Digital forensic investigation process

Hi Anuar,

We can help you in this requirement.

Pl share further details to my mail id narayananr@qassure.com we can work on your request.

Regards,
Narayanan
+65-87989794

Hi Anuar,

We can help you in this requirement.

Pl share further details to my mail id narayananr@qassure.com we can work on your request.

Regards,
Narayanan
+65-87989794

hi Narayanan.
in what way can you help? what do your company provided in term of helping us setup the digital forensic investigation team? and your company based.. tq sir

Hi Anuar,

If you share your contact details or mail me your details. we can take it offline.

Regards,
Narayanan

If you have a background in technology, forensics is something that can be picked up gradually. But in your immediate situation i would focus on learning the basics (in no particular order)

1. Data Integrity - for all investigations, knowing how to preserve evidence is crucial in your situation. Know how to acquire without modifying the data with correct tools and procedures.

2. Legal - get input and guidance from your legal team on what you can and cannot do.

3. Read - tons of whitepapers on this website also at NIST, SANS.org, http//www.dfir.training and other locations with guidance on forensic best practices and also how to build a team.

4. Get help - training or temporary consulting services can help you get started.

5. Tools - best to know what you want to do before you start buying things. Lots of tools, lots of opinions on which is best for the job.

Good luck.

due to one major incident involving data theft and unauthorized disclosure of sensitive information, my company want to setup digital forensic investigation team. I have zero knowledge on digital forensic investigation process so what I need to do first and is there any best practice regarding digital forensic investigation process that I can follow.

While it's not clear from your description that establishing a forensic investigation team is the correct response, I must assume that you already have the incident response and management parts under control, and that you have sufficiently many incidents that require forensic investigation for you to set up your own team instead of finding a suitable partner who works, possibly specializes, in that particular area.

Do you have the goals down? What should this kind of team do? Forensic incidents exclusively? Or some kind of combination of multiple things? What other goals do you have? Is the forensic readiness of your organization already in place, or do you need to ensure that the IT infrastructrure gets a brush-up? You won't be able to answer the question, it seems, if you don't have the expertise. And you need it, if your next incident involving forensics should be done reasonably well.

In any case case, the first step is very probably to find a suitable team manager, and hand over the job to him/her. Now, as digital forensics is an area of expertise, we're not talking about just any kind of project leader or team leader. It should to be someone who understand the business. And if the team should be useful at your very next incident, it needs to be people who have a certain degree of experience in the field already.

And … are you finding team members in-house (say, IT or security people who already have the necessary technical expertise of your systems – which would be very useful in one way)? Better ensure that they're not key personnel, because if you get a two-alarmer (one normal IT incident, and one forensic incident), how should they prioritize? That can be messy.

What kind of time constraints are you under? Is it enough to have a team up and running in a year or so? If not, you may need to consider alternative ways, at least for the first year, while you get the wanted in-house organization in place.

Hello

If you send me an email to shannon@paraben.com I can send you some write ups on best practices and some links to other sites that provide similar information.

Hi Anuar,

If you share your contact details or mail me your details. we can take it offline.

Regards,
Narayanan

Hi Mr. Narayanan. i already sent you the email. thank you

Hello

If you send me an email to shannon@paraben.com I can send you some write ups on best practices and some links to other sites that provide similar information.

hello shannon. i already sent u the email. thank you for your help )

If you have a background in technology, forensics is something that can be picked up gradually. But in your immediate situation i would focus on learning the basics (in no particular order)

1. Data Integrity - for all investigations, knowing how to preserve evidence is crucial in your situation. Know how to acquire without modifying the data with correct tools and procedures.

2. Legal - get input and guidance from your legal team on what you can and cannot do.

3. Read - tons of whitepapers on this website also at NIST, SANS.org, http//www.dfir.training and other locations with guidance on forensic best practices and also how to build a team.

4. Get help - training or temporary consulting services can help you get started.

5. Tools - best to know what you want to do before you start buying things. Lots of tools, lots of opinions on which is best for the job.

Good luck.

hi. thank you for your helps. in your opinion, is it better to have in-house incident response team or just outsources it? in term of budget alllocation, which one is more practical? thank you