COVID-19 Update: We are currently shipping orders daily. However, due to transit disruptions in some geographies, deliveries may be delayed. To provide all customers with timely access to content, we are offering 50% off Science and Technology Print & eBook bundle options. Terms & conditions.
Digital Forensics Processing and Procedures - 1st Edition - ISBN: 9781597497428, 9781597497459

Digital Forensics Processing and Procedures

1st Edition

Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements

Authors: David Lilburn Watson Andrew Jones
Paperback ISBN: 9781597497428
eBook ISBN: 9781597497459
Imprint: Syngress
Published Date: 17th September 2013
Page Count: 880
Sales tax will be calculated at check-out Price includes VAT/GST
Price includes VAT/GST

Institutional Subscription

Secure Checkout

Personal information is secured with SSL technology.

Free Shipping

Free global shipping
No minimum order.


This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab.

Key Features

  • A step-by-step guide to designing, building and using a digital forensics lab
  • A comprehensive guide for all roles in a digital forensics laboratory
  • Based on international standards and certifications


Forensic laboratories (police, government or civilian), Expert witnesses for digital forensic cases, Legal professionals, Forensics regulators, Investigators involved with seize of digital evidence (police forces, IT departments, HR departments)

Table of Contents

About the Authors

Technical Editor Bio



Chapter 1. Introduction


1.1 Introduction

Appendix 1 Some Types of Cases Involving Digital Forensics

Appendix 2 Growth of Hard Disk Drives for Personal Computers

Appendix 3 Disk Drive Size Nomenclature

Chapter 2. Forensic Laboratory Accommodation


2.1 The Building

2.2 Protecting Against External and Environmental Threats

2.3 Utilities and Services

2.4 Physical Security

2.5 Layout of the Forensic Laboratory

Appendix 1 Sample Outline for a Business Case

Appendix 2 Forensic Laboratory Physical Security Policy

Chapter 3. Setting up the Forensic Laboratory


3.1 Setting up the Forensic Laboratory

Appendix 1 The Forensic Laboratory ToR

Appendix 2 Cross Reference Between ISO 9001 and ISO 17025

Appendix 3 Conflict of Interest Policy

Appendix 4 Quality Policy

Chapter 4. The Forensic Laboratory Integrated Management System


4.1 Introduction

4.2 Benefits

4.3 The Forensic Laboratory IMS

4.4 The Forensic Laboratory Policies

4.5 Planning

4.6 Implementation and Operation

4.7 Performance Assessment

4.8 Continuous Improvement

4.9 Management Reviews

Appendix 1 Mapping ISO Guide 72 requirements to PAS 99

Appendix 2 PAS 99 Glossary

Appendix 3 PAS 99 Mapping to IMS Procedures

Appendix 4 The Forensic Laboratory Goal Statement

Appendix 5 The Forensic Laboratory Baseline Measures

Appendix 6 Environment Policy

Appendix 7 Health and Safety Policy

Appendix 8 Undue Influence Policy

Appendix 9 Business Continuity Policy

Appendix 10 Information Security Policy

Appendix 11 Access Control Policy

Appendix 12 Change or Termination Policy

Appendix 13 Clear Desk and Clear Screen Policy

Appendix 14 Continuous Improvement Policy

Appendix 15 Cryptographic Control Policy

Appendix 16 Document Retention Policy

Appendix 17 Financial Management Policy

Appendix 18 Mobile Devices Policy

Appendix 19 Network Service Policy

Appendix 20 Personnel Screening Policy

Appendix 21 Relationship Management Policy

Appendix 22 Release Management Policy

Appendix 23 Service Management Policy

Appendix 24 Service Reporting Policy

Appendix 25 Third-Party Access Control Policy

Appendix 26 Acceptable Use Policy

Appendix 27 Audit Committee

Appendix 28 Business Continuity Committee

Appendix 29 Environment Committee

Appendix 30 Health and Safety Committee

Appendix 31 Information Security Committee

Appendix 32 Quality Committee

Appendix 33 Risk Committee

Appendix 34 Service Delivery Committee

Appendix 35 Whistle Blowing Policy

Appendix 36 Management Review Agenda

Appendix 37 Document Control Checklist

Appendix 38 Document Metadata

Appendix 39 File-Naming Standards

Appendix 40 Watermarks in Use in the Forensic Laboratory

Appendix 41 Document Review Form

Appendix 42 IMS Calendar

Appendix 43 Audit Plan Letter

Appendix 44 Audit Reporting Form

Appendix 45 CAR/PAR Form

Appendix 46 Opening Meeting Agenda

Appendix 47 Closing Meeting Agenda

Appendix 48 Audit Report Template

Appendix 49 Root Causes for Non-Conformity

Chapter 5. Risk Management


5.1 A Short History of Risk Management

5.2 An Information Security Risk Management Framework

5.3 Framework Stage 1 — ISMS Policy

5.4 Framework Stage 2: Planning, Resourcing, and Communication

5.5 Framework Stage 3: Information Security Risk Management Process

5.6 Framework Stage 4: Implementation and Operational Procedures

5.7 Framework Stage 5: Follow-up Procedures

Appendix 1 Sample Communication Plan

Appendix 2 Sample Information Security Plan

Appendix 3 Asset Type Examples

Appendix 4 Asset Values

Appendix 5 Consequences Table

Appendix 6 Some Common Business Risks

Appendix 7 Some Common Project Risks

Appendix 8 Security Threat Examples

Appendix 9 Common Security Vulnerabilities

Appendix 10 Risk Management Policy

Appendix 11 The IMS and ISMS Scope Document

Appendix 12 Criticality Ratings

Appendix 13 Likelihood of Occurrence

Appendix 14 Risk Appetite

Appendix 15 Security controls from CobIT and NIST 800-53

Appendix 16 Information Classification

Appendix 17 The Corporate Risk Register

Appendix 18 Comparison Between Qualitative and Quantitative Methods

Appendix 19 Mapping Control Functions to ISO 27001

Appendix 20 Mapping Security CONCERNS to ISO 27001

Appendix 21 SoA Template

Appendix 22 The Forensic Laboratory’s Security Metrics report

Appendix 23 Mapping ISO 31000 and ISO 27001 to IMS Procedures

Chapter 6. Quality in the Forensic Laboratory


6.1 Quality and Good Laboratory Practice

6.2 Management Requirements for Operating the Forensic Laboratory

6.3 ISO 9001 for the Forensic Laboratory

6.4 The Forensic Laboratory’s QMS

6.5 Responsibilities in the QMS

6.6 Managing Sales

6.7 Product and Service Realization

6.8 Reviewing Deliverables

6.9 Signing off a Case

6.10 Archiving a Case

6.11 Maintaining Client Confidentiality

6.12 Technical Requirements for the Forensic Laboratory

6.13 Measurement, Analysis, and Improvement

6.14 Managing Client Complaints

Appendix 1 Mapping ISO 9001 to IMS Procedures

Appendix 2 Mapping ISO 17025 to IMS Procedures

Appendix 3 Mapping SWGDE Quality Requirements to IMS Procedures

Appendix 4 Mapping NIST-150 Quality Requirements to IMS Procedures

Appendix 5 Mapping ENFSI Quality Requirements to IMS Procedures

Appendix 6 Mapping FSR Quality Requirements to IMS Procedures

Appendix 7 Quality Manager, Job Description

Appendix 8 Business Plan Template

Appendix 9 Business KPIs

Appendix 10 Quality Plan Contents

Appendix 11 Induction Checklist Contents

Appendix 12 Induction Feedback

Appendix 13 Standard Proposal Template

Appendix 14 Issues to Consider for Case Processing

Appendix 15 Standard Quotation Contents

Appendix 16 Standard Terms and Conditions

Appendix 17 ERMS Client Areas

Appendix 18 Cost Estimation Spreadsheet

Appendix 19 Draft Review Form

Appendix 20 Client Sign-off and Feedback Form

Appendix 21 Information Required for Registering a Complaint

Appendix 22 Complaint Resolution Timescales

Appendix 23 Complaint Metrics

Appendix 24 Laboratory Manager, Job Description

Appendix 25 Forensic Analyst, Job Description

Appendix 26 Training Agenda

Appendix 27 Some Individual Forensic Certifications

Appendix 28 Minimum Equipment Records Required by ISO 17025

Appendix 29 Reference Case Tests

Appendix 30 ISO 17025 Reporting Requirements

Appendix 31 Standard Forensic Laboratory Report

Chapter 7. IT Infrastructure


7.1 Hardware

7.2 Software

7.3 Infrastructure

7.4 Process Management

7.5 Hardware Management

7.6 Software Management

7.7 Network Management

Appendix 1 Some Forensic Workstation Providers

Appendix 2 Some Mobile Forensic Workstation Providers

Appendix 3 Standard Build for a Forensic Workstation

Appendix 4 Some Case Processing Tools

Appendix 5 Policy for Securing IT Cabling

Appendix 6 Policy for Siting and Protecting IT Equipment

Appendix 7 ISO 20000-1 Mapping

Appendix 8 Service Desk Manager, Job Description

Appendix 9 Incident Manager, Job Description

Appendix 10 Incident Status Levels

Appendix 11 Incident Priority Levels

Appendix 12 Service Desk Feedback Form

Appendix 13 Problem Manager, Job Description

Appendix 14 Contents of the Forensic Laboratory SIP

Appendix 15 Change Categories

Appendix 16 Change Manager, Job Description

Appendix 17 Standard Requirements of a Request for Change

Appendix 18 Emergency Change Policy

Appendix 19 Release Management Policy

Appendix 20 Release Manager, Job Description

Appendix 21 Configuration Management Plan Contents

Appendix 22 Configuration Management Policy

Appendix 23 Configuration Manager, Job Description

Appendix 24 Information Stored in the DSL and DHL

Appendix 25 Capacity Manager, Job Description

Appendix 26 Capacity Management Plan

Appendix 27 Service Management Policy

Appendix 28 Service Level Manager, Job Description

Appendix 29 Service Reporting Policy

Appendix 30 Policy for Maintaining and Servicing IT Equipment

Appendix 31 ISO 17025 Tool Test Method Documentation

Appendix 32 Standard Forensic Tool Tests

Appendix 33 Forensic Tool Test Report Template

Appendix 34 Overnight Backup Checklist

Chapter 8. Incident Response


8.1 General

8.2 Evidence

8.3 Incident Response as a Process

8.4 Initial Contact

8.5 Types of First Response

8.6 The Incident Scene

8.7 Transportation to the Forensic Laboratory

8.8 Crime Scene and Seizure Reports

8.9 Postincident Review

Appendix 1 Mapping ISO 17020 to IMS Procedures

Appendix 2 First Response Briefing Agenda

Appendix 3 Contents of the Grab Bag

Appendix 4 New Case Form

Appendix 5 First Responder Seizure Summary Log

Appendix 6 Site Summary Form

Appendix 7 Seizure Log

Appendix 8 Evidence Locations in Devices and Media

Appendix 9 Types of Evidence Typically Needed for a Case

Appendix 10 The On/Off Rule

Appendix 11 Some Types of Metadata That may be Recoverable from Digital Images

Appendix 12 Countries with Different Fixed Line Telephone Connections

Appendix 13 Some Interview Questions

Appendix 14 Evidence Labeling

Appendix 15 Forensic Preview Forms

Appendix 16 A Traveling Forensic Laboratory

Appendix 17 Movement Sheet

Appendix 18 Incident Response Report

Appendix 19 Postincident Review Agenda

Appendix 20 Incident Processing Checklist

Chapter 9. Case Processing


9.1 Introduction to Case Processing

9.2 Case Types

9.3 Precase Processing

9.4 Equipment Maintenance

9.5 Management Processes

9.6 Booking Exhibits in and out of the Secure Property Store

9.7 Starting a New Case

9.8 Preparing the Forensic Workstation

9.9 Imaging

9.10 Examination

9.11 Dual Tool Verification

9.12 Digital Time Stamping

9.13 Production of an Internal Case Report

9.14 Creating Exhibits

9.15 Producing a Case Report for External Use

9.16 Statements, Depositions, and Similar

9.17 Forensic Software Tools

9.18 Backing up and Archiving a Case

9.19 Disclosure

9.20 Disposal

Appendix 1 Some International Forensic Good Practice

Appendix 2 Some International and National Standards Relating to Digital Forensics

Appendix 3 Hard Disk Log Details

Appendix 4 Disk History Log

Appendix 5 Tape log Details

Appendix 6 Tape History log

Appendix 7 Small Digital Media Log Details

Appendix 8 Small Digital Media Device Log

Appendix 9 Forensic CASE WORK Log

Appendix 10 Case Processing KPIs

Appendix 11 Contents of Sample Exhibit Rejection Letter

Appendix 12 Sample Continuity Label Contents

Appendix 13 Details of the Forensic Laboratory Property Log

Appendix 14 Exhibit Acceptance Letter Template

Appendix 15 Property SPECIAL HANDLINg Log

Appendix 16 Evidence Sought

Appendix 17 Request for Forensic examination

Appendix 18 Client Virtual Case File Structure

Appendix 19 Computer Details Log

Appendix 20 Other Equipment Details Log

Appendix 21 Hard Disk Details Log

Appendix 22 Other Media Details Log

Appendix 23 Cell Phone Details Log

Appendix 24 Other Device Details Log

Appendix 25 Some Evidence Found in Volatile Memory

Appendix 26 Some File Metadata

Appendix 27 Case Progress Checklist

Appendix 28 Meeting the Requirements of HB 171

Appendix 29 Internal Case Report Template

Appendix 30 Forensic Laboratory Exhibit Log

Appendix 31 Report Production Checklist

Chapter 10. Case Management


10.1 Overview

10.2 Hard Copy Forms

10.3 MARS

10.4 Setting up a New Case

10.5 Processing a Forensic Case

10.6 Reports General

10.7 Administrator's Reports

10.8 User Reports

Appendix 1 Setting up Organisational Details

Appendix 2 Set up the Administrator

Appendix 3 Audit Reports

Appendix 4 Manage Users

Appendix 5 Manage Manufacturers

Appendix 6 Manage Suppliers

Appendix 7 Manage Clients

Appendix 8 Manage Investigators

Appendix 9 Manage Disks

Appendix 10 Manage Tapes

Appendix 11 Manage Small Digital Media

Appendix 12 Exhibit Details

Appendix 13 Evidence Sought

Appendix 14 Estimates

Appendix 15 Accept or Reject Case

Appendix 16 Movement Log

Appendix 17 Examination Log

Appendix 18 Computer Hardware Details

Appendix 19 Non-Computer Exhibit Details

Appendix 20 Hard Disk Details

Appendix 21 Other Media Details

Appendix 22 Work Record Details

Appendix 23 Updating Case Estimates

Appendix 24 Create Exhibit

Appendix 25 Case Result

Appendix 26 Case Backup

Appendix 27 Billing and Feedback

Appendix 28 Feedback Received

Appendix 29 Organization Report

Appendix 30 Users Report

Appendix 31 Manufacturers Report

Appendix 32 Supplier Report

Appendix 33 Clients Report

Appendix 34 Investigator's Report

Appendix 35 Disks by Assignment Report

Appendix 36 Disks by Reference Number Report

Appendix 37 Wiped Disks Report

Appendix 38 Disposed Disks Report

Appendix 39 Disk History Report

Appendix 40 Tapes by Assignment Report

Appendix 41 Tapes by Reference Number Report

Appendix 42 Wiped Tapes Report

Appendix 43 Disposed Tapes Report

Appendix 44 Tape History Report

Appendix 45 Small Digital Media by Assignment Report

Appendix 46 Small Digital Media by Reference Number Report

Appendix 47 Wiped Small Digital Media Report

Appendix 48 Disposed Small Digital Media Report

Appendix 49 Small Digital Media History Report

Appendix 50 Wipe Methods Report

Appendix 51 Disposal Methods Report

Appendix 52 Imaging Methods Report

Appendix 53 Operating Systems Report

Appendix 54 Media Types Report

Appendix 55 Exhibit Type Report

Appendix 56 Case setup details Report

Appendix 57 Case Movement Report

Appendix 58 Case Computers Report

Appendix 59 Case Non-Computer Evidence Report

Appendix 60 Case Disks Received Report

Appendix 61 Case Other Media Received

Appendix 62 Case Exhibits Received Report

Appendix 63 Case Work Record

Appendix 64 Cases Rejected Report

Appendix 65 Cases Accepted

Appendix 66 Case Estimates Report

Appendix 67 Cases by Forensic Analyst

Appendix 68 Cases by Client Report

Appendix 69 Cases by Investigator Report

Appendix 70 Case Target Dates report

Appendix 71 Cases Within “x  ” Days of Target Date Report

Appendix 72 Cases Past Target Date Report

Appendix 73 Cases Unassigned Report

Appendix 74 Case Exhibits Produced Report

Appendix 75 Case Results Report

Appendix 76 Case Backups Report

Appendix 77 Billing Run Report

Appendix 78 Feedback Letters

Appendix 79 Feedback Forms Printout

Appendix 80 Feedback Reporting Summary by Case

Appendix 81 Feedback Reporting Summary by Forensic Analyst

Appendix 82 Feedback Reporting Summary by Client

Appendix 83 Complete Case Report

Appendix 84 Processed Report

Appendix 85 Insurance Report

Chapter 11. Evidence Presentation


11.1 Overview

11.2 Notes

11.3 Evidence

11.4 Types of Witness

11.5 Reports

11.6 Testimony in Court

11.7 Why Cases Fail

Appendix 1 Nations Ratifying the Budapest Convention

Appendix 2 Criteria for Selection an Expert Witness

Appendix 3 The Forensic Laboratory Code of Conduct for Expert Witnesses

Appendix 4 Report writing Checklist

Appendix 5 Statement and Deposition Writing Checklist

Appendix 6 Non-Verbal Communication to Avoid

Appendix 7 Etiquette in Court

Appendix 8 Testimony Feedback Form

Chapter 12. Secure Working Practices


12.1 Introduction

12.2 Principles of Information Security within the Forensic Laboratory

12.3 Managing Information Security in the Forensic Laboratory

12.4 Physical Security in the Forensic Laboratory

12.5 Managing Service Delivery

12.6 Managing System Access

12.7 Managing Information on Public Systems

12.8 Securely Managing IT Systems

12.9 Information Processing Systems Development and Maintenance

Appendix 1 The Forensic Laboratory SOA

Appendix 2 Meeting the Requirements of GAISP

Appendix 3 Software License Database Information Held

Appendix 4 Information Security Manager, Job Description

Appendix 5 Logon Banner

Appendix 6 The Forensic Laboratory’s Security Objectives

Appendix 7 Asset Details to be Recorded in the Asset Register

Appendix 8 Details Required for Removal of an Asset

Appendix 9 Handling Classified Assets

Appendix 10 Asset Disposal Form

Appendix 11 Visitor Checklist

Appendix 12 Rules of the Data Center

Appendix 13 User Account Management Form Contents

Appendix 14 Teleworking Request Form Contents

Chapter 13. Ensuring Continuity of Operations


13.1 Business Justification for Ensuring Continuity of Operations

13.2 Management Commitment

13.3 Training and Competence

13.4 Determining the Business Continuity Strategy

13.5 Developing and Implementing a Business Continuity Management Response

13.6 Exercising, Maintaining, and Reviewing Business Continuity Arrangements

13.7 Maintaining and Improving the BCMS

13.8 Embedding Business Continuity Forensic Laboratory Processes

13.9 BCMS Documentation and RecordsGeneral

Appendix 1 Supplier Details Held

Appendix 2 Headings for Financial and Security Questionnaire

Appendix 3 Business Continuity Manager, Job Description

Appendix 4 Contents of the Forensic Laboratory BIA Form

Appendix 5 Proposed BCMS Development and Certification Timescales

Appendix 6 Incident Scenarios

Appendix 7 Strategy Options

Appendix 8 Standard Forensic Laboratory BCP Contents

Appendix 9 Table of Contents to the Appendix to a BCP

Appendix 10 BCP Change List Contents

Appendix 11 BCP Scenario Plan Contents

Appendix 12 BCP Review Report Template Contents

Appendix 13 Mapping IMS Procedures to ISO 22301

Appendix 14 Differences Between ISO 22301 and BS 25999

Chapter 14. Managing Business Relationships


14.1 The Need for Third Parties

14.2 Clients

14.3 Third Parties Accessing the Forensic Laboratory

14.4 Managing Service Level Agreements

14.5 Suppliers of Office and IT Products and Services

14.6 Utility Service Providers

14.7 Contracted Forensic Consultants and Expert Witnesses

14.8 Outsourcing

14.9 Use of Sub-contractors

14.10 Managing Complaints

14.11 Reasons for Outsourcing Failure

Appendix 1 Contents of a Service Plan

Appendix 2 Risks to Consider With Third Parties

Appendix 3 Contract Checklist for Information Security Issues

Appendix 4 SLA Template for Products and Services for Clients

Appendix 5 RFX Descriptions

Appendix 6 The Forensic Laboratory RFx template checklist

Appendix 7 RFX Timeline for Response, Evaluation, and Selection

Appendix 8 Forensic Consultant’s Personal Attributes

Appendix 9 Some Tips for Selecting an Outsourcing Service Provider

Appendix 10 Areas to Consider for Outsourcing Contracts

Chapter 15. Effective Records Management

15.1 Introduction

15.2 Legislative, Regulatory, and Other Requirements

15.3 Record Characteristics

15.4 A Records Management Policy

15.5 Defining the Requirements for Records Management in the Forensic Laboratory

15.6 Determining Forensic Laboratory records to be Managed by the ERMS

15.7 Using Metadata in the Forensic Laboratory

15.8 Record Management Procedures

15.9 Business Continuity

Appendix 1 MoReq2 Functional Requirements

Appendix 2 Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures

Appendix 3 Types of Legislation and Regulation That Will Affect Record Keeping

Appendix 4 Forensic Laboratory Record keeping Policy

Appendix 5 Record Management System Objectives

Appendix 6 Business Case Contents

Appendix 7 Outline of the ERMS Project

Appendix 8 Selection Criteria for an ERMS

Appendix 9 Initial ERMS Feedback Questionnaire

Appendix 10 Metadata Required in the ERMS

Appendix 11 Sample e-Mail Metadata

Appendix 12 Forensic Case Records Stored in the ERMS

Appendix 13 Dublin Core Metadata Elements

Appendix 14 National Archives of Australia Metadata Standard

Appendix 15 Responsibilities for Records Management in the Forensic Laboratory

Appendix 16 Metadata for Records Stored Off-Site

Appendix 17 Records Classification System

Appendix 18 Disposition Authorization

Appendix 19 Additional Requirements for Physical Record Recovery

Appendix 20 Specialized Equipment Needed for Inspection and Recovery of Damaged Records

Chapter 16. Performance Assessment


16.1 Overview

16.2 Performance Assessment

Chapter 17. Health and Safety Procedures


17.1 General

17.2 Planning for OH&S

17.3 Implementation and Operation of the OH&S Management System

17.4 Checking Compliance with OH&S Requirements

17.5 Improving the OH&S Management System

Appendix 1 OH&S Policy Checklist

Appendix 2 The Forensic Laboratory OH&S Policy

Appendix 3 Health and Safety Manager Job Description

Appendix 4 Some Examples of OH&S Drivers

Appendix 5 The Forensic Laboratory OH&S Objectives

Appendix 6 Sample Hazards in the Forensic Laboratory

Appendix 7 Hazard Identification Form

Appendix 8 Some Areas for Inspection for Hazards

Appendix 9 Inputs to the Risk Assessment Process

Appendix 10 OH&S Risk Rating

Appendix 11 DSE Initial Workstation Self-Assessment Checklist

Appendix 12 DSE Training Syllabus

Appendix 13 DSE Assessors Checklist

Appendix 14 Measurement of OH&S success

Appendix 15 Specific OH&S Incident Reporting Requirements

Appendix 16 OH&S Investigation Checklist and Form Contents

Appendix 17 OH&S Incident Review

Appendix 18 OHSAS 18001 Mapping to IMS Procedures

Chapter 18. Human Resources


18.1 Employee Development

18.2 Development

18.3 Termination

Appendix 1 Training Feedback Form

Appendix 2 Employee Security Screening Policy Checklist

Appendix 3 Employment Application Form

Appendix 4 Employment Application Form Notes

Appendix 5 Some Documents That Can Verify Identity

Appendix 6 Document Authenticity Checklist

Appendix 7 Verifying Addresses

Appendix 8 Right To Work Checklist

Appendix 9 Reference Authorization

Appendix 10 Statutory Declaration

Appendix 11 Employer Reference Form

Appendix 12 Employer’s Oral Reference Form

Appendix 13 Confirmation of an Oral Reference Letter

Appendix 14 Qualification Verification Checklist

Appendix 15 Criminal Record Declaration Checklist

Appendix 16 Personal Reference Form

Appendix 17 Personal Oral Reference Form

Appendix 18 Other Reference Form

Appendix 19 Other Reference Form

Appendix 20 Employee Security Screening File

Appendix 21 Top Management Acceptance of Employment Risk

Appendix 22 Third-Party Employee Security Screening Provider Checklist

Appendix 23 Recruitment Agency Contract Checklist

Appendix 24 Investigation Manager, Job Description

Appendix 25 Forensic Laboratory System Administrator, Job Description

Appendix 26 Employee, Job Description

Appendix 27 Areas of Technical Competence

Appendix 28 Some Professional Forensic and Security Organizations

Appendix 29 Training Specification Template

Appendix 30 Training Proposal Evaluation Checklist

Appendix 31 Training Supplier Interview and Presentation Checklist

Appendix 32 Training Reaction Level Questionnaire

Appendix 33 The Forensic Laboratory Code of Ethics

Appendix 34 Termination Checklist

Chapter 19. Accreditation and Certification for a Forensic Laboratory


19.1 Accreditation and Certification

19.2 Accreditation for a Forensic Laboratory

19.3 Certification for a Forensic Laboratory

Appendix 1 Typical Conditions of Accreditation

Appendix 2 Contents of an Audit Response

Appendix 3 Management System Assessment Non-conformance Examples

Appendix 4 Typical Closeout Periods

Chapter 20. Emerging Issues


20.1 Introduction

20.2 Specific Challenges

Appendix. Acronyms


International Standards

National Standards

Guidance from Authoritative Sources




No. of pages:
© Syngress 2013
17th September 2013
Paperback ISBN:
eBook ISBN:

About the Authors

David Lilburn Watson

David Lilburn Watson heads up Forensic Computing Ltd, a specialist forensic recovery and investigation company. He is responsible for the coordination and efficient delivery of the computer forensic and electronic evidence recovery services, digital investigations, and provides support for a broad range of investigative, security and risk consulting assignments. He is a Certified Fraud Examiner (CFE) and a Certified Information Forensic Investigator (CIFI), a Certified Computer Crime Investigator (CCCI), an Advanced Certified Computer Forensics Technician (CCFT). In addition to specialised forensic certifications he is a Certified Information Security Systems Professional (CISSP), a Certified Information Systems Manager (CISM) and a Certified Information Systems Auditor (CISA). David has also led Forensic Computing Ltd to ISO 27001 and ISO 9001 certification, making FCL one of very few consultancies to hold such important credentials in the field of forensic services.

Affiliations and Expertise

Head, Forensic Computing Ltd

Andrew Jones

After 25 years service with the British Army’s Intelligence Corps, Andy Jones became a business manager and a researcher and analyst in the area of Information Warfare and computer crime at a defence research establishment. In Sept 2002, on completion of a paper on a method for the metrication of the threats to information systems, he left the defence environment to take up a post as a principal lecturer at the University of Glamorgan in the subjects of Network Security and Computer Crime and as a researcher on the Threats to Information Systems and Computer Forensics. At the university he developed and managed a well equipped Computer Forensics Laboratory and took the lead on a large number of computer investigations and data recovery tasks. He holds a Ph.D. in the area of threats to information systems. In January 2005 he joined the Security Research Centre at BT where he became a Chief Researcher and the head of information. Andy now holds a post as a visiting Professor at Edith Cowan University in Perth, Australia and he is currently the Programme Chair for the M.Sc. in Information Security at Khalifa University in Sharjah, UAE.

Affiliations and Expertise

Program Chair,M.Sc. in Information Security, Khalifa University, Sharjah, UAE


"With this book you have a finely detailed chart guiding you through every aspect of creating, using and documenting processes that will make you compliant with both the formal accreditation standards and less formal, but no less important, industry best practices…if you are running – or plan to run – a digital forensics business, then this will provide a template for everything you do."--Network Security, May 2014
"It is clear that the authors bring real-world experience to the book, covering the whole life cycle of digital forensics investigations, gathering evidence, and chain of custody results…it will be a very useful handbook for future experts, especially those charged with setting up a forensic laboratory or those seeking accreditation and certification of an existing laboratory.", February 19, 2014
"…this volume on digital forensics and investigation provides information on best practices for meeting regulatory requirements and gaining and maintaining certifications and accreditation within the digital forensics field. The work is divided into three sections covering initial policies and procedures for setting up a laboratory, operating procedures and continuing policies, and accreditation standards and requirements.", February 2014
"What the book does do is provide a comprehensive and all-inclusive set of details that covers the entire lifecycle of a digital forensics investigation, ensuing evidence gathered, and chain of custody that results…Authors David Lilburn Watson and Andrew Jones bring decades of detailed real-world experience to the book, which readers are certain to find to be a unique reference.", December 16, 2013

Ratings and Reviews