Can you prove that an electronic transaction has taken place or an event within cyberspace has occurred? Or, alternatively, can you prove that they cannot have happened? Can you prove who was responsible for a particular activity such as authoring an email or file; or, alternatively can you show that a specific person could not have been the author?
How can responsible companies ensure
that, when investigating incidents, the evidence they unearth can be properly preserved,
so that it meets the evidential integrity tests that are essential when the
material is going to assist law enforcement, cope with civil litigation or make
an insurance claim?
Actually, it’s not as hard as it
sounds. Well it’s not that hard once you’re read Peter Sommer’s latest (free) book
on the subject.
Written for the IAAC, this guide first
appeared in 2005. Now in a fourth edition, it continues to be almost the only
source of specific information and advice.
This version has special sections on the impact of Cloud computing,
Bring Your Own Device policies, and the requirement that parties to litigation
must disclose to counter-parties the existence of material, including the
contents of computers, that may impact the outcome of a trial.
If, rather than just knowing “what”
needs to be achieved, you actually want to know “how” to create a forensic readiness
plan, then this is the publication for you.
Indeed, I would go so far as to
suggest that it would be foolish for any responsible company not to have at
least one copy in its possession.
Bitter experience points to the
adverse consequences of not having obtained evidence in a sufficiently robust
way, so that it can actually be used against an offender. Too many offenders
seem to be able to walk away from justice, simply because basic procedural
errors were made by the investigating teams. But, by following the advice in
this handy (and remarkably comprehensible) guide, businesses might well become much
less complacent.
I’ll certainly be stuffing a few copies
in Santa’s sack.
Source:
“Digital Evidence, Digital
Investigations and E-Disclosure: A guide to forensic readiness for
organisations, security advisers and lawyers”, Professor Peter Sommer
Informational Assurance Advisory
Council, London, 4th edition,
Posts
