics Laboratory and took the lead on a large number of computer investigations and data recovery tasks. He holds a Ph.D. in the area of threats to information systems. In January 2005 he joined the Security Research Centre at BT where he became a Chief Researcher and the head of information. Andy now holds a post as a visiting Professor at Edith Cowan University in Perth, Australia and he is currently the Programme Chair for the M.Sc. in Information Security at Khalifa University in Sharjah, UAE.

Affiliations and Expertise

is the Program Chair for the M.Sc. in Information Security at Khalifa University in Sharjah, UAE.


"With this book you have a finely detailed chart guiding you through every aspect of creating, using and documenting processes that will make you compliant with both the formal accreditation standards and less formal, but no less important, industry best practices…if you are running – or plan to run – a digital forensics business, then this will provide a template for everything you do."--Network Security, May 2014
"It is clear that the authors bring real-world experience to the book, covering the whole life cycle of digital forensics investigations, gathering evidence, and chain of custody results…it will be a very useful handbook for future experts, especially those charged with setting up a forensic laboratory or those seeking accreditation and certification of an existing laboratory.", February 19, 2014
"…this volume on digital forensics and investigation provides information on best practices for meeting regulatory requirements and gaining and maintaining certifications and accreditation within the digital forensics field. The work is divided into three sections covering initial policies and procedures for setting up a laboratory, operating procedures and continuing policies, and accreditation standards and requirements.", February 2014
"What the book does do is provide a comprehensive and all-inclusive set of details that covers the entire lifecycle of a digital forensics investigation, ensuing evidence gathered, and chain of custody that results…Authors David Lilburn Watson and Andrew Jones bring decades of detailed real-world experience to the book, which readers are certain to find to be a unique reference.", December 16, 2013