Digital Forensics Processing and Procedures

Digital Forensics Processing and Procedures

Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements

1st Edition - August 30, 2013

Write a review

  • Authors: David Lilburn Watson, Andrew Jones
  • eBook ISBN: 9781597497459

Purchase options

Purchase options
DRM-free (PDF, Mobi, EPub)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order


This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab.

Key Features

  • A step-by-step guide to designing, building and using a digital forensics lab
  • A comprehensive guide for all roles in a digital forensics laboratory
  • Based on international standards and certifications


Forensic laboratories (police, government or civilian), Expert witnesses for digital forensic cases, Legal professionals, Forensics regulators, Investigators involved with seize of digital evidence (police forces, IT departments, HR departments)

Table of Contents

  • About the Authors

    Technical Editor Bio



    Chapter 1. Introduction


    1.1 Introduction

    Appendix 1 Some Types of Cases Involving Digital Forensics

    Appendix 2 Growth of Hard Disk Drives for Personal Computers

    Appendix 3 Disk Drive Size Nomenclature

    Chapter 2. Forensic Laboratory Accommodation


    2.1 The Building

    2.2 Protecting Against External and Environmental Threats

    2.3 Utilities and Services

    2.4 Physical Security

    2.5 Layout of the Forensic Laboratory

    Appendix 1 Sample Outline for a Business Case

    Appendix 2 Forensic Laboratory Physical Security Policy

    Chapter 3. Setting up the Forensic Laboratory


    3.1 Setting up the Forensic Laboratory

    Appendix 1 The Forensic Laboratory ToR

    Appendix 2 Cross Reference Between ISO 9001 and ISO 17025

    Appendix 3 Conflict of Interest Policy

    Appendix 4 Quality Policy

    Chapter 4. The Forensic Laboratory Integrated Management System


    4.1 Introduction

    4.2 Benefits

    4.3 The Forensic Laboratory IMS

    4.4 The Forensic Laboratory Policies

    4.5 Planning

    4.6 Implementation and Operation

    4.7 Performance Assessment

    4.8 Continuous Improvement

    4.9 Management Reviews

    Appendix 1 Mapping ISO Guide 72 requirements to PAS 99

    Appendix 2 PAS 99 Glossary

    Appendix 3 PAS 99 Mapping to IMS Procedures

    Appendix 4 The Forensic Laboratory Goal Statement

    Appendix 5 The Forensic Laboratory Baseline Measures

    Appendix 6 Environment Policy

    Appendix 7 Health and Safety Policy

    Appendix 8 Undue Influence Policy

    Appendix 9 Business Continuity Policy

    Appendix 10 Information Security Policy

    Appendix 11 Access Control Policy

    Appendix 12 Change or Termination Policy

    Appendix 13 Clear Desk and Clear Screen Policy

    Appendix 14 Continuous Improvement Policy

    Appendix 15 Cryptographic Control Policy

    Appendix 16 Document Retention Policy

    Appendix 17 Financial Management Policy

    Appendix 18 Mobile Devices Policy

    Appendix 19 Network Service Policy

    Appendix 20 Personnel Screening Policy

    Appendix 21 Relationship Management Policy

    Appendix 22 Release Management Policy

    Appendix 23 Service Management Policy

    Appendix 24 Service Reporting Policy

    Appendix 25 Third-Party Access Control Policy

    Appendix 26 Acceptable Use Policy

    Appendix 27 Audit Committee

    Appendix 28 Business Continuity Committee

    Appendix 29 Environment Committee

    Appendix 30 Health and Safety Committee

    Appendix 31 Information Security Committee

    Appendix 32 Quality Committee

    Appendix 33 Risk Committee

    Appendix 34 Service Delivery Committee

    Appendix 35 Whistle Blowing Policy

    Appendix 36 Management Review Agenda

    Appendix 37 Document Control Checklist

    Appendix 38 Document Metadata

    Appendix 39 File-Naming Standards

    Appendix 40 Watermarks in Use in the Forensic Laboratory

    Appendix 41 Document Review Form

    Appendix 42 IMS Calendar

    Appendix 43 Audit Plan Letter

    Appendix 44 Audit Reporting Form

    Appendix 45 CAR/PAR Form

    Appendix 46 Opening Meeting Agenda

    Appendix 47 Closing Meeting Agenda

    Appendix 48 Audit Report Template

    Appendix 49 Root Causes for Non-Conformity

    Chapter 5. Risk Management


    5.1 A Short History of Risk Management

    5.2 An Information Security Risk Management Framework

    5.3 Framework Stage 1 — ISMS Policy

    5.4 Framework Stage 2: Planning, Resourcing, and Communication

    5.5 Framework Stage 3: Information Security Risk Management Process

    5.6 Framework Stage 4: Implementation and Operational Procedures

    5.7 Framework Stage 5: Follow-up Procedures

    Appendix 1 Sample Communication Plan

    Appendix 2 Sample Information Security Plan

    Appendix 3 Asset Type Examples

    Appendix 4 Asset Values

    Appendix 5 Consequences Table

    Appendix 6 Some Common Business Risks

    Appendix 7 Some Common Project Risks

    Appendix 8 Security Threat Examples

    Appendix 9 Common Security Vulnerabilities

    Appendix 10 Risk Management Policy

    Appendix 11 The IMS and ISMS Scope Document

    Appendix 12 Criticality Ratings

    Appendix 13 Likelihood of Occurrence

    Appendix 14 Risk Appetite

    Appendix 15 Security controls from CobIT and NIST 800-53

    Appendix 16 Information Classification

    Appendix 17 The Corporate Risk Register

    Appendix 18 Comparison Between Qualitative and Quantitative Methods

    Appendix 19 Mapping Control Functions to ISO 27001

    Appendix 20 Mapping Security CONCERNS to ISO 27001

    Appendix 21 SoA Template

    Appendix 22 The Forensic Laboratory’s Security Metrics report

    Appendix 23 Mapping ISO 31000 and ISO 27001 to IMS Procedures

    Chapter 6. Quality in the Forensic Laboratory


    6.1 Quality and Good Laboratory Practice

    6.2 Management Requirements for Operating the Forensic Laboratory

    6.3 ISO 9001 for the Forensic Laboratory

    6.4 The Forensic Laboratory’s QMS

    6.5 Responsibilities in the QMS

    6.6 Managing Sales

    6.7 Product and Service Realization

    6.8 Reviewing Deliverables

    6.9 Signing off a Case

    6.10 Archiving a Case

    6.11 Maintaining Client Confidentiality

    6.12 Technical Requirements for the Forensic Laboratory

    6.13 Measurement, Analysis, and Improvement

    6.14 Managing Client Complaints

    Appendix 1 Mapping ISO 9001 to IMS Procedures

    Appendix 2 Mapping ISO 17025 to IMS Procedures

    Appendix 3 Mapping SWGDE Quality Requirements to IMS Procedures

    Appendix 4 Mapping NIST-150 Quality Requirements to IMS Procedures

    Appendix 5 Mapping ENFSI Quality Requirements to IMS Procedures

    Appendix 6 Mapping FSR Quality Requirements to IMS Procedures

    Appendix 7 Quality Manager, Job Description

    Appendix 8 Business Plan Template

    Appendix 9 Business KPIs

    Appendix 10 Quality Plan Contents

    Appendix 11 Induction Checklist Contents

    Appendix 12 Induction Feedback

    Appendix 13 Standard Proposal Template

    Appendix 14 Issues to Consider for Case Processing

    Appendix 15 Standard Quotation Contents

    Appendix 16 Standard Terms and Conditions

    Appendix 17 ERMS Client Areas

    Appendix 18 Cost Estimation Spreadsheet

    Appendix 19 Draft Review Form

    Appendix 20 Client Sign-off and Feedback Form

    Appendix 21 Information Required for Registering a Complaint

    Appendix 22 Complaint Resolution Timescales

    Appendix 23 Complaint Metrics

    Appendix 24 Laboratory Manager, Job Description

    Appendix 25 Forensic Analyst, Job Description

    Appendix 26 Training Agenda

    Appendix 27 Some Individual Forensic Certifications

    Appendix 28 Minimum Equipment Records Required by ISO 17025

    Appendix 29 Reference Case Tests

    Appendix 30 ISO 17025 Reporting Requirements

    Appendix 31 Standard Forensic Laboratory Report

    Chapter 7. IT Infrastructure


    7.1 Hardware

    7.2 Software

    7.3 Infrastructure

    7.4 Process Management

    7.5 Hardware Management

    7.6 Software Management

    7.7 Network Management

    Appendix 1 Some Forensic Workstation Providers

    Appendix 2 Some Mobile Forensic Workstation Providers

    Appendix 3 Standard Build for a Forensic Workstation

    Appendix 4 Some Case Processing Tools

    Appendix 5 Policy for Securing IT Cabling

    Appendix 6 Policy for Siting and Protecting IT Equipment

    Appendix 7 ISO 20000-1 Mapping

    Appendix 8 Service Desk Manager, Job Description

    Appendix 9 Incident Manager, Job Description

    Appendix 10 Incident Status Levels

    Appendix 11 Incident Priority Levels

    Appendix 12 Service Desk Feedback Form

    Appendix 13 Problem Manager, Job Description

    Appendix 14 Contents of the Forensic Laboratory SIP

    Appendix 15 Change Categories

    Appendix 16 Change Manager, Job Description

    Appendix 17 Standard Requirements of a Request for Change

    Appendix 18 Emergency Change Policy

    Appendix 19 Release Management Policy

    Appendix 20 Release Manager, Job Description

    Appendix 21 Configuration Management Plan Contents

    Appendix 22 Configuration Management Policy

    Appendix 23 Configuration Manager, Job Description

    Appendix 24 Information Stored in the DSL and DHL

    Appendix 25 Capacity Manager, Job Description

    Appendix 26 Capacity Management Plan

    Appendix 27 Service Management Policy

    Appendix 28 Service Level Manager, Job Description

    Appendix 29 Service Reporting Policy

    Appendix 30 Policy for Maintaining and Servicing IT Equipment

    Appendix 31 ISO 17025 Tool Test Method Documentation

    Appendix 32 Standard Forensic Tool Tests

    Appendix 33 Forensic Tool Test Report Template

    Appendix 34 Overnight Backup Checklist

    Chapter 8. Incident Response


    8.1 General

    8.2 Evidence

    8.3 Incident Response as a Process

    8.4 Initial Contact

    8.5 Types of First Response

    8.6 The Incident Scene

    8.7 Transportation to the Forensic Laboratory

    8.8 Crime Scene and Seizure Reports

    8.9 Postincident Review

    Appendix 1 Mapping ISO 17020 to IMS Procedures

    Appendix 2 First Response Briefing Agenda

    Appendix 3 Contents of the Grab Bag

    Appendix 4 New Case Form

    Appendix 5 First Responder Seizure Summary Log

    Appendix 6 Site Summary Form

    Appendix 7 Seizure Log

    Appendix 8 Evidence Locations in Devices and Media

    Appendix 9 Types of Evidence Typically Needed for a Case

    Appendix 10 The On/Off Rule

    Appendix 11 Some Types of Metadata That may be Recoverable from Digital Images

    Appendix 12 Countries with Different Fixed Line Telephone Connections

    Appendix 13 Some Interview Questions

    Appendix 14 Evidence Labeling

    Appendix 15 Forensic Preview Forms

    Appendix 16 A Traveling Forensic Laboratory

    Appendix 17 Movement Sheet

    Appendix 18 Incident Response Report

    Appendix 19 Postincident Review Agenda

    Appendix 20 Incident Processing Checklist

    Chapter 9. Case Processing


    9.1 Introduction to Case Processing

    9.2 Case Types

    9.3 Precase Processing

    9.4 Equipment Maintenance

    9.5 Management Processes

    9.6 Booking Exhibits in and out of the Secure Property Store

    9.7 Starting a New Case

    9.8 Preparing the Forensic Workstation

    9.9 Imaging

    9.10 Examination

    9.11 Dual Tool Verification

    9.12 Digital Time Stamping

    9.13 Production of an Internal Case Report

    9.14 Creating Exhibits

    9.15 Producing a Case Report for External Use

    9.16 Statements, Depositions, and Similar

    9.17 Forensic Software Tools

    9.18 Backing up and Archiving a Case

    9.19 Disclosure

    9.20 Disposal

    Appendix 1 Some International Forensic Good Practice

    Appendix 2 Some International and National Standards Relating to Digital Forensics

    Appendix 3 Hard Disk Log Details

    Appendix 4 Disk History Log

    Appendix 5 Tape log Details

    Appendix 6 Tape History log

    Appendix 7 Small Digital Media Log Details

    Appendix 8 Small Digital Media Device Log

    Appendix 9 Forensic CASE WORK Log

    Appendix 10 Case Processing KPIs

    Appendix 11 Contents of Sample Exhibit Rejection Letter

    Appendix 12 Sample Continuity Label Contents

    Appendix 13 Details of the Forensic Laboratory Property Log

    Appendix 14 Exhibit Acceptance Letter Template

    Appendix 15 Property SPECIAL HANDLINg Log

    Appendix 16 Evidence Sought

    Appendix 17 Request for Forensic examination

    Appendix 18 Client Virtual Case File Structure

    Appendix 19 Computer Details Log

    Appendix 20 Other Equipment Details Log

    Appendix 21 Hard Disk Details Log

    Appendix 22 Other Media Details Log

    Appendix 23 Cell Phone Details Log

    Appendix 24 Other Device Details Log

    Appendix 25 Some Evidence Found in Volatile Memory

    Appendix 26 Some File Metadata

    Appendix 27 Case Progress Checklist

    Appendix 28 Meeting the Requirements of HB 171

    Appendix 29 Internal Case Report Template

    Appendix 30 Forensic Laboratory Exhibit Log

    Appendix 31 Report Production Checklist

    Chapter 10. Case Management


    10.1 Overview

    10.2 Hard Copy Forms

    10.3 MARS

    10.4 Setting up a New Case

    10.5 Processing a Forensic Case

    10.6 Reports General

    10.7 Administrator's Reports

    10.8 User Reports

    Appendix 1 Setting up Organisational Details

    Appendix 2 Set up the Administrator

    Appendix 3 Audit Reports

    Appendix 4 Manage Users

    Appendix 5 Manage Manufacturers

    Appendix 6 Manage Suppliers

    Appendix 7 Manage Clients

    Appendix 8 Manage Investigators

    Appendix 9 Manage Disks

    Appendix 10 Manage Tapes

    Appendix 11 Manage Small Digital Media

    Appendix 12 Exhibit Details

    Appendix 13 Evidence Sought

    Appendix 14 Estimates

    Appendix 15 Accept or Reject Case

    Appendix 16 Movement Log

    Appendix 17 Examination Log

    Appendix 18 Computer Hardware Details

    Appendix 19 Non-Computer Exhibit Details

    Appendix 20 Hard Disk Details

    Appendix 21 Other Media Details

    Appendix 22 Work Record Details

    Appendix 23 Updating Case Estimates

    Appendix 24 Create Exhibit

    Appendix 25 Case Result

    Appendix 26 Case Backup

    Appendix 27 Billing and Feedback

    Appendix 28 Feedback Received

    Appendix 29 Organization Report

    Appendix 30 Users Report

    Appendix 31 Manufacturers Report

    Appendix 32 Supplier Report

    Appendix 33 Clients Report

    Appendix 34 Investigator's Report

    Appendix 35 Disks by Assignment Report

    Appendix 36 Disks by Reference Number Report

    Appendix 37 Wiped Disks Report

    Appendix 38 Disposed Disks Report

    Appendix 39 Disk History Report

    Appendix 40 Tapes by Assignment Report

    Appendix 41 Tapes by Reference Number Report

    Appendix 42 Wiped Tapes Report

    Appendix 43 Disposed Tapes Report

    Appendix 44 Tape History Report

    Appendix 45 Small Digital Media by Assignment Report

    Appendix 46 Small Digital Media by Reference Number Report

    Appendix 47 Wiped Small Digital Media Report

    Appendix 48 Disposed Small Digital Media Report

    Appendix 49 Small Digital Media History Report

    Appendix 50 Wipe Methods Report

    Appendix 51 Disposal Methods Report

    Appendix 52 Imaging Methods Report

    Appendix 53 Operating Systems Report

    Appendix 54 Media Types Report

    Appendix 55 Exhibit Type Report

    Appendix 56 Case setup details Report

    Appendix 57 Case Movement Report

    Appendix 58 Case Computers Report

    Appendix 59 Case Non-Computer Evidence Report

    Appendix 60 Case Disks Received Report

    Appendix 61 Case Other Media Received

    Appendix 62 Case Exhibits Received Report

    Appendix 63 Case Work Record

    Appendix 64 Cases Rejected Report

    Appendix 65 Cases Accepted

    Appendix 66 Case Estimates Report

    Appendix 67 Cases by Forensic Analyst

    Appendix 68 Cases by Client Report

    Appendix 69 Cases by Investigator Report

    Appendix 70 Case Target Dates report

    Appendix 71 Cases Within “x  ” Days of Target Date Report

    Appendix 72 Cases Past Target Date Report

    Appendix 73 Cases Unassigned Report

    Appendix 74 Case Exhibits Produced Report

    Appendix 75 Case Results Report

    Appendix 76 Case Backups Report

    Appendix 77 Billing Run Report

    Appendix 78 Feedback Letters

    Appendix 79 Feedback Forms Printout

    Appendix 80 Feedback Reporting Summary by Case

    Appendix 81 Feedback Reporting Summary by Forensic Analyst

    Appendix 82 Feedback Reporting Summary by Client

    Appendix 83 Complete Case Report

    Appendix 84 Processed Report

    Appendix 85 Insurance Report

    Chapter 11. Evidence Presentation


    11.1 Overview

    11.2 Notes

    11.3 Evidence

    11.4 Types of Witness

    11.5 Reports

    11.6 Testimony in Court

    11.7 Why Cases Fail

    Appendix 1 Nations Ratifying the Budapest Convention

    Appendix 2 Criteria for Selection an Expert Witness

    Appendix 3 The Forensic Laboratory Code of Conduct for Expert Witnesses

    Appendix 4 Report writing Checklist

    Appendix 5 Statement and Deposition Writing Checklist

    Appendix 6 Non-Verbal Communication to Avoid

    Appendix 7 Etiquette in Court

    Appendix 8 Testimony Feedback Form

    Chapter 12. Secure Working Practices


    12.1 Introduction

    12.2 Principles of Information Security within the Forensic Laboratory

    12.3 Managing Information Security in the Forensic Laboratory

    12.4 Physical Security in the Forensic Laboratory

    12.5 Managing Service Delivery

    12.6 Managing System Access

    12.7 Managing Information on Public Systems

    12.8 Securely Managing IT Systems

    12.9 Information Processing Systems Development and Maintenance

    Appendix 1 The Forensic Laboratory SOA

    Appendix 2 Meeting the Requirements of GAISP

    Appendix 3 Software License Database Information Held

    Appendix 4 Information Security Manager, Job Description

    Appendix 5 Logon Banner

    Appendix 6 The Forensic Laboratory’s Security Objectives

    Appendix 7 Asset Details to be Recorded in the Asset Register

    Appendix 8 Details Required for Removal of an Asset

    Appendix 9 Handling Classified Assets

    Appendix 10 Asset Disposal Form

    Appendix 11 Visitor Checklist

    Appendix 12 Rules of the Data Center

    Appendix 13 User Account Management Form Contents

    Appendix 14 Teleworking Request Form Contents

    Chapter 13. Ensuring Continuity of Operations


    13.1 Business Justification for Ensuring Continuity of Operations

    13.2 Management Commitment

    13.3 Training and Competence

    13.4 Determining the Business Continuity Strategy

    13.5 Developing and Implementing a Business Continuity Management Response

    13.6 Exercising, Maintaining, and Reviewing Business Continuity Arrangements

    13.7 Maintaining and Improving the BCMS

    13.8 Embedding Business Continuity Forensic Laboratory Processes

    13.9 BCMS Documentation and RecordsGeneral

    Appendix 1 Supplier Details Held

    Appendix 2 Headings for Financial and Security Questionnaire

    Appendix 3 Business Continuity Manager, Job Description

    Appendix 4 Contents of the Forensic Laboratory BIA Form

    Appendix 5 Proposed BCMS Development and Certification Timescales

    Appendix 6 Incident Scenarios

    Appendix 7 Strategy Options

    Appendix 8 Standard Forensic Laboratory BCP Contents

    Appendix 9 Table of Contents to the Appendix to a BCP

    Appendix 10 BCP Change List Contents

    Appendix 11 BCP Scenario Plan Contents

    Appendix 12 BCP Review Report Template Contents

    Appendix 13 Mapping IMS Procedures to ISO 22301

    Appendix 14 Differences Between ISO 22301 and BS 25999

    Chapter 14. Managing Business Relationships


    14.1 The Need for Third Parties

    14.2 Clients

    14.3 Third Parties Accessing the Forensic Laboratory

    14.4 Managing Service Level Agreements

    14.5 Suppliers of Office and IT Products and Services

    14.6 Utility Service Providers

    14.7 Contracted Forensic Consultants and Expert Witnesses

    14.8 Outsourcing

    14.9 Use of Sub-contractors

    14.10 Managing Complaints

    14.11 Reasons for Outsourcing Failure

    Appendix 1 Contents of a Service Plan

    Appendix 2 Risks to Consider With Third Parties

    Appendix 3 Contract Checklist for Information Security Issues

    Appendix 4 SLA Template for Products and Services for Clients

    Appendix 5 RFX Descriptions

    Appendix 6 The Forensic Laboratory RFx template checklist

    Appendix 7 RFX Timeline for Response, Evaluation, and Selection

    Appendix 8 Forensic Consultant’s Personal Attributes

    Appendix 9 Some Tips for Selecting an Outsourcing Service Provider

    Appendix 10 Areas to Consider for Outsourcing Contracts

    Chapter 15. Effective Records Management

    15.1 Introduction

    15.2 Legislative, Regulatory, and Other Requirements

    15.3 Record Characteristics

    15.4 A Records Management Policy

    15.5 Defining the Requirements for Records Management in the Forensic Laboratory

    15.6 Determining Forensic Laboratory records to be Managed by the ERMS

    15.7 Using Metadata in the Forensic Laboratory

    15.8 Record Management Procedures

    15.9 Business Continuity

    Appendix 1 MoReq2 Functional Requirements

    Appendix 2 Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures

    Appendix 3 Types of Legislation and Regulation That Will Affect Record Keeping

    Appendix 4 Forensic Laboratory Record keeping Policy

    Appendix 5 Record Management System Objectives

    Appendix 6 Business Case Contents

    Appendix 7 Outline of the ERMS Project

    Appendix 8 Selection Criteria for an ERMS

    Appendix 9 Initial ERMS Feedback Questionnaire

    Appendix 10 Metadata Required in the ERMS

    Appendix 11 Sample e-Mail Metadata

    Appendix 12 Forensic Case Records Stored in the ERMS

    Appendix 13 Dublin Core Metadata Elements

    Appendix 14 National Archives of Australia Metadata Standard

    Appendix 15 Responsibilities for Records Management in the Forensic Laboratory

    Appendix 16 Metadata for Records Stored Off-Site

    Appendix 17 Records Classification System

    Appendix 18 Disposition Authorization

    Appendix 19 Additional Requirements for Physical Record Recovery

    Appendix 20 Specialized Equipment Needed for Inspection and Recovery of Damaged Records

    Chapter 16. Performance Assessment


    16.1 Overview

    16.2 Performance Assessment

    Chapter 17. Health and Safety Procedures


    17.1 General

    17.2 Planning for OH&S

    17.3 Implementation and Operation of the OH&S Management System

    17.4 Checking Compliance with OH&S Requirements

    17.5 Improving the OH&S Management System

    Appendix 1 OH&S Policy Checklist

    Appendix 2 The Forensic Laboratory OH&S Policy

    Appendix 3 Health and Safety Manager Job Description

    Appendix 4 Some Examples of OH&S Drivers

    Appendix 5 The Forensic Laboratory OH&S Objectives

    Appendix 6 Sample Hazards in the Forensic Laboratory

    Appendix 7 Hazard Identification Form

    Appendix 8 Some Areas for Inspection for Hazards

    Appendix 9 Inputs to the Risk Assessment Process

    Appendix 10 OH&S Risk Rating

    Appendix 11 DSE Initial Workstation Self-Assessment Checklist

    Appendix 12 DSE Training Syllabus

    Appendix 13 DSE Assessors Checklist

    Appendix 14 Measurement of OH&S success

    Appendix 15 Specific OH&S Incident Reporting Requirements

    Appendix 16 OH&S Investigation Checklist and Form Contents

    Appendix 17 OH&S Incident Review

    Appendix 18 OHSAS 18001 Mapping to IMS Procedures

    Chapter 18. Human Resources


    18.1 Employee Development

    18.2 Development

    18.3 Termination

    Appendix 1 Training Feedback Form

    Appendix 2 Employee Security Screening Policy Checklist

    Appendix 3 Employment Application Form

    Appendix 4 Employment Application Form Notes

    Appendix 5 Some Documents That Can Verify Identity

    Appendix 6 Document Authenticity Checklist

    Appendix 7 Verifying Addresses

    Appendix 8 Right To Work Checklist

    Appendix 9 Reference Authorization

    Appendix 10 Statutory Declaration

    Appendix 11 Employer Reference Form

    Appendix 12 Employer’s Oral Reference Form

    Appendix 13 Confirmation of an Oral Reference Letter

    Appendix 14 Qualification Verification Checklist

    Appendix 15 Criminal Record Declaration Checklist

    Appendix 16 Personal Reference Form

    Appendix 17 Personal Oral Reference Form

    Appendix 18 Other Reference Form

    Appendix 19 Other Reference Form

    Appendix 20 Employee Security Screening File

    Appendix 21 Top Management Acceptance of Employment Risk

    Appendix 22 Third-Party Employee Security Screening Provider Checklist

    Appendix 23 Recruitment Agency Contract Checklist

    Appendix 24 Investigation Manager, Job Description

    Appendix 25 Forensic Laboratory System Administrator, Job Description

    Appendix 26 Employee, Job Description

    Appendix 27 Areas of Technical Competence

    Appendix 28 Some Professional Forensic and Security Organizations

    Appendix 29 Training Specification Template

    Appendix 30 Training Proposal Evaluation Checklist

    Appendix 31 Training Supplier Interview and Presentation Checklist

    Appendix 32 Training Reaction Level Questionnaire

    Appendix 33 The Forensic Laboratory Code of Ethics

    Appendix 34 Termination Checklist

    Chapter 19. Accreditation and Certification for a Forensic Laboratory


    19.1 Accreditation and Certification

    19.2 Accreditation for a Forensic Laboratory

    19.3 Certification for a Forensic Laboratory

    Appendix 1 Typical Conditions of Accreditation

    Appendix 2 Contents of an Audit Response

    Appendix 3 Management System Assessment Non-conformance Examples

    Appendix 4 Typical Closeout Periods

    Chapter 20. Emerging Issues


    20.1 Introduction

    20.2 Specific Challenges

    Appendix. Acronyms


    International Standards

    National Standards

    Guidance from Authoritative Sources



Product details

  • No. of pages: 880
  • Language: English
  • Copyright: © Syngress 2013
  • Published: August 30, 2013
  • Imprint: Syngress
  • eBook ISBN: 9781597497459

About the Authors

David Lilburn Watson

David Lilburn Watson heads up Forensic Computing Ltd, a specialist forensic recovery and investigation company. He is responsible for the coordination and efficient delivery of the computer forensic and electronic evidence recovery services, digital investigations, and provides support for a broad range of investigative, security and risk consulting assignments. He is a Certified Fraud Examiner (CFE) and a Certified Information Forensic Investigator (CIFI), a Certified Computer Crime Investigator (CCCI), an Advanced Certified Computer Forensics Technician (CCFT). In addition to specialised forensic certifications he is a Certified Information Security Systems Professional (CISSP), a Certified Information Systems Manager (CISM) and a Certified Information Systems Auditor (CISA). David has also led Forensic Computing Ltd to ISO 27001 and ISO 9001 certification, making FCL one of very few consultancies to hold such important credentials in the field of forensic services.

Affiliations and Expertise

Head, Forensic Computing Ltd

Andrew Jones

After 25 years service with the British Army’s Intelligence Corps, Andy Jones became a business manager and a researcher and analyst in the area of Information Warfare and computer crime at a defence research establishment. In Sept 2002, on completion of a paper on a method for the metrication of the threats to information systems, he left the defence environment to take up a post as a principal lecturer at the University of Glamorgan in the subjects of Network Security and Computer Crime and as a researcher on the Threats to Information Systems and Computer Forensics. At the university he developed and managed a well equipped Computer Forensics Laboratory and took the lead on a large number of computer investigations and data recovery tasks. He holds a Ph.D. in the area of threats to information systems. In January 2005 he joined the Security Research Centre at BT where he became a Chief Researcher and the head of information. Andy now holds a post as a visiting Professor at Edith Cowan University in Perth, Australia and he is currently the Programme Chair for the M.Sc. in Information Security at Khalifa University in Sharjah, UAE.

Affiliations and Expertise

Program Chair,M.Sc. in Information Security, Khalifa University, Sharjah, UAE

Ratings and Reviews

Write a review

There are currently no reviews for "Digital Forensics Processing and Procedures"