Digital Forensics Processing and Procedures
Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements
- 1st Edition - August 30, 2013
- Imprint: Syngress
- Authors: David Lilburn Watson, Andrew Jones
- Language: English
- Paperback ISBN:9 7 8 - 1 - 5 9 7 4 9 - 7 4 2 - 8
- eBook ISBN:9 7 8 - 1 - 5 9 7 4 9 - 7 4 5 - 9
This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international pr… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteThis is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab.
- A step-by-step guide to designing, building and using a digital forensics lab
- A comprehensive guide for all roles in a digital forensics laboratory
- Based on international standards and certifications
Forensic laboratories (police, government or civilian), Expert witnesses for digital forensic cases, Legal professionals, Forensics regulators, Investigators involved with seize of digital evidence (police forces, IT departments, HR departments)
About the Authors
Technical Editor Bio
Acknowledgments
Preface
Chapter 1. Introduction
Abstract
1.1 Introduction
Appendix 1 Some Types of Cases Involving Digital Forensics
Appendix 2 Growth of Hard Disk Drives for Personal Computers
Appendix 3 Disk Drive Size Nomenclature
Chapter 2. Forensic Laboratory Accommodation
Abstract
2.1 The Building
2.2 Protecting Against External and Environmental Threats
2.3 Utilities and Services
2.4 Physical Security
2.5 Layout of the Forensic Laboratory
Appendix 1 Sample Outline for a Business Case
Appendix 2 Forensic Laboratory Physical Security Policy
Chapter 3. Setting up the Forensic Laboratory
Abstract
3.1 Setting up the Forensic Laboratory
Appendix 1 The Forensic Laboratory ToR
Appendix 2 Cross Reference Between ISO 9001 and ISO 17025
Appendix 3 Conflict of Interest Policy
Appendix 4 Quality Policy
Chapter 4. The Forensic Laboratory Integrated Management System
Abstract
4.1 Introduction
4.2 Benefits
4.3 The Forensic Laboratory IMS
4.4 The Forensic Laboratory Policies
4.5 Planning
4.6 Implementation and Operation
4.7 Performance Assessment
4.8 Continuous Improvement
4.9 Management Reviews
Appendix 1 Mapping ISO Guide 72 requirements to PAS 99
Appendix 2 PAS 99 Glossary
Appendix 3 PAS 99 Mapping to IMS Procedures
Appendix 4 The Forensic Laboratory Goal Statement
Appendix 5 The Forensic Laboratory Baseline Measures
Appendix 6 Environment Policy
Appendix 7 Health and Safety Policy
Appendix 8 Undue Influence Policy
Appendix 9 Business Continuity Policy
Appendix 10 Information Security Policy
Appendix 11 Access Control Policy
Appendix 12 Change or Termination Policy
Appendix 13 Clear Desk and Clear Screen Policy
Appendix 14 Continuous Improvement Policy
Appendix 15 Cryptographic Control Policy
Appendix 16 Document Retention Policy
Appendix 17 Financial Management Policy
Appendix 18 Mobile Devices Policy
Appendix 19 Network Service Policy
Appendix 20 Personnel Screening Policy
Appendix 21 Relationship Management Policy
Appendix 22 Release Management Policy
Appendix 23 Service Management Policy
Appendix 24 Service Reporting Policy
Appendix 25 Third-Party Access Control Policy
Appendix 26 Acceptable Use Policy
Appendix 27 Audit Committee
Appendix 28 Business Continuity Committee
Appendix 29 Environment Committee
Appendix 30 Health and Safety Committee
Appendix 31 Information Security Committee
Appendix 32 Quality Committee
Appendix 33 Risk Committee
Appendix 34 Service Delivery Committee
Appendix 35 Whistle Blowing Policy
Appendix 36 Management Review Agenda
Appendix 37 Document Control Checklist
Appendix 38 Document Metadata
Appendix 39 File-Naming Standards
Appendix 40 Watermarks in Use in the Forensic Laboratory
Appendix 41 Document Review Form
Appendix 42 IMS Calendar
Appendix 43 Audit Plan Letter
Appendix 44 Audit Reporting Form
Appendix 45 CAR/PAR Form
Appendix 46 Opening Meeting Agenda
Appendix 47 Closing Meeting Agenda
Appendix 48 Audit Report Template
Appendix 49 Root Causes for Non-Conformity
Chapter 5. Risk Management
Abstract
5.1 A Short History of Risk Management
5.2 An Information Security Risk Management Framework
5.3 Framework Stage 1 — ISMS Policy
5.4 Framework Stage 2: Planning, Resourcing, and Communication
5.5 Framework Stage 3: Information Security Risk Management Process
5.6 Framework Stage 4: Implementation and Operational Procedures
5.7 Framework Stage 5: Follow-up Procedures
Appendix 1 Sample Communication Plan
Appendix 2 Sample Information Security Plan
Appendix 3 Asset Type Examples
Appendix 4 Asset Values
Appendix 5 Consequences Table
Appendix 6 Some Common Business Risks
Appendix 7 Some Common Project Risks
Appendix 8 Security Threat Examples
Appendix 9 Common Security Vulnerabilities
Appendix 10 Risk Management Policy
Appendix 11 The IMS and ISMS Scope Document
Appendix 12 Criticality Ratings
Appendix 13 Likelihood of Occurrence
Appendix 14 Risk Appetite
Appendix 15 Security controls from CobIT and NIST 800-53
Appendix 16 Information Classification
Appendix 17 The Corporate Risk Register
Appendix 18 Comparison Between Qualitative and Quantitative Methods
Appendix 19 Mapping Control Functions to ISO 27001
Appendix 20 Mapping Security CONCERNS to ISO 27001
Appendix 21 SoA Template
Appendix 22 The Forensic Laboratory’s Security Metrics report
Appendix 23 Mapping ISO 31000 and ISO 27001 to IMS Procedures
Chapter 6. Quality in the Forensic Laboratory
Abstract
6.1 Quality and Good Laboratory Practice
6.2 Management Requirements for Operating the Forensic Laboratory
6.3 ISO 9001 for the Forensic Laboratory
6.4 The Forensic Laboratory’s QMS
6.5 Responsibilities in the QMS
6.6 Managing Sales
6.7 Product and Service Realization
6.8 Reviewing Deliverables
6.9 Signing off a Case
6.10 Archiving a Case
6.11 Maintaining Client Confidentiality
6.12 Technical Requirements for the Forensic Laboratory
6.13 Measurement, Analysis, and Improvement
6.14 Managing Client Complaints
Appendix 1 Mapping ISO 9001 to IMS Procedures
Appendix 2 Mapping ISO 17025 to IMS Procedures
Appendix 3 Mapping SWGDE Quality Requirements to IMS Procedures
Appendix 4 Mapping NIST-150 Quality Requirements to IMS Procedures
Appendix 5 Mapping ENFSI Quality Requirements to IMS Procedures
Appendix 6 Mapping FSR Quality Requirements to IMS Procedures
Appendix 7 Quality Manager, Job Description
Appendix 8 Business Plan Template
Appendix 9 Business KPIs
Appendix 10 Quality Plan Contents
Appendix 11 Induction Checklist Contents
Appendix 12 Induction Feedback
Appendix 13 Standard Proposal Template
Appendix 14 Issues to Consider for Case Processing
Appendix 15 Standard Quotation Contents
Appendix 16 Standard Terms and Conditions
Appendix 17 ERMS Client Areas
Appendix 18 Cost Estimation Spreadsheet
Appendix 19 Draft Review Form
Appendix 20 Client Sign-off and Feedback Form
Appendix 21 Information Required for Registering a Complaint
Appendix 22 Complaint Resolution Timescales
Appendix 23 Complaint Metrics
Appendix 24 Laboratory Manager, Job Description
Appendix 25 Forensic Analyst, Job Description
Appendix 26 Training Agenda
Appendix 27 Some Individual Forensic Certifications
Appendix 28 Minimum Equipment Records Required by ISO 17025
Appendix 29 Reference Case Tests
Appendix 30 ISO 17025 Reporting Requirements
Appendix 31 Standard Forensic Laboratory Report
Chapter 7. IT Infrastructure
Abstract
7.1 Hardware
7.2 Software
7.3 Infrastructure
7.4 Process Management
7.5 Hardware Management
7.6 Software Management
7.7 Network Management
Appendix 1 Some Forensic Workstation Providers
Appendix 2 Some Mobile Forensic Workstation Providers
Appendix 3 Standard Build for a Forensic Workstation
Appendix 4 Some Case Processing Tools
Appendix 5 Policy for Securing IT Cabling
Appendix 6 Policy for Siting and Protecting IT Equipment
Appendix 7 ISO 20000-1 Mapping
Appendix 8 Service Desk Manager, Job Description
Appendix 9 Incident Manager, Job Description
Appendix 10 Incident Status Levels
Appendix 11 Incident Priority Levels
Appendix 12 Service Desk Feedback Form
Appendix 13 Problem Manager, Job Description
Appendix 14 Contents of the Forensic Laboratory SIP
Appendix 15 Change Categories
Appendix 16 Change Manager, Job Description
Appendix 17 Standard Requirements of a Request for Change
Appendix 18 Emergency Change Policy
Appendix 19 Release Management Policy
Appendix 20 Release Manager, Job Description
Appendix 21 Configuration Management Plan Contents
Appendix 22 Configuration Management Policy
Appendix 23 Configuration Manager, Job Description
Appendix 24 Information Stored in the DSL and DHL
Appendix 25 Capacity Manager, Job Description
Appendix 26 Capacity Management Plan
Appendix 27 Service Management Policy
Appendix 28 Service Level Manager, Job Description
Appendix 29 Service Reporting Policy
Appendix 30 Policy for Maintaining and Servicing IT Equipment
Appendix 31 ISO 17025 Tool Test Method Documentation
Appendix 32 Standard Forensic Tool Tests
Appendix 33 Forensic Tool Test Report Template
Appendix 34 Overnight Backup Checklist
Chapter 8. Incident Response
Abstract
8.1 General
8.2 Evidence
8.3 Incident Response as a Process
8.4 Initial Contact
8.5 Types of First Response
8.6 The Incident Scene
8.7 Transportation to the Forensic Laboratory
8.8 Crime Scene and Seizure Reports
8.9 Postincident Review
Appendix 1 Mapping ISO 17020 to IMS Procedures
Appendix 2 First Response Briefing Agenda
Appendix 3 Contents of the Grab Bag
Appendix 4 New Case Form
Appendix 5 First Responder Seizure Summary Log
Appendix 6 Site Summary Form
Appendix 7 Seizure Log
Appendix 8 Evidence Locations in Devices and Media
Appendix 9 Types of Evidence Typically Needed for a Case
Appendix 10 The On/Off Rule
Appendix 11 Some Types of Metadata That may be Recoverable from Digital Images
Appendix 12 Countries with Different Fixed Line Telephone Connections
Appendix 13 Some Interview Questions
Appendix 14 Evidence Labeling
Appendix 15 Forensic Preview Forms
Appendix 16 A Traveling Forensic Laboratory
Appendix 17 Movement Sheet
Appendix 18 Incident Response Report
Appendix 19 Postincident Review Agenda
Appendix 20 Incident Processing Checklist
Chapter 9. Case Processing
Abstract
9.1 Introduction to Case Processing
9.2 Case Types
9.3 Precase Processing
9.4 Equipment Maintenance
9.5 Management Processes
9.6 Booking Exhibits in and out of the Secure Property Store
9.7 Starting a New Case
9.8 Preparing the Forensic Workstation
9.9 Imaging
9.10 Examination
9.11 Dual Tool Verification
9.12 Digital Time Stamping
9.13 Production of an Internal Case Report
9.14 Creating Exhibits
9.15 Producing a Case Report for External Use
9.16 Statements, Depositions, and Similar
9.17 Forensic Software Tools
9.18 Backing up and Archiving a Case
9.19 Disclosure
9.20 Disposal
Appendix 1 Some International Forensic Good Practice
Appendix 2 Some International and National Standards Relating to Digital Forensics
Appendix 3 Hard Disk Log Details
Appendix 4 Disk History Log
Appendix 5 Tape log Details
Appendix 6 Tape History log
Appendix 7 Small Digital Media Log Details
Appendix 8 Small Digital Media Device Log
Appendix 9 Forensic CASE WORK Log
Appendix 10 Case Processing KPIs
Appendix 11 Contents of Sample Exhibit Rejection Letter
Appendix 12 Sample Continuity Label Contents
Appendix 13 Details of the Forensic Laboratory Property Log
Appendix 14 Exhibit Acceptance Letter Template
Appendix 15 Property SPECIAL HANDLINg Log
Appendix 16 Evidence Sought
Appendix 17 Request for Forensic examination
Appendix 18 Client Virtual Case File Structure
Appendix 19 Computer Details Log
Appendix 20 Other Equipment Details Log
Appendix 21 Hard Disk Details Log
Appendix 22 Other Media Details Log
Appendix 23 Cell Phone Details Log
Appendix 24 Other Device Details Log
Appendix 25 Some Evidence Found in Volatile Memory
Appendix 26 Some File Metadata
Appendix 27 Case Progress Checklist
Appendix 28 Meeting the Requirements of HB 171
Appendix 29 Internal Case Report Template
Appendix 30 Forensic Laboratory Exhibit Log
Appendix 31 Report Production Checklist
Chapter 10. Case Management
Abstract
10.1 Overview
10.2 Hard Copy Forms
10.3 MARS
10.4 Setting up a New Case
10.5 Processing a Forensic Case
10.6 Reports General
10.7 Administrator's Reports
10.8 User Reports
Appendix 1 Setting up Organisational Details
Appendix 2 Set up the Administrator
Appendix 3 Audit Reports
Appendix 4 Manage Users
Appendix 5 Manage Manufacturers
Appendix 6 Manage Suppliers
Appendix 7 Manage Clients
Appendix 8 Manage Investigators
Appendix 9 Manage Disks
Appendix 10 Manage Tapes
Appendix 11 Manage Small Digital Media
Appendix 12 Exhibit Details
Appendix 13 Evidence Sought
Appendix 14 Estimates
Appendix 15 Accept or Reject Case
Appendix 16 Movement Log
Appendix 17 Examination Log
Appendix 18 Computer Hardware Details
Appendix 19 Non-Computer Exhibit Details
Appendix 20 Hard Disk Details
Appendix 21 Other Media Details
Appendix 22 Work Record Details
Appendix 23 Updating Case Estimates
Appendix 24 Create Exhibit
Appendix 25 Case Result
Appendix 26 Case Backup
Appendix 27 Billing and Feedback
Appendix 28 Feedback Received
Appendix 29 Organization Report
Appendix 30 Users Report
Appendix 31 Manufacturers Report
Appendix 32 Supplier Report
Appendix 33 Clients Report
Appendix 34 Investigator's Report
Appendix 35 Disks by Assignment Report
Appendix 36 Disks by Reference Number Report
Appendix 37 Wiped Disks Report
Appendix 38 Disposed Disks Report
Appendix 39 Disk History Report
Appendix 40 Tapes by Assignment Report
Appendix 41 Tapes by Reference Number Report
Appendix 42 Wiped Tapes Report
Appendix 43 Disposed Tapes Report
Appendix 44 Tape History Report
Appendix 45 Small Digital Media by Assignment Report
Appendix 46 Small Digital Media by Reference Number Report
Appendix 47 Wiped Small Digital Media Report
Appendix 48 Disposed Small Digital Media Report
Appendix 49 Small Digital Media History Report
Appendix 50 Wipe Methods Report
Appendix 51 Disposal Methods Report
Appendix 52 Imaging Methods Report
Appendix 53 Operating Systems Report
Appendix 54 Media Types Report
Appendix 55 Exhibit Type Report
Appendix 56 Case setup details Report
Appendix 57 Case Movement Report
Appendix 58 Case Computers Report
Appendix 59 Case Non-Computer Evidence Report
Appendix 60 Case Disks Received Report
Appendix 61 Case Other Media Received
Appendix 62 Case Exhibits Received Report
Appendix 63 Case Work Record
Appendix 64 Cases Rejected Report
Appendix 65 Cases Accepted
Appendix 66 Case Estimates Report
Appendix 67 Cases by Forensic Analyst
Appendix 68 Cases by Client Report
Appendix 69 Cases by Investigator Report
Appendix 70 Case Target Dates report
Appendix 71 Cases Within “x ” Days of Target Date Report
Appendix 72 Cases Past Target Date Report
Appendix 73 Cases Unassigned Report
Appendix 74 Case Exhibits Produced Report
Appendix 75 Case Results Report
Appendix 76 Case Backups Report
Appendix 77 Billing Run Report
Appendix 78 Feedback Letters
Appendix 79 Feedback Forms Printout
Appendix 80 Feedback Reporting Summary by Case
Appendix 81 Feedback Reporting Summary by Forensic Analyst
Appendix 82 Feedback Reporting Summary by Client
Appendix 83 Complete Case Report
Appendix 84 Processed Report
Appendix 85 Insurance Report
Chapter 11. Evidence Presentation
Abstract
11.1 Overview
11.2 Notes
11.3 Evidence
11.4 Types of Witness
11.5 Reports
11.6 Testimony in Court
11.7 Why Cases Fail
Appendix 1 Nations Ratifying the Budapest Convention
Appendix 2 Criteria for Selection an Expert Witness
Appendix 3 The Forensic Laboratory Code of Conduct for Expert Witnesses
Appendix 4 Report writing Checklist
Appendix 5 Statement and Deposition Writing Checklist
Appendix 6 Non-Verbal Communication to Avoid
Appendix 7 Etiquette in Court
Appendix 8 Testimony Feedback Form
Chapter 12. Secure Working Practices
Abstract
12.1 Introduction
12.2 Principles of Information Security within the Forensic Laboratory
12.3 Managing Information Security in the Forensic Laboratory
12.4 Physical Security in the Forensic Laboratory
12.5 Managing Service Delivery
12.6 Managing System Access
12.7 Managing Information on Public Systems
12.8 Securely Managing IT Systems
12.9 Information Processing Systems Development and Maintenance
Appendix 1 The Forensic Laboratory SOA
Appendix 2 Meeting the Requirements of GAISP
Appendix 3 Software License Database Information Held
Appendix 4 Information Security Manager, Job Description
Appendix 5 Logon Banner
Appendix 6 The Forensic Laboratory’s Security Objectives
Appendix 7 Asset Details to be Recorded in the Asset Register
Appendix 8 Details Required for Removal of an Asset
Appendix 9 Handling Classified Assets
Appendix 10 Asset Disposal Form
Appendix 11 Visitor Checklist
Appendix 12 Rules of the Data Center
Appendix 13 User Account Management Form Contents
Appendix 14 Teleworking Request Form Contents
Chapter 13. Ensuring Continuity of Operations
Abstract
13.1 Business Justification for Ensuring Continuity of Operations
13.2 Management Commitment
13.3 Training and Competence
13.4 Determining the Business Continuity Strategy
13.5 Developing and Implementing a Business Continuity Management Response
13.6 Exercising, Maintaining, and Reviewing Business Continuity Arrangements
13.7 Maintaining and Improving the BCMS
13.8 Embedding Business Continuity Forensic Laboratory Processes
13.9 BCMS Documentation and Records—General
Appendix 1 Supplier Details Held
Appendix 2 Headings for Financial and Security Questionnaire
Appendix 3 Business Continuity Manager, Job Description
Appendix 4 Contents of the Forensic Laboratory BIA Form
Appendix 5 Proposed BCMS Development and Certification Timescales
Appendix 6 Incident Scenarios
Appendix 7 Strategy Options
Appendix 8 Standard Forensic Laboratory BCP Contents
Appendix 9 Table of Contents to the Appendix to a BCP
Appendix 10 BCP Change List Contents
Appendix 11 BCP Scenario Plan Contents
Appendix 12 BCP Review Report Template Contents
Appendix 13 Mapping IMS Procedures to ISO 22301
Appendix 14 Differences Between ISO 22301 and BS 25999
Chapter 14. Managing Business Relationships
Abstract
14.1 The Need for Third Parties
14.2 Clients
14.3 Third Parties Accessing the Forensic Laboratory
14.4 Managing Service Level Agreements
14.5 Suppliers of Office and IT Products and Services
14.6 Utility Service Providers
14.7 Contracted Forensic Consultants and Expert Witnesses
14.8 Outsourcing
14.9 Use of Sub-contractors
14.10 Managing Complaints
14.11 Reasons for Outsourcing Failure
Appendix 1 Contents of a Service Plan
Appendix 2 Risks to Consider With Third Parties
Appendix 3 Contract Checklist for Information Security Issues
Appendix 4 SLA Template for Products and Services for Clients
Appendix 5 RFX Descriptions
Appendix 6 The Forensic Laboratory RFx template checklist
Appendix 7 RFX Timeline for Response, Evaluation, and Selection
Appendix 8 Forensic Consultant’s Personal Attributes
Appendix 9 Some Tips for Selecting an Outsourcing Service Provider
Appendix 10 Areas to Consider for Outsourcing Contracts
Chapter 15. Effective Records Management
15.1 Introduction
15.2 Legislative, Regulatory, and Other Requirements
15.3 Record Characteristics
15.4 A Records Management Policy
15.5 Defining the Requirements for Records Management in the Forensic Laboratory
15.6 Determining Forensic Laboratory records to be Managed by the ERMS
15.7 Using Metadata in the Forensic Laboratory
15.8 Record Management Procedures
15.9 Business Continuity
Appendix 1 MoReq2 Functional Requirements
Appendix 2 Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures
Appendix 3 Types of Legislation and Regulation That Will Affect Record Keeping
Appendix 4 Forensic Laboratory Record keeping Policy
Appendix 5 Record Management System Objectives
Appendix 6 Business Case Contents
Appendix 7 Outline of the ERMS Project
Appendix 8 Selection Criteria for an ERMS
Appendix 9 Initial ERMS Feedback Questionnaire
Appendix 10 Metadata Required in the ERMS
Appendix 11 Sample e-Mail Metadata
Appendix 12 Forensic Case Records Stored in the ERMS
Appendix 13 Dublin Core Metadata Elements
Appendix 14 National Archives of Australia Metadata Standard
Appendix 15 Responsibilities for Records Management in the Forensic Laboratory
Appendix 16 Metadata for Records Stored Off-Site
Appendix 17 Records Classification System
Appendix 18 Disposition Authorization
Appendix 19 Additional Requirements for Physical Record Recovery
Appendix 20 Specialized Equipment Needed for Inspection and Recovery of Damaged Records
Chapter 16. Performance Assessment
Abstract
16.1 Overview
16.2 Performance Assessment
Chapter 17. Health and Safety Procedures
Abstract
17.1 General
17.2 Planning for OH&S
17.3 Implementation and Operation of the OH&S Management System
17.4 Checking Compliance with OH&S Requirements
17.5 Improving the OH&S Management System
Appendix 1 OH&S Policy Checklist
Appendix 2 The Forensic Laboratory OH&S Policy
Appendix 3 Health and Safety Manager Job Description
Appendix 4 Some Examples of OH&S Drivers
Appendix 5 The Forensic Laboratory OH&S Objectives
Appendix 6 Sample Hazards in the Forensic Laboratory
Appendix 7 Hazard Identification Form
Appendix 8 Some Areas for Inspection for Hazards
Appendix 9 Inputs to the Risk Assessment Process
Appendix 10 OH&S Risk Rating
Appendix 11 DSE Initial Workstation Self-Assessment Checklist
Appendix 12 DSE Training Syllabus
Appendix 13 DSE Assessors Checklist
Appendix 14 Measurement of OH&S success
Appendix 15 Specific OH&S Incident Reporting Requirements
Appendix 16 OH&S Investigation Checklist and Form Contents
Appendix 17 OH&S Incident Review
Appendix 18 OHSAS 18001 Mapping to IMS Procedures
Chapter 18. Human Resources
Abstract
18.1 Employee Development
18.2 Development
18.3 Termination
Appendix 1 Training Feedback Form
Appendix 2 Employee Security Screening Policy Checklist
Appendix 3 Employment Application Form
Appendix 4 Employment Application Form Notes
Appendix 5 Some Documents That Can Verify Identity
Appendix 6 Document Authenticity Checklist
Appendix 7 Verifying Addresses
Appendix 8 Right To Work Checklist
Appendix 9 Reference Authorization
Appendix 10 Statutory Declaration
Appendix 11 Employer Reference Form
Appendix 12 Employer’s Oral Reference Form
Appendix 13 Confirmation of an Oral Reference Letter
Appendix 14 Qualification Verification Checklist
Appendix 15 Criminal Record Declaration Checklist
Appendix 16 Personal Reference Form
Appendix 17 Personal Oral Reference Form
Appendix 18 Other Reference Form
Appendix 19 Other Reference Form
Appendix 20 Employee Security Screening File
Appendix 21 Top Management Acceptance of Employment Risk
Appendix 22 Third-Party Employee Security Screening Provider Checklist
Appendix 23 Recruitment Agency Contract Checklist
Appendix 24 Investigation Manager, Job Description
Appendix 25 Forensic Laboratory System Administrator, Job Description
Appendix 26 Employee, Job Description
Appendix 27 Areas of Technical Competence
Appendix 28 Some Professional Forensic and Security Organizations
Appendix 29 Training Specification Template
Appendix 30 Training Proposal Evaluation Checklist
Appendix 31 Training Supplier Interview and Presentation Checklist
Appendix 32 Training Reaction Level Questionnaire
Appendix 33 The Forensic Laboratory Code of Ethics
Appendix 34 Termination Checklist
Chapter 19. Accreditation and Certification for a Forensic Laboratory
Abstract
19.1 Accreditation and Certification
19.2 Accreditation for a Forensic Laboratory
19.3 Certification for a Forensic Laboratory
Appendix 1 Typical Conditions of Accreditation
Appendix 2 Contents of an Audit Response
Appendix 3 Management System Assessment Non-conformance Examples
Appendix 4 Typical Closeout Periods
Chapter 20. Emerging Issues
Abstract
20.1 Introduction
20.2 Specific Challenges
Appendix. Acronyms
Bibliography
International Standards
National Standards
Guidance from Authoritative Sources
Index
Glossary
- Edition: 1
- Published: August 30, 2013
- Imprint: Syngress
- Language: English
- Paperback ISBN: 9781597497428
- eBook ISBN: 9781597497459
DW
David Lilburn Watson
David Lilburn Watson heads up Forensic Computing Ltd, a specialist forensic recovery and investigation company. He is responsible for the coordination and efficient delivery of the computer forensic and electronic evidence recovery services, digital investigations, and provides support for a broad range of investigative, security and risk consulting assignments. He is a Certified Fraud Examiner (CFE) and a Certified Information Forensic Investigator (CIFI), a Certified Computer Crime Investigator (CCCI), an Advanced Certified Computer Forensics Technician (CCFT). In addition to specialised forensic certifications he is a Certified Information Security Systems Professional (CISSP), a Certified Information Systems Manager (CISM) and a Certified Information Systems Auditor (CISA). David has also led Forensic Computing Ltd to ISO 27001 and ISO 9001 certification, making FCL one of very few consultancies to hold such important credentials in the field of forensic services.
Affiliations and expertise
Head, Forensic Computing Ltd, London, UKAJ
Andrew Jones
Dr. Andrew Jones is a digital forensic and information security researcher and academic and has developed several tools and processes for the efficient and effective recovery of data from a range of devices. He has also participated and led a number of forensic investigations for criminal and civil cases.
Andrew has been involved in several information security projects for the Government Communications Electronic Security Group (CESG), the Office of the E-Envoy, the police and a defense contractor. He acted as the technical advisor for the then National Crime Squad Data Acquisition and Recovery Team and he is currently on the committees for five information security and computer forensic conferences. He also sat on two working groups of the governments Central Sponsor for Information Assurance National Information Assurance Forum. He holds posts as an adjunct professor at Edith Cowan University in Perth, Australia and the University of South Australia in Adelaide.
He has authored six books in the areas of Information Warfare, Information Security and Digital Forensics, including co-authoring Digital Forensics Processing and Procedures, First Edition.
Affiliations and expertise
Director, Forensic Computing Ltd. London, UKRead Digital Forensics Processing and Procedures on ScienceDirect