Digital Forensics M...
 
Notifications
Clear all

Digital Forensics Manual

8 Posts
7 Users
0 Likes
708 Views
owl1331
(@owl1331)
Posts: 18
Eminent Member
Topic starter
 

Hey all,

I am looking to put together a "Digital Forensics Manual" of sorts for our department. Something that can be updated as needed but covers areas like standard operating procedures, best practices, step-by-steps, etc. I know there are a lot of resources out there, and I will be honing in to make it more specific to my division, but wanted to pick all of your brains to see if there are areas that would be pertinent to include or any other ideas.

I was thinking something along the lines of

Standard Operating Procedures
Best Practices Guidelines
Tools How-To
Acquisition - Phones, Computers, Tablets
Analysis
Reports

Are there other areas you think would be beneficial to include? I am just thinking about if we take on a new hire and/or intern it would be something helpful to give them to reference, by no means would it be put in the place of training.

Any thoughts or ideas about resources would be appreciated!

Thanks
-L

 
Posted : 26/02/2019 5:52 pm
(@merriora)
Posts: 44
Eminent Member
 

SOP manual is good since these documents should be your standard and not change much over time. However for the rest of your points, I would consider using a Wiki like Confluence to make them living live documents. This way, everyone can contribute and update as changes occur or new ideas come up.

 
Posted : 26/02/2019 6:48 pm
watcher
(@watcher)
Posts: 125
Estimable Member
 

Be careful of best intentions going awry. More than once I've seen good forensics GUIDES turned into counter productive check boxes forcibly applied to circumstances inappropriate to the particular analysis or evaluation. Non-technical oversight often cannot differentiate.

 
Posted : 27/02/2019 4:22 pm
(@tootypeg)
Posts: 173
Estimable Member
 

Very interested in the concept and I have had thoughts myself about this. If its organisational specific then its more niche. If its foundation practices then it can be more global. Your list seems to cover a lot more than an area, it looks more like a forensics how to complete guide. May be a lot of work and unachievable/unmaintainable. Maybe need to look at static fundamentals then build from there. Just my thoughts but im interested in where it goes.

 
Posted : 27/02/2019 6:27 pm
Igor_Michailov
(@igor_michailov)
Posts: 529
Honorable Member
 

Tools How-To
Acquisition - Phones, Computers, Tablets
Analysis

Windows Forensics Cookbook
https://www.packtpub.com/networking-and-servers/windows-forensics-cookbook

Mobile Forensics Cookbook
https://www.packtpub.com/networking-and-servers/mobile-forensics-cookbook

 
Posted : 27/02/2019 6:37 pm
owl1331
(@owl1331)
Posts: 18
Eminent Member
Topic starter
 

Thank you guys for the feedback so far! Watcher - I did think of that a little bit. Obviously no two analysis' are the same…I am thinking it may be more practical to compile scenario specific instances. Like what to do if you come across an encrypted device, etc. I've seen a couple of good best practice flow charts out there I am thinking of incorporating. Hard to determine how specific to get. I am just in the practice where everything new that I do, I document how I have done it. I feel like I could go down a rabbit hole and get lost, but regardless would like to have something with foundational basics.

Another thing I have run into is great resources that I would like to incorporate, but don't want to necessarily "rip" the content from the author. Should I just make sure to cite it? Again, not doing this by any means to publish/profit, just specifically for our division to reference.

I also like the idea of static fundamentals….what are some fundamentals you guys think would be good to include?

 
Posted : 27/02/2019 8:04 pm
pbobby
(@pbobby)
Posts: 239
Estimable Member
 

THis is a tall order. Start with your most common procedures and build on it.

 
Posted : 28/02/2019 1:45 am
bshavers
(@bshavers)
Posts: 210
Estimable Member
 

Hey all,

I am looking to put together a "Digital Forensics Manual" of sorts for our department.
-L

Maybe better to start with what has been done and made public than reinvent the wheel )
More than a dozen SOPs/Manuals here https://www.dfir.training/index.php/policy

 
Posted : 04/03/2019 5:44 am
Share: