Hey all,
I am looking to put together a "Digital Forensics Manual" of sorts for our department. Something that can be updated as needed but covers areas like standard operating procedures, best practices, step-by-steps, etc. I know there are a lot of resources out there, and I will be honing in to make it more specific to my division, but wanted to pick all of your brains to see if there are areas that would be pertinent to include or any other ideas.
I was thinking something along the lines of
Standard Operating Procedures
Best Practices Guidelines
Tools How-To
Acquisition - Phones, Computers, Tablets
Analysis
Reports
Are there other areas you think would be beneficial to include? I am just thinking about if we take on a new hire and/or intern it would be something helpful to give them to reference, by no means would it be put in the place of training.
Any thoughts or ideas about resources would be appreciated!
Thanks
-L
SOP manual is good since these documents should be your standard and not change much over time. However for the rest of your points, I would consider using a Wiki like Confluence to make them living live documents. This way, everyone can contribute and update as changes occur or new ideas come up.
Be careful of best intentions going awry. More than once I've seen good forensics GUIDES turned into counter productive check boxes forcibly applied to circumstances inappropriate to the particular analysis or evaluation. Non-technical oversight often cannot differentiate.
Very interested in the concept and I have had thoughts myself about this. If its organisational specific then its more niche. If its foundation practices then it can be more global. Your list seems to cover a lot more than an area, it looks more like a forensics how to complete guide. May be a lot of work and unachievable/unmaintainable. Maybe need to look at static fundamentals then build from there. Just my thoughts but im interested in where it goes.
Tools How-To
Acquisition - Phones, Computers, Tablets
Analysis
Windows Forensics Cookbook
https://
Mobile Forensics Cookbook
https://
Thank you guys for the feedback so far! Watcher - I did think of that a little bit. Obviously no two analysis' are the same…I am thinking it may be more practical to compile scenario specific instances. Like what to do if you come across an encrypted device, etc. I've seen a couple of good best practice flow charts out there I am thinking of incorporating. Hard to determine how specific to get. I am just in the practice where everything new that I do, I document how I have done it. I feel like I could go down a rabbit hole and get lost, but regardless would like to have something with foundational basics.
Another thing I have run into is great resources that I would like to incorporate, but don't want to necessarily "rip" the content from the author. Should I just make sure to cite it? Again, not doing this by any means to publish/profit, just specifically for our division to reference.
I also like the idea of static fundamentals….what are some fundamentals you guys think would be good to include?
THis is a tall order. Start with your most common procedures and build on it.
Hey all,
I am looking to put together a "Digital Forensics Manual" of sorts for our department.
-L
Maybe better to start with what has been done and made public than reinvent the wheel )
More than a dozen SOPs/Manuals here https://