The Importance of the Three P's in the Investigation

""

John William Walker  (1*)

(1) Nottingham Trent University, United Kingdom
(*) Corresponding Author

Abstract

This article introduces the importance of process during the investigation and the acquisition phases of logical/physical artifacts which may be required during the course of such professional engagement. The article then focuses on the necessity to have a robust supportive framework in a state of preparedness to facilitate the First Responders and CSIRT (Computer Security Incident Response Team) with the necessary underpin to support such investigative engagements – considering effective and pragmatic Policies, Case Management, operational Security Protocols (Run-Books) and all other necessary attributes to underpin a professional, prepared posture from which a team may effectively, and robustly engage an investigation/incident. To elaborate on the importance of such an approach, we outline a number of real-world cases where ineffective processes and controls were applied. Finally, we review the essential elements of securely managing case-related data, and the absolute need to apply security mechanisms such as Certified Standards of FIPS-140-2 encryption to secure sensitive case related assets to assure they are robustly protected at all stages of their life cycle when they are in physical transit, or when they are at rest, associated with a desk-bound PC. The end objective to the entire article is to stress an absolute need to apply process to, as far as is practicable, to achieve positive conclusions from any investigation or incident which has been engaged.

Keywords

DFIR; Digital Forensics; Incident Response; Cybersecurity

Citation Metrics



Full Text:

PDF PDF

References

College of Policing – Digital and Cyber Crime. Retrieved from VIEW ITEM

Database, U. a. I. UK and Ireland Database COPINE Scale. VIEW ITEM

Enisa - CSIRT'S in Europe. Retrieved from VIEW ITEM

Hassan, N., & Hijazi, R. (2017). Digital Privacy and Security Using Windows: A Practical Guide: Apress. https://doi.org/10.1007/978-1-4842-2799-2

iStorage. Encrypted Drives. Retrieved from VIEW ITEM

Officers, A. o. C. P. (2012). ACPO - Good Practice Guide for Digital Evidence. Retrieved from VIEW ITEM

Wikipedia. FIPS 140/2. Retrieved from VIEW ITEM