وبلاگ بلیان

Digital Forensics Processing and Procedures : Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements

معرفی کتاب «Digital Forensics Processing and Procedures : Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements» نوشتهٔ David Lilburn Watson, Andrew Jones، منتشرشده توسط نشر Syngress ; Elsevier Science [distributor در سال 2013. این کتاب در 3 صفحه، فرمت pdf، زبان انگلیسی ارائه شده است.

"This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody - from incident response through analysis in the lab. It provides a step-by-step guide to designing, building and using a digital forensics lab. It is a comprehensive guide for all roles in a digital forensics laboratory. It is based on international standards and certifications."--From Publisher Front Cover Digital Forensics Processing and Procedures: Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practic ... Copyright Contents About the Authors Technical Editor Bio Acknowledgments Preface Chapter 1: Introduction 1.1. Introduction 1.1.1. What is Digital Forensics? 1.1.2. The Need for Digital Forensics 1.1.3. The Purpose of This Book 1.1.4. Book Structure 1.1.5. Who Should Read This Book? 1.1.6. The Need for Procedures in Digital Forensics 1.1.7. Problems with Electronic Evidence 1.1.8. The Principles of Electronic Evidence 1.1.9. Nomenclature Used in This Book Appendix 1 - Some types of cases involving Digital Forensics Criminal cases Civil cases Appendix 2 - Growth of hard disk drives for personal computers Appendix 3 - Disk drive size nomenclature Chapter 2: Forensic Laboratory Accommodation 2.1. The building 2.1.1. General 2.1.2. Business Case 2.1.3. Standards 2.2. Protecting against external and environmental threats 2.3. Utilities and services 2.3.1. Signage 2.3.2. Power and Cabling 2.3.3. Heating, Ventilation, and Air Conditioning 2.3.4. Fire Detection and Quenching 2.3.5. Close Circuit Television and Burglar Alarms 2.3.6. Communications 2.3.7. Water 2.4. Physical security 2.4.1. General 2.4.2. Building Infrastructure 2.4.3. Access Control 2.4.4. On-Site Secure Evidence Storage 2.4.5. Clean Room 2.4.6. Fire Safes 2.4.7. Secure Off-Site Storage 2.5. Layout of the Forensic Laboratory 2.5.1. Separation of Space for Specific Roles and Tasks 2.5.2. Ergonomics 2.5.3. Personal Workspace 2.5.4. Size Estimating 2.5.5. Infrastructure Rooms Appendix 1 - Sample outline for a business case Appendix 2 - Forensic Laboratory Physical Security Policy Introduction Purpose Definitions Scope Audience Policy statements Responsibilities Enforcement, monitoring, and breaches Ownership Review and maintenance Approval Chapter 3: Setting up the Forensic Laboratory 3.1. Setting up the Forensic Laboratory 3.1.1. Forensic Laboratory Terms of Reference 3.1.2. The Status of the Forensic Laboratory 3.1.3. The Forensic Laboratory Principles 3.1.3.1. Responsibilities 3.1.3.2. Integrity 3.1.3.3. Quality 3.1.3.4. Efficiency 3.1.3.5. Productivity 3.1.3.6. Meet Organizational Expectations 3.1.3.7. Health and Safety 3.1.3.8. Information Security 3.1.3.9. Management Information Systems 3.1.3.10. Qualifications 3.1.3.11. Training 3.1.3.12. Maintaining Employee Competency 3.1.3.13. Employee Development 3.1.3.14. Environment 3.1.3.15. Supervision 3.1.3.16. Conflicts of Interest 3.1.3.17. Legal Compliance 3.1.3.18. Accountability 3.1.3.19. Disclosure and Discovery 3.1.3.20. Work Quality 3.1.3.21. Accreditation and Certification 3.1.3.22. Membership of Appropriate Organizations 3.1.3.23. Obtain Appropriate Personal Certifications 3.1.4. Laboratory Service Level Agreements 3.1.5. Impartiality and Independence 3.1.6. Codes of Practice and Conduct 3.1.7. Quality Standards 3.1.8. Objectivity 3.1.9. Management Requirements 3.1.10. Forensic Laboratory Policies 3.1.11. Documentation Requirements 3.1.12. Competence, Awareness, and Training 3.1.13. Planning 3.1.13.1. Risk Assessment and Management 3.1.13.2. Business Impact Analysis 3.1.13.3. Legal and Regulatory Considerations 3.1.14. Insurance 3.1.15. Contingency Planning 3.1.16. Roles and Responsibilities 3.1.17. Business Objectives 3.1.18. Laboratory Accreditation and Certification 3.1.19. Policies 3.1.20. Guidelines and Procedures Appendix 1 - The Forensic Laboratory ToR The vision Scope and objectives Deliverables Boundaries, risks, and limitations Roles, responsibilities, authority, accountability, and reporting requirements Stakeholders Regulatory framework Resources Work breakdown structure and schedule Success Factors Intervention strategies Appendix 2 - Cross reference between ISO 9001 and ISO 17025 Appendix 3 - Conflict of Interest Policy Appendix 4 - Quality Policy Chapter 4: The Forensic Laboratory Integrated Management System 4.1. Introduction 4.2. Benefits 4.3. The Forensic Laboratory IMS 4.3.1. General Requirements 4.3.1.1. Overview 4.3.1.2. Plan 4.3.1.3. Do 4.3.1.4. Check 4.3.1.5. Act 4.3.2. Goals 4.4. The Forensic Laboratory Policies 4.4.1. Policies 4.4.1.1. Legislative 4.4.1.2. ISO High-Level Policy Documents 4.4.1.3. ISO Detailed Policy Documents 4.4.1.4. Forensic Laboratory-Specific Policy Documents 4.4.2. Policy Review 4.4.3. Management Committees 4.5. Planning 4.5.1. Identification and Evaluation of Aspects, Impacts, and Risks 4.5.2. Identification of Legal, Regulatory, and Other Requirements 4.5.3. Contingency Planning 4.5.4. Objectives 4.5.5. Organizational Structures, Roles, Responsibilities, and Authorities 4.6. Implementation and Operation 4.6.1. Operational Control 4.6.2. Management of Resources 4.6.2.1. Provision of Resources 4.6.2.2. Competence, Training, and Awareness 4.6.2.2.1. General Human Resources Training 4.6.2.2.2. Project Training 4.6.2.2.3. Management System-Specific Training 4.6.2.3. Training Records 4.6.2.4. Infrastructure 4.6.2.5. Environment 4.6.3. Documentation Requirements 4.6.3.1. General 4.6.3.2. System Documentation 4.6.3.3. Control of Documents 4.6.3.3.1. Roles and Responsibilities 4.6.3.3.1.1. Document Owner Responsibilities 4.6.3.3.1.2. Document Author Responsibilities 4.6.3.3.1.3. Reviewer Responsibilities 4.6.3.3.1.4. Quality Assurance Manager Responsibilities 4.6.3.3.1.5. Site Owners Responsibilities 4.6.3.3.1.6. Document Registrar Responsibilities 4.6.3.4. Writing and Updating Documents 4.6.3.4.1. Generating a Request 4.6.3.4.2. Researching and Writing/Updating a Document 4.6.3.4.3. Reviewing a Document and Implementing Edits 4.6.3.4.4. Reviewing a Proposal or Work Product and Implementing Edits 4.6.3.4.5. Issuing a Document 4.6.3.4.5.1. Word Documents 4.6.3.4.5.2. HTML Documents 4.6.3.4.6. Reviewing Management System or Business Process Documents 4.6.4. Control of Records 4.6.5. Communication 4.7. Performance assessment 4.7.1. Monitoring and Measurement 4.7.2. Evaluation of Compliance 4.7.3. Internal Auditing 4.7.3.1. Overview 4.7.3.2. Audit Responsibilities 4.7.3.2.1. Owners 4.7.3.2.2. Auditors 4.7.3.2.3. Auditees 4.7.3.3. Auditing Management System(s) 4.7.3.4. Audit Planning Charts 4.7.3.5. Audit Non-Compliance Definitions 4.7.3.5.1. Major Non-Compliance 4.7.3.5.1.1. Definition 4.7.3.5.1.2. Examples 4.7.3.5.2. Minor Non-Compliance 4.7.3.5.2.1. Definition 4.7.3.5.2.2. Examples 4.7.3.5.3. Observation 4.7.3.6. Planning an Internal Audit 4.7.3.7. Conducting an Internal Audit 4.7.3.8. Preparing the Audit Report 4.7.3.9. Completing the Audit 4.8. Continuous improvement 4.8.1. Handling of Non-Conformities 4.8.2. Planning and Implementing Corrective Actions 4.8.3. Determining Preventive Action 4.8.4. Corrective and Preventive Action Requests 4.8.5. Corrective and Preventive Action Ownership 4.8.6. Corrective and Preventive Action Oversight 4.9. Management Reviews 4.9.1. General 4.9.2. Review Input 4.9.3. Review Output 4.9.4. Agendas Appendix 1 - Mapping ISO Guide 72 requirements to PAS 99 Appendix 2 - PAS 99 glossary Appendix 3 - PAS 99 mapping to IMS procedures Appendix 4 - The Forensic Laboratory Goal Statement Appendix 5 - The Forensic Laboratory Baseline Measures Appendix 6 - Environment Policy Appendix 7 - Health and Safety Policy Appendix 8 - Undue Influence Policy Gifts Corporate Hospitality Hospitality and Gifts Register Breaches of this Policy Appendix 9 - Business Continuity Policy Appendix 10 - Information Security Policy Appendix 11 - Access Control Policy Appendix 12 - Change or Termination Policy Appendix 13 - Clear Desk and Clear Screen Policy Clear Desk Policy Clear Screen Policy Appendix 14 - Continuous Improvement Policy Appendix 15 - Cryptographic Control Policy Appendix 16 - Document Retention Policy Business and Regulatory Contracts and Contractors Property and land Premises operations and maintenance inspections Waste management Assets Training records Appendix 17 - Financial Management Policy Appendix 18 - Mobile Devices Policy Users The Forensic Laboratory USB devices Protection of data General information Appendix 19 - Network Service Policy Appendix 20 - Personnel Screening Policy Screening employees at recruitment stage Temporary and contract staff Appendix 21 - Relationship Management Policy Appendix 22 - Release Management Policy Appendix 23 - Service Management Policy Appendix 24 - Service Reporting Policy Appendix 25 - Third-Party Access Control Policy Appendix 26 - Acceptable Use Policy General Purpose Applicability Responsibilities Acceptable use Personal use Unacceptable use E-mail policy Loss and damage Deletion of data Backup services Software and hardware auditing Removal of equipment Telephone systems Access by third parties Investigation of information security incidents Reporting information security incidents Some relevant legislation and regulation Appendix 27 - Audit Committee Title Constitution Authority Membership Agenda and minutes Attendance at meetings Frequency of meetings Responsibilities Financial Reporting Internal Controls and Management Systems Whistle Blowing and the Code of Conduct Internal Audit External Audit Other Reporting Procedures Review of Terms of Reference Appendix 28 - Business Continuity Committee Title Constitution Authority Membership Agenda and minutes Attendance at meetings Frequency of meetings Responsibilities Reporting procedures Review of Terms of Reference Appendix 29 - Environment Committee Title Constitution Authority Membership Agenda and minutes Attendance at meetings Frequency of meetings Responsibilities Reporting procedures Review of Terms of Reference Appendix 30 - Health and Safety Committee Title Constitution Authority Membership Agenda and minutes Attendance at meetings Frequency of meetings Responsibilities Reporting procedures Review of Terms of Reference Appendix 31 - Information Security Committee Title Constitution Authority Membership Agenda and minutes Attendance at meetings Frequency of meetings Responsibilities Reporting procedures Review of Terms of Reference Appendix 32 - Quality Committee Title Constitution Authority Membership Agenda and minutes Attendance at meetings Frequency of meetings Responsibilities Reporting procedures Review of Terms of Reference Appendix 33 - Risk Committee Title Constitution Authority Membership Agenda and minutes Attendance at meetings Frequency of meetings Responsibilities Reporting procedures Review of Terms of Reference Appendix 34 - Service Delivery Committee Title Constitution Authority Membership Agenda and minutes Attendance at meetings Frequency of meetings Responsibilities Reporting procedures Review of Terms of Reference Appendix 35 - Whistle Blowing Policy Appendix 36 - Management Review Agenda Appendix 37 - Document control checklist Digital Forensics Procedures Appendix 38 - Document metadata Header Classification Logo Subject Document Details Table Title Subject Synopsis Author(s) Keywords Issue Release Date File Name Status Deliverability Page Count Signature Proposal Wording Footer Copyright Copy Number Page Number Classification Second and subsequent pages Appendix 39 - File-naming standards Documents and records Draft documents Issued documents The IMS Appendix 40 - Watermarks in use in the Forensic Laboratory Appendix 41 - Document review form Appendix 42 - IMS calendar Appendix 43 - Audit Plan Letter Objectives of the audit Scope of the audit Audit schedule Audit report Appendix 44 - Audit reporting form Appendix 45 - CAR/PAR form Appendix 46 - Opening meeting agenda Appendix 47 - Closing meeting agenda Appendix 48 - Audit report template Appendix 49 - Root Causes for Non-Conformity Chapter 5: Risk Management 5.1. A Short History of Risk Management 5.2. An Information Security Risk Management Framework 5.2.1. Some Definitions 5.2.2. Overview 5.2.3. Critical Success Factors 5.2.4. Information Security Risk Components 5.2.4.1. The Components 5.2.4.2. Relationship Between the Components 5.3. Framework Stage 1-ISMS Policy 5.3.1. Overview 5.3.2. Establish the Context and Scope 5.3.2.1. External Context 5.3.2.2. Internal Context 5.3.2.3. Establish the Scope 5.3.2.4. Risk Evaluation Criteria 5.3.3. ISMS Policy Content and Format 5.3.3.1. Statement of Executive Intent 5.3.3.2. Responsibilities and Accountabilities 5.3.3.3. General Direction 5.3.3.4. Policy Review and Ownership 5.3.4. Information Security Policy Communication 5.4. Framework Stage 2: Planning, Resourcing, and Communication 5.4.1. Management Commitment 5.4.2. Planning 5.4.3. Responsibility and Authority 5.4.3.1. Cross-Functional Fora 5.4.3.2. Information Security Manager 5.4.3.3. Information Security Management Team 5.4.3.4. Resource Owners 5.4.3.5. Custodians 5.4.3.6. Information Users 5.4.4. Resourcing 5.4.5. Communications and Consultation 5.4.5.1. Communications 5.4.5.2. Consultation 5.5. Framework Stage 3: Information Security Risk Management Process 5.5.1. Overview 5.5.2. Benefits to the Organization of Risk Management 5.5.3. Principles for Managing Risks 5.5.4. A Generic Approach to Risk Management 5.5.5. Step 1: Communication and Consultation 5.5.5.1. Overview 5.5.5.2. Defining Communication and Consultation 5.5.5.3. The Importance of Communication and Consultation 5.5.5.4. Developing Trust 5.5.5.5. Developing a Process of Risk Communication and Consultation 5.5.5.5.1. Stakeholder Identification 5.5.5.5.2. The Risk Communication and Consultation Plan 5.5.6. Step 2: Define the Approach to Risk Assessment 5.5.6.1. Establish the Strategic Context 5.5.6.2. Establish the Organizational Context 5.5.6.3. Establish the Risk Management Context 5.5.6.4. Develop Risk Evaluation Criteria 5.5.6.5. Define the Information Assets 5.5.6.6. Information Classification and Labeling 5.5.6.7. Outputs 5.5.7. Step 3: Undertake a Risk Assessment 5.5.7.1. Risk Identification 5.5.7.2. Risk Analysis 5.5.7.3. Recommended Approach 5.5.7.3.1. High-level risk analysis 5.5.7.3.2. Inter-dependencies 5.5.7.3.3. Detailed risk analysis 5.5.7.4. Risk Evaluation 5.5.7.5. Outputs 5.5.8. Step 4: Manage the Risk 5.5.8.1. Managing the Risk 5.5.8.2. Outputs 5.5.9. Step 5: Select Controls 5.5.9.1. Risk Appetite 5.5.9.2. Baseline Approach 5.5.9.3. Factors Influencing Control Selection 5.5.9.4. Some Constraints Affecting Control Selection 5.5.9.5. Outputs 5.5.10. Step 6: Prepare Statement of Applicability 5.5.11. Step 7: Management Approval 5.5.12. Records and Documentation 5.6. Framework Stage 4: Implementation and Operational Procedures 5.6.1. Implementation of the Risk Treatment Plan 5.6.2. Implementation of Controls 5.6.3. Training 5.7. Framework Stage 5: Follow-up Procedures 5.7.1. Follow-Up 5.7.1.1. Compliance Checking 5.7.1.2. Configuration Management 5.7.1.3. Information Security Incident Handling 5.7.1.4. Maintenance 5.7.1.5. Monitoring Appendix 1 - Sample Communication Plan Appendix 2 - Sample Information Security Plan Describe the Asset Information Security Requirements Risk Assessment Methodology Review of Security Controls Threats and Vulnerabilities Value of Assets Level of Protection Required Acceptable Level of Risk Organizational and Management Controls Appendix 3 - Asset Type Examples Appendix 4 - Asset Values Appendix 5 - Consequences Table Appendix 6 - Some Common Business Risks Appendix 7 - Some Common Project Risks Appendix 8 - Security Threat Examples Appendix 9 - Common Security Vulnerabilities Communications Documents Environment and Infrastructure Generally Applying Vulnerabilities Hardware Human Resources Software and System Management Appendix 10 - Risk Management Policy Appendix 11 - The IMS and ISMS Scope Document General Overview of the Forensic Laboratory Organization Location Assets Technology Hardware Computers Network Equipment Servers Printers Other Peripherals Operating Systems Desktop Server Network Operating System Desktop Applications Diagrams Exclusions (ISO 9001) Scope Statement Appendix 12 - Criticality Ratings Appendix 13 - Likelihood of Occurrence Five-Level Likelihood Table Ten-level Likelihood Table Appendix 14 - Risk Appetite Appendix 15 - Security controls from CobIT and NIST 800-53 CobIT Controls Planning and Organization Acquisition and Implementation Delivery and Support Monitoring NIST SP 800-53 Appendix 16 - Information Classification Public Internal Use Only Confidential Strictly Confidential Appendix 17 - The Corporate Risk Register Appendix 18 - Comparison Between Qualitative and Quantitative Methods Appendix 19 - Mapping Control Functions to ISO 27001 Appendix 20 - Mapping Security Concerns to ISO 27001 Appendix 21 - SoA Template Mandatory SoA Annex A Controls not in Annex A Appendix 22 - The Forensic Laboratorys Security Metrics report Appendix 23 - Mapping ISO 31000 and ISO 27001 to IMS Procedures Chapter 6: Quality in the Forensic Laboratory 6.1. Quality and Good Laboratory Practice 6.2. Management Requirements for Operating the Forensic Laboratory 6.2.1. Forensic Laboratory Organization 6.2.1.1. Legal Status 6.2.1.2. Ownership 6.2.1.3. Organization 6.2.1.4. Job Descriptions 6.2.1.5. Authorities and Responsibilities 6.2.1.6. Impartiality and Independence 6.2.1.7. Finances 6.2.1.8. Insurance 6.2.1.9. Accreditation and Certification 6.2.2. Operations 6.2.2.1. Business Planning Within the Forensic Laboratory 6.2.2.2. Managing the Forensic Laboratory 6.2.2.3. Service to Clients 6.2.2.4. Management System (The IMS) 6.2.2.5. Applicability of the IMS 6.2.2.6. Confidentiality of Information 6.3. ISO 9001 for the Forensic Laboratory 6.3.1. Goal 6.3.2. Quality Policy 6.3.3. Quality Policy Statements 6.3.4. Scope of the Quality Management System 6.3.5. Using a Client's QMS 6.3.6. Benefits to the Forensic Laboratory of ISO 9001 Certification 6.4. The Forensic Laboratorys QMS 6.5. Responsibilities in the QMS 6.6. Managing Sales 6.6.1. Handling a Sales Enquiry 6.6.2. A New Client 6.6.2.1. Attending an Initial Meeting for a New Client 6.6.2.2. Setting up a Client Virtual File 6.6.2.3. The Proposal Creation Life Cycle 6.6.2.3.1. Planning for the Information Gathering Meeting 6.6.2.3.2. Attending an Information Gathering Meeting 6.6.2.3.3. Writing the First Draft of the Proposal 6.6.2.3.4. Internally Reviewing the Proposal 6.6.2.3.5. Issuing the Proposal 6.6.2.4. The Proposal Review Life Cycle 6.6.2.4.1. Planning the Review 6.6.2.4.2. Reviewing the Proposal with the Client 6.6.2.4.3. Approving the Case 6.6.2.4.4. Following up the Review 6.6.3. An Existing Client 6.7. Product and Service Realization 6.7.1. Planning of Product Realization 6.7.2. Client-Related Processes 6.7.3. Design and Development 6.7.4. Purchasing 6.7.5. Product and Service Provision 6.8. Reviewing Deliverables 6.8.1. Reviewing the Document Internally 6.8.2. Implementing Edits Internally 6.8.3. Issuing the Document 6.8.4. Reviewing the Document with the Client 6.8.5. Following up the Review 6.9. Signing off a Case 6.10. Archiving a Case 6.11. Maintaining Client Confidentiality 6.12. Technical Requirements for the Forensic Laboratory 6.12.1. General 6.12.2. Benefits of ISO 17025 6.12.3. The Laboratory Manager 6.12.4. Key Questions ISO 17025 Answers 6.12.5. Technical Qualifications 6.12.6. Accommodation and Environmental Conditions 6.12.6.1. Accommodation 6.12.6.2. Environment 6.12.6.3. Health and Safety 6.12.6.4. Off-Site Issues 6.12.6.5. Other Issues 6.12.7. Test Methods and Validation 6.12.8. Equipment 6.12.9. Measurement Traceability 6.12.10. Administration of Forensic Case Work and Sampling 6.12.11. Assuring Technical Quality of Products and Services 6.12.12. Case Processing Reports 6.13. Measurement, Analysis, and Improvement 6.13.1. Monitoring and Measurement 6.13.2. Control of Non-conforming Product 6.13.3. Case Processing Audits 6.13.4. Analysis of Data 6.13.5. Improvement 6.14. Managing Client Complaints 6.14.1. Responsibilities for Managing Client Complaints 6.14.1.1. Laboratory Manager 6.14.1.2. Service Desk 6.14.1.3. Client Complaint Process Appendix 1 - Mapping ISO 9001 to IMS Procedures Appendix 2 - Mapping ISO 17025 to IMS Procedures Appendix 3 - Mapping SWGDE Quality Requirements to IMS Procedures Appendix 4 - Mapping NIST-150 Quality Requirements to IMS Procedures Appendix 5 - Mapping ENFSI Quality Requirements to IMS Procedures Appendix 6 - Mapping FSR Quality Requirements to IMS Procedures Appendix 7 - Quality Manager, Job Description Objective and Role Problems and Challenges Principal Accountabilities Authority Contacts Internal External Reports to Appendix 8 - Business Plan Template Executive Summary Description of the Forensic Laboratorys Business Situational Audit (Current Situation) Aims and Objectives (Target Situation) Strategy and Tactics (How to Get There) Marketing Plan Operations Plan Management, Staffing, and Organization Financial Plan Appendix 9 - Business KPIs Appendix 10 - Quality Plan Contents Appendix 11 - Induction Checklist Contents Prior to Employee Starting On the First Day Company and Role Details Introduction to the Forensic Laboratory Role Details General Information Capture Personal Details Work Details Bank Details Next of Kin Details Comments Employee Number and Identity Documentation Received Issued Training General Training Management System Training Appendix 12 - Induction Feedback Appendix 13 - Standard Proposal Template Appendix 14 - Issues to Consider for Case Processing Appendix 15 - Standard Quotation Contents Appendix 16 - Standard terms and conditions Appendix 17 - ERMS Client Areas Appendix 18 - Cost Estimation Spreadsheet Case Start Up Case Processing Maintaining Cases After Processing has Finished Appendix 19 - Draft Review Form Appendix 20 - Client Sign-off and Feedback Form Case Details Feedback Case Result Sign-Off Appendix 21 - Information Required for Registering a Complaint Appendix 22 - Complaint Resolution Timescales Appendix 23 - Complaint Metrics Appendix 24 - Laboratory Manager, Job Description Objective and Role Problems and Challenges Principal Accountabilities Authority Contacts Internal External Reports to Appendix 25 - Forensic Analyst, Job Description Objective and Role Problems and Challenges Principal Accountabilities Authority Contacts Internal External Reports to Appendix 26 - Training Agenda Digital Evidence Recovery Staff Network investigators Appendix 27 - Some Individual Forensic Certifications Appendix 28 - Minimum Equipment Records Required by ISO 17025 Appendix 29 - Reference Case Tests Appendix 30 - ISO 17025 Reporting Requirements Appendix 31 - Standard Forensic Laboratory Report Chapter 7: IT Infrastructure 7.1. Hardware 7.1.1. Accommodation 7.1.2. Servers 7.1.3. Desktop Workstations 7.1.4. Mobile Devices 7.1.5. Business Peripherals 7.1.6. Forensic Servers 7.1.7. Desktop Forensic Workstations 7.1.8. Mobile Forensic Workstations 7.1.9. Building Forensic Workstations 7.1.10. Dedicated Forensic Hardware 7.1.11. Forensic Peripherals 7.2. Software 7.2.1. Operating Systems 7.2.2. Desktop Applications 7.2.3. COTS Forensic Tools 7.2.4. VM Ware 7.2.5. Open Source Tools 7.2.6. Updates 7.2.7. Upgrades 7.3. Infrastructure 7.3.1. Equipment 7.3.2. Securing of Cabling 7.3.2.1. Procedure for Siting and Protecting IT Cabling 7.3.3. Isolating Sensitive Systems 7.3.4. Siting and Protecting IT Equipment 7.3.4.1. Procedure for Siting and Protecting IT Equipment 7.3.5. Securing Supporting Utilities 7.4. Process management 7.4.1. Incident Management 7.4.1.1. Role of the Service Desk 7.4.1.2. Classification of Incidents and Resolution Times 7.4.1.3. Incident Management Responsibilities 7.4.1.3.1. Service Desk 7.4.1.3.2. Service Desk Manager 7.4.1.3.3. Management System Manager(s) 7.4.1.3.4. IT Department 7.4.1.3.5. Other Specialist Employees 7.4.1.3.6. Employees 7.4.1.3.7. Clients 7.4.1.4. Incident Management Procedures 7.4.1.4.1. Receiving and Categorizing an Incident 7.4.1.4.2. Investigating an Incident 7.4.1.4.3. Resolving an Incident 7.4.1.4.4. Closing an Incident 7.4.1.5. Critical Incident Management 7.4.1.6. Reviewing Incidents 7.4.1.7. Evidence Collection 7.4.2. Problem Management 7.4.2.1. Responsibilities 7.4.2.1.1. Problem Manager 7.4.2.1.2. Service Desk 7.4.2.1.3. IT Department 7.4.2.2. Recording and Classifying a Problem 7.4.2.3. Investigating and Diagnosing a Problem 7.4.2.4. Resolving a Problem 7.4.2.5. Closing a Problem 7.4.2.6. Reviewing Problems 7.4.3. Change Management 7.4.3.1. General 7.4.3.2. Types of Change 7.4.3.3. Change Status 7.4.3.4. Change Management Responsibilities 7.4.3.4.1. Change Manager 7.4.3.4.2. Requestor 7.4.3.4.3. Change Advisory Board 7.4.3.4.4. The IT Department 7.4.3.5. Managing a Standard Change 7.4.3.6. Managing a Normal Change 7.4.3.7. Managing an Emergency Change 7.4.3.7.1. Managing an Emergency Change 7.4.3.8. Managing Changes to Third Party Services 7.4.3.9. Managing Changes to Forensic Workstations 7.4.3.10. Outsource Providers 7.4.4. Release Management 7.4.4.1. Roles and Responsibilities 7.4.4.1.1. Release Manager 7.4.4.1.2. Release Team 7.4.4.1.3. Users 7.4.4.2. Managing a Release 7.4.5. Configuration Management 7.4.5.1. Configuration Management and Information Security 7.4.5.1.1. Information Assets 7.4.5.1.2. Software Assets 7.4.5.1.3. Physical Assets 7.4.5.1.4. Services 7.4.5.2. Roles and Responsibilities 7.4.5.2.1. Resource Owner 7.4.5.2.2. Custodian 7.4.5.2.3. Configuration Manager 7.4.5.2.4. Configuration Librarian 7.4.5.3. Producing a Configuration Management Plan 7.4.5.4. Implementing Configuration Management 7.4.5.5. Maintaining Configuration Items 7.4.5.5.1. Adding a New Configuration Item 7.4.5.5.2. Changing a Configuration Item 7.4.5.5.3. Deleting a Configuration Item 7.4.5.6. Maintaining the Definitive Libraries 7.4.5.7. Auditing Configuration Items 7.4.5.8. Producing Configuration Reports 7.4.6. Capacity Management 7.4.6.1. Roles and Responsibilities 7.4.6.1.1. Capacity Manager 7.4.6.1.2. IT Manager 7.4.6.2. Scope of Capacity Planning 7.4.6.3. Monitoring System Capacity 7.4.6.4. Reviewing System Capacity 7.4.7. Service Management 7.4.7.1. Planning for Service Management 7.4.7.2. Implementing Service Management 7.4.7.3. Monitoring and Reviewing Service Management 7.4.8. Managing Service Improvement 7.4.8.1. Planning and Implementing Service Improvements 7.4.9. Service Reporting 7.4.9.1. Producing Service Reports 7.4.10. Managing Logs 7.4.10.1. Roles and Responsibilities 7.4.10.1.1. Information Security Manager 7.4.10.1.2. Asset Owners 7.4.10.1.3. IT Department 7.4.10.2. Audit, Operator, and Administrator Logging Guidelines 7.4.10.3. Checking Operator and Administrator Logs Procedure 7.4.10.4. Reviewing Event Logs 7.4.10.5. Protection of Log Information 7.4.10.6. Managing Fault Logs 7.4.10.6.1. Guidelines for Fault Logging 7.4.10.6.2. Resolving Faults 7.4.10.6.3. Reviewing Faults 7.4.10.6.4. Checking Fault Logs 7.5. Hardware Management 7.5.1. Maintaining IT Equipment 7.5.1.1. Maintaining and Servicing IT Equipment 7.5.2. Managing Voice Communications 7.5.2.1. Guidelines for Voice Communications 7.5.2.2. Reviewing Voice Communications Security 7.5.2.3. Voice Recording System 7.5.2.4. Voice Recording System Guidelines 7.5.2.5. Procedures for Retrieving Calls 7.5.3. Managing the Video Surveillance System 7.5.3.1. Roles and Responsibilities 7.5.3.1.1. Information Security Manager 7.5.3.1.2. IT Department 7.5.3.2. Video Surveillance System Guidelines 7.5.3.3. Procedures for Retrieving Video Recordings 7.5.4. Equipment Maintenance 7.5.5. Tool Validation 7.5.5.1. Requirements 7.5.5.2. Benefits of Independent Validation and Testing 7.5.5.3. Tool Testing and Validation in the Forensic Laboratory 7.5.5.4. Roles and Responsibilities 7.5.5.4.1. Laboratory Manager 7.5.5.4.2. Forensic Analyst 7.5.5.5. Planning for Validation and Testing 7.5.5.6. Testing and Validating Procedure 7.5.5.7. Review, Retesting, and Revalidating 7.6. Software Management 7.6.1. Controlling Malicious Software 7.6.1.1. An Overview of Malicious Software Control 7.6.1.2. Roles and Responsibilities 7.6.1.2.1. Service Desk 7.6.1.2.2. IT Department 7.6.1.2.3. IT Manager 7.6.1.3. Maintaining Malware Protection 7.6.1.4. Handling a Malware Outbreak 7.6.1.5. Processing Bounced E-mails 7.6.1.6. Maintaining Blacklists and Graylists 7.6.1.7. Information Leakage 7.6.2. Control of Technical Vulnerabilities 7.6.2.1. Roles and Responsibilities 7.6.2.1.1. IT Department 7.6.2.1.2. Information Security Manager 7.6.2.2. Evaluation of Assets at Risk 7.6.2.3. Vulnerability Management Process 7.6.3. Implementing Software Patches and Updates 7.6.3.1. An Overview of Software Patches and Updates 7.6.3.2. Roles and Responsibilities 7.6.3.2.1. IT Department 7.6.3.2.2. IT Manager 7.6.3.3. Implementing Patches and Updates on Servers 7.6.3.4. Implementing Patches and Updates on Workstations, PCs, and Laptops 7.7. Network Management 7.7.1. Managing Network Security 7.7.1.1. Guidelines for Network Management 7.7.1.2. Network Design 7.7.1.3. Network Resilience 7.7.1.4. Network Documentation 7.7.1.5. Traffic Management and Control 7.7.1.6.Device Configuration 7.7.1.7. Traffic Filtering 7.7.1.8. Monitoring the Network 7.7.1.9. Reviewing and Assessing Network Security 7.7.2. Controlling Network Access 7.7.2.1. Segregation in Networks 7.7.2.2. Network Connection Control 7.7.2.3. Network Routing Control 7.7.2.4. Reviewing and Assessing Network Access Controls 7.7.3. Remote Connections 7.7.3.1. Guidelines for Remote Connections 7.7.3.2. Managing Remote Connections 7.7.3.3. Managing Third Party Remote Access 7.7.3.3.1. Roles and Responsibilities 7.7.3.3.1.1. Service Desk 7.7.3.3.1.2. IT Manager Information Security Manager 7.7.3.3.1.3. Granting Remote Access 7.7.3.4. Reviewing and Revoking Remote Access 7.7.4. Managing Backups 7.7.4.1. An Overview of Backups 7.7.4.2. Roles and Responsibilities 7.7.4.2.1. IT Manager 7.7.4.2.2. Information Owners 7.7.4.3. Checking Daily Backups 7.7.4.4. Performing Restores from a Backup 7.7.4.6. Disposing of Damaged Backup Media 7.7.4.6. Tape Cleaning and Retensioning 7.7.5. Synchronizing System Clocks Appendix 1 - Some Forensic Workstation Providers Appendix 2 - Some Mobile Forensi
دانلود کتاب Digital Forensics Processing and Procedures : Meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and Best Practice Requirements