
A Blueprint for Implementing Best Practice Procedures in a Digital Forensic Laboratory
Meeting the Requirements of ISO Standards and Other Best Practices
- 2nd Edition - November 9, 2023
- Imprint: Academic Press
- Authors: David Lilburn Watson, Andrew Jones
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 8 1 9 4 7 9 - 9
- eBook ISBN:9 7 8 - 0 - 1 2 - 8 1 9 4 8 0 - 5
Digital Forensic Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements, Second Edition provides a one-stop shop f… Read more

Purchase options

Institutional subscription on ScienceDirect
Request a sales quoteDigital Forensic Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements, Second Edition provides a one-stop shop for a set of procedures that meet international best practices and standards for handling digital evidence during its complete lifecycle. The book includes procedures, forms and software, providing anyone who handles digital evidence with a guide to proper procedures throughout chain of custody--from incident response straight through to analysis in the lab. This book addresses the whole lifecycle of digital evidence.
- Provides a step-by-step guide on designing, building and using a digital forensic lab
- Addresses all recent developments in the field
- Includes international standards and best practices
Forensic Laboratories (police, government, and civilian), Expert Witnesses, Legal Professionals, Forensic Regulators
- Cover image
- Title page
- Table of Contents
- Copyright
- About the authors
- Acknowledgements
- Chapter 1 Introduction
- Abstract
- 1.1 Introduction
- Appendix 1—Some types of cases involving digital forensics
- Appendix 2—Growth of hard disk drives
- Appendix 3—Disk drive size nomenclature
- Chapter 2 The building
- Abstract
- 2.1 The building
- 2.2 Protecting against external and environmental threats
- 2.3 Utilities and services
- 2.4 Physical security
- 2.5 Layout of a forensic laboratory
- Appendix 1—Sample outline for a business case
- Appendix 2—The physical security policy
- Chapter 3 Setting up a forensic laboratory
- Abstract
- 3.1 Setting up a digital forensic laboratory
- Appendix 1—The laboratory terms of reference (TOR)
- Appendix 2—Cross reference between ISO 9001:2015 and ISO/IEC 17025:2017
- Appendix 3—Conflict of interest policy
- Appendix 4—Quality policy
- Chapter 4 The integrated management system
- Abstract
- 4.1 Introduction
- 4.2 Benefits
- 4.3 The IMS
- 4.4 FCL context
- 4.5 Leadership
- 4.6 Planning
- 4.7 Support
- 4.8 Operation
- 4.9 Performance evaluation
- 4.10 Improvement
- Appendix 1—Definition of core terms in Annex L
- Appendix 2—Meeting the core requirements of Annex L
- Appendix 3—The Goal Statement
- Appendix 4—The Baseline Measures
- Appendix 5—The business objectives
- Appendix 6—Specific needs and expectations of interested parties
- Appendix 7—The FCL audit committee
- Appendix 8—The FCL business continuity committee
- Appendix 9—The FCL environment committee
- Appendix 10—The FCL health and safety committee
- Appendix 11—The FCL information security committee
- Appendix 12—The FCL quality committee
- Appendix 13—The FCL risk committee
- Appendix 14—The FCL service delivery committee
- Appendix 15—The FCL whistleblowing policy
- Appendix 16—The FCL environment policy
- Appendix 17—The FCL health and safety policy
- Appendix 18—The FCL service management policy
- Appendix 19—The FCL business continuity policy
- Appendix 20—The FCL information security policy
- Appendix 21—The FCL access control policy
- Appendix 22—The FCL change or termination of employment policy
- Appendix 23—The FCL clear desk and clear screen policy
- Appendix 24—The FCL continuous improvement policy
- Appendix 25—cryptographic control policy
- Appendix 26—The FCL document retention policy
- Appendix 27—The FCL financial management policy
- Appendix 28—The FCL mobile device policy
- Appendix 29—The FCL network service policy
- Appendix 30—The FCL personnel screening policy
- Appendix 31—The FCL relationship management policy
- Appendix 32—The FCL release management policy
- Appendix 33—The FCL service reporting policy
- Appendix 34—The FCL third party access control policy
- Appendix 35—The FCL acceptable use policy
- Appendix 36—Management roles and responsibilities
- Appendix 37—Asset owners
- Appendix 38—Risk owners
- Appendix 39—Custodian
- Appendix 40—Management review agenda
- Appendix 41—Document control checklist
- Appendix 42—Document metadata
- Appendix 43—File naming standards
- Appendix 44—Watermarks in use in FCL
- Appendix 45—Document review form
- Appendix 46—IMS calendar
- Appendix 47—Audit plan letter
- Appendix 48—Audit reporting form
- Appendix 49—Corrective action request (CAR) form
- Appendix 50—Opening meeting agenda
- Appendix 51—Closing meeting agenda
- Appendix 52—Audit report template
- Appendix 53—Root causes for nonconformity
- Chapter 5 Information risk management
- Abstract
- 5.1 A short history of risk management
- 5.2 An information security risk management framework
- 5.3 Framework stage 1—Information security policy
- 5.4 Framework stage 2—Planning, resourcing and communication
- 5.5 Framework stage 3—Information security risk management process
- 5.6 Framework stage 4—Implementation and operational procedures
- 5.7 Framework stage 5—Follow up procedures
- Appendix 1—FCL communication plan
- Appendix 2—FCL information security plan
- Appendix 3—Asset type examples
- Appendix 4—Asset values
- Appendix 5—Consequences table
- Appendix 6—Some common business risks
- Appendix 7—Some common project risks
- Appendix 8—Security threat examples
- Appendix 9—Common security vulnerabilities
- Appendix 10—The FCL risk management policy
- Appendix 11—The FCL IMS and ISMS scope statement
- Appendix 12—Criticality ratings
- Appendix 13—Likelihood of occurrence
- Appendix 14—Risk appetite
- Appendix 15—Security controls from COBIT 2019
- Appendix 16—Information classification
- Appendix 17—The risk register template
- Appendix 18—Comparison between qualitative and quantitative methods
- Appendix 19—FCL SOA template
- Appendix 20—FCL’s security metrics template
- Appendix 21—Risk glossary
- Chapter 6 Quality in FCL
- Abstract
- 6.1 Quality and good laboratory practice
- 6.2 Management requirements for operating FCL
- 6.3 ISO 9001 in FCL
- 6.4 FCL’s QMS
- 6.5 Responsibilities in the QMS
- 6.6 Managing sales
- 6.7 Provision of products and services
- 6.8 Reviewing deliverables
- 6.9 Signing off a forensic case
- 6.10 Archiving a forensic case
- 6.11 Maintaining client confidentiality
- 6.12 Technical requirements
- 6.13 Measurement, analysis, and improvement
- 6.14 Managing client complaints
- Appendix 1—Mapping ISO 9001 to IMS procedures
- Appendix 2—Mapping ISO/IEC 17025 to IMS procedures
- Appendix 3—Mapping FSR quality requirements to IMS procedures
- Appendix 4—Quality Manager, job description
- Appendix 5—Business plan template
- Appendix 6—Business KPIS
- Appendix 7—Quality plan contents
- Appendix 8—Induction checklist contents
- Appendix 9—Induction feedback
- Appendix 10—Standard proposal template
- Appendix 11—Issues to consider for forensic case processing
- Appendix 12—Standard quotation contents
- Appendix 13—Standard terms and conditions
- Appendix 14—ERMS client areas
- Appendix 15—Cost estimation spreadsheet
- Appendix 16—Draught review form
- Appendix 17—Client sign off and feedback form
- Appendix 18—Information required for registering a complaint
- Appendix 19—Complaint resolution timescales
- Appendix 20—Complaint metrics
- Appendix 21—Laboratory Manager, job description
- Appendix 22—Forensic Analyst, job description
- Appendix 23—Training agenda
- Appendix 24—Some individual forensic certifications
- Appendix 25—Minimum equipment records required by ISO/IEC 17025
- Appendix 26—Reference forensic case tests
- Appendix 27—ISO/IEC 17025 reporting requirements
- Appendix 28—Standard forensic laboratory report
- Chapter 7 IT infrastructure
- Abstract
- 7.1 Hardware
- 7.2 Software
- 7.3 Infrastructure
- 7.4 Process management
- 7.5 Hardware management
- 7.6 Software management
- 7.7 Network management
- Appendix 1—Policy for securing IT cabling
- Appendix 2—Policy for siting and protecting IT equipment
- Appendix 3—ISO 20000-1 mapping
- Appendix 4—Service Desk Manager, job description
- Appendix 5—Incident Manager, job description
- Appendix 6—Information security incident status levels
- Appendix 7—Information security incident priority levels
- Appendix 8—Service Desk feedback form
- Appendix 9—Problem Manager, job description
- Appendix 10—Contents of the SIP
- Appendix 11—Change categories
- Appendix 12—Change Manager, job description
- Appendix 13—Standard requirements of a request for change (RfC)
- Appendix 14—Emergency change policy
- Appendix 15—Release Management Policy
- Appendix 16—Release Manager, job description
- Appendix 17—Configuration management plan contents
- Appendix 18—Configuration Management Policy
- Appendix 19—Configuration Manager, job description
- Appendix 20—Information stored in the DHL and DSL
- Appendix 21—Capacity Manager, job description
- Appendix 22—Capacity management plan
- Appendix 23—Service Management Policy
- Appendix 24—Service Level Manager, job description
- Appendix 25—Service Reporting policy
- Appendix 26—Policy for Maintaining and Servicing IT Equipment
- Appendix 27—ISO 17025 tool test method documentation
- Appendix 28—Standard forensic tool tests
- Appendix 29—Forensic tool test report template
- Appendix 30—Overnight backup checklist
- Chapter 8 Incident response
- Abstract
- 8.1 General
- 8.2 Forensic evidence
- 8.3 Incident response as a process
- 8.4 Initial contact
- 8.5 Types of first response
- 8.6 The incident scene
- 8.7 Transportation to the laboratory
- 8.8 Incident scene and seizure reports
- 8.9 Post incident review
- Appendix 1—Mapping ISO 17020 to IMS procedures
- Appendix 2—First response briefing agenda
- Appendix 3—Contents of the grab bag
- Appendix 4—New forensic case form
- Appendix 5—First responder seizure summary log
- Appendix 6—Site summary form
- Appendix 7—Seizure log
- Appendix 8—Evidence locations in devices and media
- Appendix 9—Types of evidence typically needed for a forensic case
- Appendix 10—The on/off rule
- Appendix 11—Some types of metadata that may be recoverable from digital images
- Appendix 12—Countries with different fixed line telephone connections
- Appendix 13—Some interview questions
- Appendix 14—Evidence labelling
- Appendix 15—Forensic preview forms
- Appendix 16—A travelling forensic laboratory
- Appendix 17—Movement form
- Appendix 18—Incident response report
- Appendix 19—Post incident review agenda
- Appendix 20—Incident processing checklist
- Chapter 9 Case processing
- Abstract
- 9.1 Introduction to case processing
- 9.2 Case types
- 9.3 Precase processing
- 9.4 Equipment maintenance
- 9.5 Management processes
- 9.6 Booking exhibits in and out of the secure property store
- 9.7 Starting a new case
- 9.8 Preparing the forensic workstation
- 9.9 Imaging
- 9.10 Examination
- 9.11 Dual tool verification
- 9.12 Digital time stamping
- 9.13 Production of an internal case report
- 9.14 Creating exhibits
- 9.15 Producing a case report for external use
- 9.16 Statements, depositions, and similar
- 9.17 Forensic software tools
- 9.18 Backing up and archiving a case
- 9.19 Disclosure
- 9.20 Disposal
- Appendix 1—Some international forensic good practice
- Appendix 2—Some international and national standards relating to digital forensics
- Appendix 3—Hard disk log details
- Appendix 4—Disk history log
- Appendix 5—Tape log details
- Appendix 6—Tape history log
- Appendix 7—Small digital media log details
- Appendix 8—Small digital media device log
- Appendix 9—Forensic case work log
- Appendix 10—Case processing KPI’s
- Appendix 11—Contents of sample exhibit rejection letter
- Appendix 12—Sample continuity label contents
- Appendix 13—Details of the property log
- Appendix 14—Contents of sample exhibit acceptance letter
- Appendix 15—Property special handling log
- Appendix 16—Evidence sought
- Appendix 17—Request for forensic examination
- Appendix 18—Client virtual case file structure
- Appendix 19—Computer details log
- Appendix 20—Other equipment details log
- Appendix 21—Hard disk details log
- Appendix 22—Other media details log
- Appendix 23—Smart phone details log
- Appendix 24—Other devices details log
- Appendix 25—Some evidence found in volatile memory
- Appendix 26—File metadata
- Appendix 27—Case progress checklist
- Appendix 28—Internal case report template
- Appendix 29—Exhibit log
- Appendix 30—Report production checklist
- Chapter 10 Forensic case management
- Abstract
- 10.1 Overview
- 10.2 Hard copy forms
- 10.3 MARS
- 10.4 Setting up a new case
- 10.5 Processing a forensic case
- 10.6 Reports general
- 10.7 Administrator’s reports
- 10.8 User reports
- Appendix 1—Setting up organisational details
- Appendix 2—Setup the administrator
- Appendix 3—Audit reports
- Appendix 4—Manage users
- Appendix 5—Manage manufacturers
- Appendix 6—Manage suppliers
- Appendix 7—Manage clients
- Appendix 8—Manage investigators
- Appendix 9—Manage disks
- Appendix 10—Manage tapes
- Appendix 11—Manage small digital media
- Appendix 12—Exhibit details
- Appendix 13—Evidence sought
- Appendix 14—Estimates
- Appendix 15—Accept or reject case
- Appendix 16—Movement log
- Appendix 17—Examination log
- Appendix 18—Computer hardware details
- Appendix 19—Noncomputer exhibit details
- Appendix 20—Hard disk details
- Appendix 21—Other media details
- Appendix 22—Case work record details
- Appendix 23—Updating case estimates
- Appendix 24—Create exhibit
- Appendix 25—Case result
- Appendix 26—Case backup
- Appendix 27—Billing and feedback
- Appendix 28—Feedback received
- Appendix 29—Organisation report
- Appendix 30—Users report
- Appendix 31—Manufacturers report
- Appendix 32—Supplier report
- Appendix 33—Clients report
- Appendix 34—Investigators report
- Appendix 35—Disks by assignment report
- Appendix 36—Disks by reference number report
- Appendix 37—Wiped disks report
- Appendix 38—Disposed disks report
- Appendix 39—Disk history report
- Appendix 40—Tapes by assignment report
- Appendix 41—Tapes by reference number report
- Appendix 42—Wiped tapes report
- Appendix 43—Disposed tapes report
- Appendix 44—Tape history report
- Appendix 45—Small digital media by assignment report
- Appendix 46—Small digital media by reference number report
- Appendix 47—Wiped small digital media report
- Appendix 48—Disposed small digital media report
- Appendix 49—Small digital media history report
- Appendix 50—Wipe methods report
- Appendix 51—Disposal methods report
- Appendix 52—Imaging methods report
- Appendix 53—Operating systems report
- Appendix 54—Media types report
- Appendix 55—Exhibit type report
- Appendix 56—Forensic case setup details report
- Appendix 57—Forensic case movement report
- Appendix 58—Forensic case computers report
- Appendix 59—Forensic case noncomputer evidence report
- Appendix 60—Forensic case disks received report
- Appendix 61—Forensic case other media received
- Appendix 62—Forensic case exhibits received report
- Appendix 63—Forensic case work record
- Appendix 64—Forensic cases rejected report
- Appendix 65—Forensic cases accepted
- Appendix 66—Forensic case estimates report
- Appendix 67—Forensic cases by forensic analyst
- Appendix 68—Forensic cases by client report
- Appendix 69—Forensic cases by investigator report
- Appendix 70—Forensic case target dates report
- Appendix 71—Forensic cases within ‘x’ days of target date report
- Appendix 72—Forensic cases past target date report
- Appendix 73—Forensic cases unassigned report
- Appendix 74—Forensic case exhibits produced report
- Appendix 75—Forensic case results report
- Appendix 76—Forensic case backups report
- Appendix 77—Forensic case billing run report
- Appendix 78—Forensic case feedback letters
- Appendix 79—Forensic case feedback forms printout
- Appendix 80—Forensic case feedback reporting summary by case
- Appendix 81—Forensic case feedback reporting summary by forensic analyst
- Appendix 82—Forensic case feedback reporting summary by client
- Appendix 83—Complete forensic case report
- Appendix 84—Items processed report
- Appendix 85—Insurance report
- Chapter 11 Forensic case evidence presentation
- Abstract
- 11.1 Overview
- 11.2 Notes
- 11.3 Evidence
- 11.4 Types of witness
- 11.5 Reports
- 11.6 Testimony in court
- 11.7 Why a forensic case may fail
- Appendix 1—Nations ratifying the Budapest convention
- Appendix 2—Criteria for selection an expert witness
- Appendix 3—Code of conduct for expert witnesses
- Appendix 4—Report writing checklist
- Appendix 5—Statement and deposition writing checklist
- Appendix 6—Nonverbal communication to avoid
- Appendix 7—Etiquette in Court
- Appendix 8—Testimony feedback form
- Chapter 12 Secure working practices
- Abstract
- 12.1 Introduction
- 12.2 Principles of information security within FCL
- 12.3 Managing information security in FCL
- 12.4 Physical security in FCL
- 12.5 Managing service delivery
- 12.6 Managing system access
- 12.7 Managing information on public systems
- 12.8 Securely managing IT systems
- 12.9 Information systems development and maintenance
- ISO/IEC 27001 certification
- Appendix 1—FCL statement of applicability (SOA)
- Appendix 2—ISO/IEC 27002 attributes
- Appendix 3—Some information/cyber security standards adopted by FCL
- Appendix 4—Software licence database information held
- Appendix 5—Logon banner
- Appendix 6—FCL’s security objectives
- Appendix 7—IMS calendar
- Appendix 8—Asset details to be recorded in the asset register
- Appendix 9—Details required for removal of an asset
- Appendix 10—Handling classified assets
- Appendix 11—Asset disposal form
- Appendix 12—Visitor checklist
- Appendix 13—Rules of the data centre
- Appendix 14—User account management form contents
- Appendix 15—Teleworking request form contents
- Appendix 16—Information security manager (ISM), job description
- Chapter 13 Ensuring continuity of operations
- Abstract
- 13.1 Business justification for ensuring continuity of operations
- 13.2 Management commitment
- 13.3 Training and competence
- 13.4 Determining the business continuity strategy
- 13.5 Developing and implementing a business continuity management response
- 13.6 Exercising, maintaining and reviewing business continuity arrangements
- 13.7 Maintaining and improving the BCMS
- 13.8 Embedding business continuity in FCL processes
- 13.9 BCMS documentation and records—General
- Appendix 1—Supplier details held
- Appendix 2—Headings for financial and security due diligence questionnaire
- Appendix 3—Business continuity manager (BCM), job description
- Appendix 4—Contents of the BIA form
- Appendix 5—Proposed BCMS development timescales
- Appendix 6—Incident scenarios
- Appendix 7—Strategy options
- Appendix 8—Standard BCP contents
- Appendix 9—Table of contents to the appendix to a BCP
- Appendix 10—BCP change list contents
- Appendix 11—BCP scenario plan contents
- Appendix 12—BCP review report template contents
- Appendix 13—Mapping IMS procedures to ISO 22301
- Chapter 14 Managing business relationships
- Abstract
- 14.1 The need for third parties
- 14.2 Clients
- 14.3 Third parties accessing FCL and client information
- 14.4 Managing service-level agreements
- 14.5 Suppliers of office and IT products and services
- 14.6 Utility service providers
- 14.7 Contracted forensic consultants and expert witnesses
- 14.8 Outsourcing
- 14.9 Use of subcontractors
- 14.10 Managing complaints
- 14.11 Some reasons for outsourcing failure
- Appendix 1—Contents of a service plan
- Appendix 2—Risks to consider with third parties
- Appendix 3—Contract checklist for information security issues
- Appendix 4—SLA template for products and services for clients
- Appendix 5—RFx descriptions
- Appendix 6—RFx template checklist
- Appendix 7—RFx timeline for response, evaluation, and selection
- Appendix 8—Forensic consultant’s personal attributes
- Appendix 9—Some tips for selecting an outsourcing service provider
- Appendix 10—Areas to consider for outsourcing contracts
- Chapter 15 Effective records management
- Abstract
- 15.1 Introduction
- 15.2 Legislative, regulatory, and other requirements
- 15.3 Record characteristics
- 15.4 A records management policy
- 15.5 Defining records management requirements
- 15.6 Determining records to be managed by the ERMS
- 15.7 Using metadata in FCL
- 15.8 Record management procedures
- 15.9 Business continuity
- Appendix 1—MOReq2010 requirements
- Appendix 2—Mapping of ISO 15489 part 1 to FCL procedures
- Appendix 3—Types of legislation and regulation that will affect recordkeeping
- Appendix 4—Record management policy
- Appendix 5—Record management system objectives
- Appendix 6—Business case template
- Appendix 7—Outline of the ERMS project
- Appendix 8—Selection criteria for an ERMS
- Appendix 9—Initial ERMS FEEDBACK questionnaire
- Appendix 10—Metadata required in the ERMS
- Appendix 11—Sample email metadata
- Appendix 12—Forensic case records stored in the ERMS
- Appendix 13—Dublin core metadata elements
- Appendix 14—National archives of Australia metadata standard
- Appendix 15—Responsibilities for records management
- Appendix 16—Metadata for records stored off-site
- Appendix 17—Records classification system
- Appendix 18—Disposition authorisation
- Appendix 19—Additional requirements for physical record recovery
- Appendix 20—Specialised equipment needed for inspection and recovery of damaged records
- Chapter 16 Performance assessment
- Abstract
- 16.1 Overview
- 16.2 Performance assessment
- Chapter 17 Occupational health and safety (OH&S) procedures
- Abstract
- 17.1 General
- 17.2 Leadership and worker participation
- 17.3 Planning for OH&S
- 17.4 Support for the OHSMS
- 17.5 Operational planning and control
- 17.6 Performance evaluation
- 17.7 Improvement
- Appendix 1—OH&S policy checklist
- Appendix 2—The OH&S policy
- Appendix 3—Health and safety manager job description
- Appendix 4—Examples of OH&S drivers
- Appendix 5—The forensic laboratory OH&S objectives
- Appendix 6—Common hazards in a forensic laboratory
- Appendix 7—Hazard identification form
- Appendix 8—Some areas for inspection for hazards
- Appendix 9—Inputs to the risk assessment process
- Appendix 10—OH&S risk rating
- Appendix 11—DSE initial workstation self-assessment checklist
- Appendix 12—DSE training syllabus
- Appendix 13—DSE assessors checklist
- Appendix 14—Measurement of OH&S success
- Appendix 15—Specific OH&S incident reporting requirements
- Appendix 16—OH&S investigation checklist and form contents
- Appendix 17—OH&S incident review
- Appendix 18—ISO 45,001 mapping to IMS procedures
- Chapter 18 Human resources
- Abstract
- 18.1 Employee development
- 18.2 Development
- 18.3 Termination
- Appendix 1—Training feedback form
- Appendix 2—Employee security screening policy checklist
- Appendix 3—Employment application form
- Appendix 4—Employment application form notes
- Appendix 5—Verifying identity
- Appendix 6—Document authenticity checklist
- Appendix 7—Verifying addresses
- Appendix 8—Verifying right to work checklist
- Appendix 9—Reference authorisation
- Appendix 10—Statutory declaration
- Appendix 11—Employer reference form
- Appendix 12—Employer’s oral reference form
- Appendix 13—Confirmation of an oral reference letter
- Appendix 14—Verifying qualifications checklist
- Appendix 15—Criminal record declaration checklist
- Appendix 16—Personal reference form
- Appendix 17—Personal oral reference form
- Appendix 18—Other reference form
- Appendix 19—Other reference oral reference form
- Appendix 20—Employee security screening file
- Appendix 21—Top management acceptance of employment risk
- Appendix 22—Third-party employee security screening provider checklist
- Appendix 23—Recruitment agency contract checklist
- Appendix 24—Investigation manager, job description
- Appendix 25—Forensic laboratory system administrator, job description
- Appendix 26—Employee, job description
- Appendix 27—Areas of technical competence
- Appendix 28—Some professional forensic and security organisations
- Appendix 29—Training specification template
- Appendix 30—Training proposal evaluation checklist
- Appendix 31—Training supplier interview and presentation checklist
- Appendix 32—Training reaction level questionnaire
- Appendix 33—Code of ethics
- Appendix 34—Termination checklist
- Chapter 19 Accreditation and Certification for a digital forensic laboratory
- Abstract
- 19.1 Accreditation and Certification
- 19.2 Accreditation for a forensic laboratory
- 19.3 Certification for a forensic laboratory
- Appendix 1—Typical conditions of Accreditation
- Appendix 2—Contents of an audit response
- Appendix 3—Management system assessment nonconformity examples
- Appendix 4—Typical close-out periods
- Chapter 20 Emerging issues
- Abstract
- 20.1 Introduction
- 20.2 Specific challenges
- Glossary
- Index
- Edition: 2
- Published: November 9, 2023
- Imprint: Academic Press
- No. of pages: 1072
- Language: English
- Paperback ISBN: 9780128194799
- eBook ISBN: 9780128194805
DW
David Lilburn Watson
David Lilburn Watson heads up Forensic Computing Ltd, a specialist forensic recovery and investigation company. He is responsible for the coordination and efficient delivery of the computer forensic and electronic evidence recovery services, digital investigations, and provides support for a broad range of investigative, security and risk consulting assignments. He is a Certified Fraud Examiner (CFE) and a Certified Information Forensic Investigator (CIFI), a Certified Computer Crime Investigator (CCCI), an Advanced Certified Computer Forensics Technician (CCFT). In addition to specialised forensic certifications he is a Certified Information Security Systems Professional (CISSP), a Certified Information Systems Manager (CISM) and a Certified Information Systems Auditor (CISA). David has also led Forensic Computing Ltd to ISO 27001 and ISO 9001 certification, making FCL one of very few consultancies to hold such important credentials in the field of forensic services.
Affiliations and expertise
Head, Forensic Computing Ltd, London, UKAJ
Andrew Jones
Dr. Andrew Jones is a digital forensic and information security researcher and academic and has developed several tools and processes for the efficient and effective recovery of data from a range of devices. He has also participated and led a number of forensic investigations for criminal and civil cases.
Andrew has been involved in several information security projects for the Government Communications Electronic Security Group (CESG), the Office of the E-Envoy, the police and a defense contractor. He acted as the technical advisor for the then National Crime Squad Data Acquisition and Recovery Team and he is currently on the committees for five information security and computer forensic conferences. He also sat on two working groups of the governments Central Sponsor for Information Assurance National Information Assurance Forum. He holds posts as an adjunct professor at Edith Cowan University in Perth, Australia and the University of South Australia in Adelaide.
He has authored six books in the areas of Information Warfare, Information Security and Digital Forensics, including co-authoring Digital Forensics Processing and Procedures, First Edition.
Affiliations and expertise
Director, Forensic Computing Ltd. London, UKRead A Blueprint for Implementing Best Practice Procedures in a Digital Forensic Laboratory on ScienceDirect