Key Activities |
Activities Specific to this Case |
Date Performed |
Define the scenarios that require
digital evidence. |
Objectives of the case defined by the ADA: ·
Forensically evaluate the evidence
to try to determine the events that led to Victim’s suicide ·
Identify the perpetrators
responsible |
May 23, 2017 |
Identify available sources
and different types of potential evidence. |
Sources identified include: Victim’s computer, Facebook account
and Match.com account. Types of potential evidence include hardware, software
(email, jpeg’s, chat logs, etc.) |
June 1st, 2017 |
Determine the evidence collection
requirement. |
Victim’s laptop will be submitted to the investigator in an
anti-static bag. |
June 2nd 2017 |
Establish a capability for
securely gathering legally admissible evidence to meet the requirement. |
The investigator will evaluate and document the condition and
state of Victim’s computer. |
June 2nd 2017 |
Establish a policy for secure
storage and handling of potential evidence. |
Investigator has an established policy for storing and handling
evidence that is certified under ISO 27001 Chapter 6; current to 2017
standards. For the purposes of this case, all evidence collected, handled and
stored was compliant to this policy. |
January 15, 2017 for ISO 27001 certification (renewed) June 2nd 2017 for Victim’s
laptop |
Ensure monitoring is targeted to
detect and deter major incidents. |
CCTV cameras (both hidden and obvious) monitor the evidence
locker The temperature of the laboratory and evidence storage locker is
set to a range of 55 to 90 deg Fahrenheit. The HVAC system will automatically engage
if the ambient temperature falls outside this predefined range (Poland,
n.d.). |
Ongoing maintenance performed every six months |
Specify circumstances when
escalation to a full formal investigation (which may use the digital
evidence) should be launched. |
Example circumstances the investigator will escalate to proper
authorities during the investigation: · Evidence
of child pornography or abuse · Hate
crimes against race, religion, gender, sexual orientation · Evidence
involving timing of potential terrorist acts |
Ongoing as means to the investigators policies |
Train staff in incident
awareness, so that all those involved understand their role in the digital
evidence process and the legal sensitivities of evidence. |
Investigator and any staff employed by investigator are required
to maintain current certification status of at least 2 of the following
annually which equates to 12-18 credit hours per year (CISSP, CEH, CCFP, EnCe, CCE, CFCE, CSFA) |
Monitored annually |
Document an evidence-based case
describing the incident and its impact. |
Currently on-going for this specific case |
|
Ensure legal review to facilitate
action in response to the incident. |
Currently on-going for this specific case |
|
Appendix A – Forensic Readiness Checklist (Carolina Crime Report, 2013)