Can you prove that an electronic transaction has taken place or an event within cyberspace has occurred? Or, alternatively, can you prove that they cannot have happened? Can you prove who was responsible for a particular activity such as authoring an email or file; or, alternatively can you show that a specific person could not have been the author?
How can responsible companies ensure that, when investigating incidents, the evidence they unearth can be properly preserved, so that it meets the evidential integrity tests that are essential when the material is going to assist law enforcement, cope with civil litigation or make an insurance claim?
Actually, it’s not as hard as it sounds. Well it’s not that hard once you’re read Peter Sommer’s latest (free) book on the subject.
Written for the IAAC, this guide first appeared in 2005. Now in a fourth edition, it continues to be almost the only source of specific information and advice. This version has special sections on the impact of Cloud computing, Bring Your Own Device policies, and the requirement that parties to litigation must disclose to counter-parties the existence of material, including the contents of computers, that may impact the outcome of a trial.
If, rather than just knowing “what” needs to be achieved, you actually want to know “how” to create a forensic readiness plan, then this is the publication for you.
Indeed, I would go so far as to suggest that it would be foolish for any responsible company not to have at least one copy in its possession.
Bitter experience points to the adverse consequences of not having obtained evidence in a sufficiently robust way, so that it can actually be used against an offender. Too many offenders seem to be able to walk away from justice, simply because basic procedural errors were made by the investigating teams. But, by following the advice in this handy (and remarkably comprehensible) guide, businesses might well become much less complacent.
I’ll certainly be stuffing a few copies in Santa’s sack.
“Digital Evidence, Digital Investigations and E-Disclosure: A guide to forensic readiness for organisations, security advisers and lawyers”, Professor Peter Sommer
Informational Assurance Advisory Council, London, 4th edition,
150 pages, Free download from http://www.iaac.org.uk/itemfiles/DigitalInvestigations2013.pdf