Incident Response Plan
Digital Forensics Team
Most organizations cannot sustain a permanent digital forensics team. In most organizations, such expertise is so rarely called upon that it may be better to collect the data and then outsource the analysis component to a regional expert. The organization can then maintain an arm’s-length distance from the case and have additional expertise to call upon in the event the process ends in court. Even so, there should be people in the InfoSec group trained to understand and manage the forensics process. Should a report of suspected misuse from an internal or external individual arise, this person or group must be familiar with digital forensics procedures in order to avoid contaminating potential EM. This expertise can be obtained by sending staff members to a regional or national InfoSec conference with a digital forensics track, or to dedicated digital forensics training.
Listen webReader by ReadSpeaker- Settings
- Reading LanguageAmerican English - Female - Selected American English - Male Australian English British English
- Read on Hover
- Enlarge Text
- Text Mode
- Page Mask
- Download mp3
- Help