Whilst a key driver to date for the use of digital forensics has been law enforcement, organizations are increasingly recognizing the role of forensics expertise for ensuring data protection. This is partly due to the fact that the importance of information security within an organization is becoming better understood and more organizations are adopting good information security practices.

Alan Calder, information security expert and CEO of IT Governance, says, "A cyberattack is inevitable. Cyberattacks often come in waves, and digital forensics readiness is a vital element in responding to, and recovering from, that first attack and putting in place improved defenses against the next one".

"Another good reason to use forensics within an organization is to facilitate incident management and identify which files have been affected. Understanding how the malware has infected the system will enable IT managers to close the vulnerability," continues Calder. "Forensics can also be used to identify possible insider misuse of systems or information. Digital forensics is also a key element in implementing and maintaining an effective information security management system (ISMS) as specified by the ISO 27001 Standard."

A forensic readiness policy is mandatory for UK government departments. Forensic readiness has been defined as the ability to collect, preserve, and analyze digital evidence that can be effectively used in any legal matter, security investigation, or disciplinary action in an employment tribunal or court of law.

There is a strong need for developing the general knowledge and skills required to understand the nature of digital forensics. IT Governance, which specializes in information security training and consultancy, has seen considerable growth in the bookings onto its Digital Forensics Foundation training course.

Calder explains, "Any organization should encourage relevant staff to develop digital forensics knowledge. This will allow managers to better appreciate the purpose, importance, and challenges of the domain. At the same time, it will enable them and their team to implement key processes and procedures that are required to ensure that cyber threats are addressed appropriately".

The Digital Forensics Foundation training course provides a complete introduction to digital forensics. The next course is held in London on 2nd February and is led by a highly-qualified computer forensics specialist and expert witness.

Source: IT Governance Ltd.