Digital Forensic Readiness: Are We There Yet?

Dr. Antonis Mouhtaropoulos, University of Warwick, United Kingdom

Digital forensics deals with the application of scientific knowledge for collecting,analysing, and presenting legal evidence. While most organisations rely on planning the post-incident investigation and procedures by developing an Incident Response Plan, they do not consider on preparing systems, procedures and staff before an incident occurs. Such preparation and planning is defined as Digital Forensic Readiness (DFR) Planning and involves the identification, preservation and storage of digital evidence.

Digital ForensicReadinessí basic objective is to maximise an organisationís ability to collect and use(admissible in-court) digital evidence, while minimising the cost of forensics on incidentresponse. Existing literature on DFR focuses on first line incident response, training requirements, tools enhancement and digital evidence management. It is quite true that setting up the above will increase the forensic readiness of an organization. Yet in reality (in a profit-oriented market) the most importantfactor is cost minimisation.

The inadequacy of technical research and legislations and the ever-increasing need for evidence preservation mechanisms has brought the need for a common forensic readiness standard. This talk reviews a number of key initiatives in order to point out the directions for future policy making governments and organizations and explores the importance of the application of a proactive forensics plan. Lastly, it conducts an investigation of the limitations of those initiatives to reveal the gaps needed to be bridged.