the needs for forensic readiness in the organization?

I want to know should forensic readiness be implemented in the organization and what suitable situation it should be implement?

It should be implemented in situation in which failure to get needed results from a forensic examination (regardless of who performs it) is viewed as a threat.

Start there what failures to investigate incident would get you fired? Failure to investigate adware on a laptop? Or failure to find out who accessed product plans for the next year?

Start where it really hurts.

It should not be confused with incident response – it's closely related, and there's some overlap, in the sense that failure to do timely IR may lead to failure to perform a forensic investigation. Nor should it be confused with Incident Detection/Discovery – although again, there may be some overlap ID often relies on the kind of data required by a forensic investigation. The NIST document cited by another poster muddles the picture somewhat it covers a much larger area (forensic capability). Section 2.4.3 comes fairly close to what I regard as basic Forensic Readiness, though.

For example, if you work in a company where IP is the crown jewels, any failure to investigate incidents regarding IP would probably be a threat. So are logs configured, extracted, archived? do you have a reliable source of time for those logs? do the logs use a common timestamp format, or do you have UTC in one log, and local time in another? do you avoid using group accounts, so that you can trace access to an individual, do you save key personnel HD drives when they leave, just in case they will be need to be examined later when it is found that that key person now works for a competing company? and so on and so forth. Many of the recommendations in most system hardening instructions (particularly regarding access and logging) are usually highly relevant for FR.

Forensic readiness is (to me) knowing what information you will need in important forensic examinations, and ensuring you have that information ready with a minimum of fuss, when you do need it.

It also touches on knowing how any necessary forensic investigation will be performed. Not necessarily in-house … but you know who to turn to before you have to do so.

Thank you Sir for guidance.

I want to know should forensic readiness be implemented in the organization and what suitable situation it should be implement?

You're gonna hear "yes" in this group. If you want some reading material that might be helpful, I suggest to read NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response (PDF) as a starting point to educate yourself on forensics as a process and perhaps later get into the technology that supports it. Its one of many documents that will help you decide, but its one I like to go to often.

NIST's 800.86 is a good start indeed.

My recommendation would be

IAAC's Digital Evidence, Digital Investigations and E-Disclosure
A Guide to Forensic Readiness for Organisations, Security Advisers and Lawyers

Thank you Sir for your recommendation!
I want to ask about IAAC. I have look out at previous study related to IAAC because to collect some benchmarks and information to put into forensic readiness implementation in my company. I discover that not many company use IAAC. Did IAAC just used in some places or the organization did not aware the existing roles of IAAC?