Organisations and individuals currently have little idea how to collect and preserve evidence from computers and the Internet. As a result criminal prosecutions become difficult, businesses fail to get redress in the civil courts or are unable to make proper insurance claims, and business value is lost. That’s the message of Digital Evidence, Digital Investigation and E-Disclosure: A Guide to Forensic Readiness for Organisations, Security Advisers and Lawyers, now available from the Information Assurance Advisory Council in a free download (115-page pdf).
The overall message of the Guide is the importance of having a corporate Forensic Readiness Program; the Guide identifies an eight-step process for creating one. A third edition of the Guide was thought to be justified in view of wide-ranging changes leading to ‘ubiquitous computing’ and a matching growth in the importance of digital evidence.
‘The need for digital evidence is not confined to obvious cybercrime events such as hacking, fraud and denial of service attacks’, says report author Professor Peter Sommer, ‘it is also required when transactions are disputed, in employee disputes, and almost all forms of non-cybercrime, including murder, forgery, industrial espionage and terrorism. With the vast proliferation of computer ownership and usage plus the growth of low-cost always-on broadband connectivity, all organisations require a Forensic Readiness Program. Businesses don’t realise that when they enter litigation they are compelled to assist the other side via e-disclosure. Too many are unprepared for this eventuality’.
Sommer, who has appeared as an expert witness in many high profile cases involving computer and Internet evidence, says: ‘Most businesses don’t need to have a Digital Sherlock Holmes on their staff, but they should have plans to identify and preserve important digital evidence from e-mail, web transactions, PCs, tablets and smartphones – and have a broad understanding of some of the associated legal problems such as admissibility and privacy. Often what is technically easy may be illegal or inadmissible. It is very odd that organisations have in place contingency plans for low likelihood/high impact events like fire and terrorism but nothing for common-place high frequency events like disputed transactions and suspicious employee behaviour’.
The first third of the Guide gives general management advice; the remainder provides details of procedures, techniques, applicable law and sources of further information.
Download site: http://www.iaac.org.uk/_media/DigitalInvestigations2012.pdf