Verfügbarkeit: Digital forensics processing and procedures :

Digital forensics processing and procedures :: meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements /

This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital for...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Watson, David (David Lilburn)
Weitere Verfasser:	Jones, Andrew
Format:	Elektronisch E-Book
Sprache:	English
Veröffentlicht:	Amsterdam ; Boston : Syngress, 2013.
Schlagworte:	Computer crimes > Investigation. Evidence preservation > Standards. Forensic sciences > Standards. Computer science. Electronic data processing. Criminalité informatique > Enquêtes. Preuve (Droit pénal) > Conservation > Normes. Criminalistique > Normes. Informatique. computer science. data processing. Electronic data processing Computer crimes > Investigation Computer science
Online-Zugang:	Volltext Volltext
Zusammenfassung:	This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab. A step-by-step guide to designing, building and using a digital forensics lab. A comprehensive guide for all roles in a digital forensics laboratoryBased on international standards and certifications.
Beschreibung:	1 online resource
Bibliographie:	Includes bibliographical references and index.
ISBN:	1299833144 9781299833142 9781597497459 1597497452

Internformat

MARC


LEADER	00000cam a2200000Ma 4500
001	ZDB-4-EBA-ocn857712561
003	OCoLC
005	20241004212047.0
006	m o d
007	cr \|n\|\|\|\|\|\|\|\|\|
008	130906s2013 ne ob 001 0 eng d
040			\|a IDEBK \|b eng \|e pn \|c IDEBK \|d OCLCQ \|d OPELS \|d E7B \|d OCLCQ \|d UIU \|d OCLCQ \|d COO \|d OCLCQ \|d AZK \|d AGLDB \|d K6U \|d Z5A \|d PIFAG \|d FVL \|d LIV \|d OCLCQ \|d U3W \|d STF \|d OCLCF \|d D6H \|d TOF \|d OCLCQ \|d TKN \|d UKAHL \|d BRF \|d OCLCO \|d OCL \|d QGK \|d OCLCQ \|d OCLCO \|d OCLCL \|d SXB \|d OCLCQ
019			\|a 961574910 \|a 1259256646
020			\|a 1299833144 \|q (electronic bk.)
020			\|a 9781299833142 \|q (electronic bk.)
020			\|a 9781597497459 \|q (e-book)
020			\|a 1597497452 \|q (e-book)
020			\|z 9781597497428
020			\|z 1597497428
035			\|a (OCoLC)857712561 \|z (OCoLC)961574910 \|z (OCoLC)1259256646
037			\|a 514565 \|b MIL
050		4	\|a HV8079.C65 \|b W38 2013
082	7		\|a 363.250285 \|2 23
049			\|a MAIN
100	1		\|a Watson, David \|q (David Lilburn) \|1 https://id.oclc.org/worldcat/entity/E39PCjtkpGQ9Xgkd9wWQWbd4v3 \|0 http://id.loc.gov/authorities/names/n2013032300
245	1	0	\|a Digital forensics processing and procedures : \|b meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements / \|c David Watson, Andrew Jones.
260			\|a Amsterdam ; \|a Boston : \|b Syngress, \|c 2013.
300			\|a 1 online resource
336			\|a text \|b txt \|2 rdacontent
337			\|a computer \|b c \|2 rdamedia
338			\|a online resource \|b cr \|2 rdacarrier
347			\|a text file
504			\|a Includes bibliographical references and index.
520			\|a This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab. A step-by-step guide to designing, building and using a digital forensics lab. A comprehensive guide for all roles in a digital forensics laboratoryBased on international standards and certifications.
588	0		\|a Print version record.
505	0	0	\|g Machine generated contents note: \|g 1. \|t Introduction -- \|g 1.1. \|t Introduction -- \|g Appendix 1 \|t Some Types of Cases Involving Digital Forensics -- \|g Appendix 2 \|t Growth of Hard Disk Drives for Personal Computers -- \|g Appendix 3 \|t Disk Drive Size Nomenclature -- \|g 2. \|t Forensic Laboratory Accommodation -- \|g 2.1. \|t The Building -- \|g 2.2. \|t Protecting Against External and Environmental Threats -- \|g 2.3. \|t Utilities and Services -- \|g 2.4. \|t Physical Security -- \|g 2.5. \|t Layout of the Forensic Laboratory -- \|g Appendix 1 \|t Sample Outline for a Business Case -- \|g Appendix 2 \|t Forensic Laboratory Physical Security Policy -- \|g 3. \|t Setting up the Forensic Laboratory -- \|g 3.1. \|t Setting up the Forensic Laboratory -- \|g Appendix 1 \|t The Forensic Laboratory ToR -- \|g Appendix 2 \|t Cross Reference between ISO 9001 and ISO 17025 -- \|g Appendix 3 \|t Conflict of Interest Policy -- \|g Appendix 4 \|t Quality Policy -- \|g 4. \|t The Forensic Laboratory Integrated Management System -- \|g 4.1. \|t Introduction -- \|g 4.2. \|t Benefits -- \|g 4.3. \|t The Forensic Laboratory IMS -- \|g 4.4. \|t The Forensic Laboratory Policies -- \|g 4.5. \|t Planning -- \|g 4.6. \|t Implementation and Operation -- \|g 4.7. \|t Performance Assessment -- \|g 4.8. \|t Continuous Improvement -- \|g 4.9. \|t Management Reviews -- \|g Appendix 1 \|t Mapping ISO Guide 72 Requirements to PAS 99 -- \|g Appendix 2 \|t PAS 99 Glossary -- \|g Appendix 3 \|t PAS 99 Mapping to IMS Procedures -- \|g Appendix 4 \|t The Forensic Laboratory Goal Statement -- \|g Appendix 5 \|t The Forensic Laboratory Baseline Measures -- \|g Appendix 6 \|t Environment Policy -- \|g Appendix 7 \|t Health and Safety Policy -- \|g Appendix 8 \|t Undue Influene Policy -- \|g Appendix 9 \|t Business Continuity Policy -- \|g Appendix 10 \|t Information Security Policy -- \|g Appendix 11 \|t Access Control Policy -- \|g Appendix 12 \|t Change or Termination Policy -- \|g Appendix 13 \|t Clear Desk and Clear Screen Policy -- \|g Appendix 14 \|t Continuous Improvement Policy -- \|g Appendix 15 \|t Cryptographic Control Policy -- \|g Appendix 16 \|t Document Retention Policy -- \|g Appendix 17 \|t Financial Management Policy -- \|g Appendix 18 \|t Mobile Devices Policy -- \|g Appendix 19 \|t Network Service Policy -- \|g Appendix 20 \|t Personnel Screening Policy -- \|g Appendix 21 \|t Relationship Management Policy -- \|g Appendix 22 \|t Release Management Policy -- \|g Appendix 23 \|t Service Management Policy -- \|g Appendix 24 \|t Service Reporting Policy -- \|g Appendix 25 \|t Third-Party Access Control Policy -- \|g Appendix 26 \|t Acceptable use Policy -- \|g Appendix 27 \|t Audit Committee -- \|g Appendix 28 \|t Business Continuity Committee -- \|g Appendix 29 \|t Environment Committee -- \|g Appendix 30 \|t Health and Safety Committee -- \|g Appendix 31 \|t Information Security Committee -- \|g Appendix 32 \|t Quality Committee -- \|g Appendix 33 \|t Risk Committee -- \|g Appendix 34 \|t Service Delivery Committee -- \|g Appendix 35 \|t Whistle Blowing Policy -- \|g Appendix 36 \|t Management Review Agenda -- \|g Appendix 37 \|t Document Control Checklist -- \|g Appendix 38 \|t Document Metadata -- \|g Appendix 39 \|t File-Naming Standards -- \|g Appendix 40 \|t Watermarks in Use in the Forensic Laboratory -- \|g Appendix 41 \|t Document Review Form -- \|g Appendix 42 \|t IMS Calendar -- \|g Appendix 43 \|t Audit Plan Letter -- \|g Appendix 44 \|t Audit Reporting Form -- \|g Appendix 45 \|t CAR/PAR Form -- \|g Appendix 46 \|t Opening Meeting Agenda -- \|g Appendix 47 \|t Closing Meeting Agenda -- \|g Appendix 48 \|t Audit Report Template -- \|g Appendix 49 \|t Root Causes for Non-Conformity -- \|g 5. \|t Risk Management -- \|g 5.1. \|t A Short History of Risk Management -- \|g 5.2. \|t An Information Security Risk Management Framework -- \|g 5.3. \|t Framework Stage 1 -- ISMS Policy -- \|g 5.4. \|t Framework Stage 2: Planning, Resourcing, and Communication -- \|g 5.5. \|t Framework Stage 3: Information Security Risk Management Process -- \|g 5.6. \|t Framework Stage 4: Implementation and Operational Procedures -- \|g 5.7. \|t Framework Stage 5: Follow-up Procedures -- \|g Appendix 1 \|t Sample Communication Plan -- \|g Appendix 2 \|t Sample Information Security Plan -- \|g Appendix 3 \|t Asset Type Examples -- \|g Appendix 4 \|t Asset Values -- \|g Appendix 5 \|t Consequences Table -- \|g Appendix 6 \|t Some Common Business Risks -- \|g Appendix 7 \|t Some Common Project Risks -- \|g Appendix 8 \|t Security Threat Examples -- \|g Appendix 9 \|t Common Security Vulnerabilities -- \|g Appendix 10 \|t Risk Management Policy -- \|g Appendix 11 \|t The IMS and ISMS Scope Document -- \|g Appendix 12 \|t Criticality Ratings -- \|g Appendix 13 \|t Likelihood of Occurrence -- \|g Appendix 14 \|t Risk Appetite -- \|g Appendix 15 \|t Security Controls from CobIT and NIST 800-53 -- \|g Appendix 16 \|t Information Classification -- \|g Appendix 17 \|t The Corporate Risk Register -- \|g Appendix 18 \|t Comparison between Qualitative and Quantitative Methods -- \|g Appendix 19 \|t Mapping Control Functions to ISO 27001 -- \|g Appendix 20 \|t Mapping Security Concerns to ISO 27001 -- \|g Appendix 21 \|t SoA Template -- \|g Appendix 22 \|t The Forensic Laboratory's Security Metrics Report -- \|g Appendix 23 \|t Mapping ISO 31000 and ISO 27001 to IMS Procedures -- \|g 6. \|t Quality in the Forensic Laboratory -- \|g 6.1. \|t Quality and Good Laboratory Practice -- \|g 6.2. \|t Management Requirements for Operating the Forensic Laboratory -- \|g 6.3. \|t ISO 9001 for the Forensic Laboratory -- \|g 6.4. \|t The Forensic Laboratory's QMS -- \|g 6.5. \|t Responsibilities in the QMS -- \|g 6.6. \|t Managing Sales -- \|g 6.7. \|t Product and Service Realization -- \|g 6.8. \|t Reviewing Deliverables -- \|g 6.9. \|t Signing Off a Case -- \|g 6.10. \|t Archiving a Case -- \|g 6.11. \|t Maintaining Client Confidentiality -- \|g 6.12. \|t Technical Requirements for the Forensic Laboratory -- \|g 6.13. \|t Measurement, Analysis, and Improvement -- \|g 6.14. \|t Managing Client Complaints -- \|g Appendix 1 \|t Mapping ISO 9001 to IMS Procedures -- \|g Appendix 2 \|t Mapping ISO 17025 to IMS Procedures -- \|g Appendix 3 \|t Mapping SWGDE Quality Requirements to IMS Procedures -- \|g Appendix 4 \|t Mapping NIST-150 Quality Requirements to IMS Procedures -- \|g Appendix 5 \|t Mapping ENFSI Quality Requirements to IMS Procedures -- \|g Appendix 6 \|t Mapping FSR Quality Requirements to IMS Procedures -- \|g Appendix 7 \|t Quality Manager, Job Description -- \|g Appendix 8 \|t Business Plan Template -- \|g Appendix 9 \|t Business KPIs -- \|g Appendix 10 \|t Quality Plan Contents -- \|g Appendix 11 \|t Induction Checklist Contents -- \|g Appendix 12 \|t Induction Feedback -- \|g Appendix 13 \|t Standard Proposal Template -- \|g Appendix 14 \|t Issues to Consider for Case Processing -- \|g Appendix 15 \|t Standard Quotation Contents -- \|g Appendix 16 \|t Standard Terms and Conditions -- \|g Appendix 17 \|t ERMS Client Areas -- \|g Appendix 18 \|t Cost Estimation Spreadsheet -- \|g Appendix 19 \|t Draft Review Form -- \|g Appendix 20 \|t Client Sign-Off and Feedback Form -- \|g Appendix 21 \|t Information Required for Registering a Complaint -- \|g Appendix 22 \|t Complaint Resolution Timescales -- \|g Appendix 23 \|t Complaint Metrics -- \|g Appendix 24 \|t Laboratory Manager, Job Description -- \|g Appendix 25 \|t Forensic Analyst, Job Description -- \|g Appendix 26 \|t Training Agenda -- \|g Appendix 27 \|t Some Individual Forensic Certifications -- \|g Appendix 28 \|t Minimum Equipment Records Required by ISO 17025 -- \|g Appendix 29 \|t Reference Case Tests -- \|g Appendix 30 \|t ISO 17025 Reporting Requirements -- \|g Appendix 31 \|t Standard Forensic Laboratory Report -- \|g 7. \|t IT Infrastructure -- \|g 7.1. \|t Hardware -- \|g 7.2. \|t Software -- \|g 7.3. \|t Infrastructure -- \|g 7.4. \|t Process Management -- \|g 7.5. \|t Hardware Management -- \|g 7.6. \|t Software Management -- \|g 7.7. \|t Network Management -- \|g Appendix 1 \|t Some Forensic Workstation Providers -- \|g Appendix 2 \|t Some Mobile Forensic Workstation Providers -- \|g Appendix 3 \|t Standard Build for a Forensic Workstation -- \|g Appendix 4 \|t Some Case Processing Tools -- \|g Appendix 5 \|t Policy for Securing IT Cabling -- \|g Appendix 6 \|t Policy for Siting and Protecting IT Equipment -- \|g Appendix 7 \|t ISO 20000-1 Mapping -- \|g Appendix 8 \|t Service Desk Manager, Job Description -- \|g Appendix 9 \|t Incident Manager, Job Description -- \|g Appendix 10 \|t Incident Status Levels -- \|g Appendix 11 \|t Incident Priority Levels -- \|g Appendix 12 \|t Service Desk Feedback Form -- \|g Appendix 13 \|t Problem Manager, Job Description -- \|g Appendix 14 \|t Contents of the Forensic Laboratory SIP -- \|g Appendix 15 \|t Change Categories -- \|g Appendix 16 \|t Change Manager, Job Description -- \|g Appendix 17 \|t Standard Requirements of a Request for Change -- \|g Appendix 18 \|t Emergency Change Policy -- \|g Appendix 19 \|t Release Management Policy -- \|g Appendix 20 \|t Release Manager, Job Description -- \|g Appendix 21 \|t Configuration Management Plan Contents -- \|g Appendix 22 \|t Configuration Management Policy -- \|g Appendix 23 \|t Configuration Manager, Job Description -- \|g Appendix 24 \|t Information Stored in the DSL and DHL -- \|g Appendix 25 \|t Capacity Manager, Job Description -- \|g Appendix 26 \|t Capacity Management Plan -- \|g Appendix 27 \|t Service Management Policy
505	0	0	\|t -- \|g Appendix 28 \|t Service Level Manager, Job Description -- \|g Appendix 29 \|t Service Reporting Policy -- \|g Appendix 30 \|t Policy for Maintaining and Servicing IT Equipment -- \|g Appendix 31 \|t ISO 17025 Tool Test Method Documentation -- \|g Appendix 32 \|t Standard Forensic Tool Tests -- \|g Appendix 33 \|t Forensic Tool Test Report Template -- \|g Appendix 34 \|t Overnight Backup Checklist -- \|g 8. \|t Incident Response -- \|g 8.1. \|t General -- \|g 8.2. \|t Evidence -- \|g 8.3. \|t Incident Response as a Process -- \|g 8.4. \|t Initial Contact -- \|g 8.5. \|t Types of First Response -- \|g 8.6. \|t The Incident Scene -- \|g 8.7. \|t Transportation to the Forensic Laboratory -- \|g 8.8. \|t Crime Scene and Seizure Reports -- \|g 8.9. \|t Postincident Review -- \|g Appendix 1 \|t Mapping ISO 17020 to IMS Procedures -- \|g Appendix 2 \|t First Response Briefing Agenda -- \|g Appendix 3 \|t Contents of the Grab Bag -- \|g Appendix 4 \|t New Case Form -- \|g Appendix 5 \|t First Responder Seizure Summary Log -- \|g Appendix 6 \|t Site Summary Form -- \|g Appendix 7 \|t Seizure Log -- \|g Appendix 8 \|t Evidence Locations in Devices and Media -- \|g Appendix 9 \|t Types of Evidence Typically Needed for a Case -- \|g Appendix 10 \|t The On/Off Rule.
505	0	0	\|g Note continued: \|g Appendix 11 \|t Some Types of Metadata That may be Recoverable from Digital Images -- \|g Appendix 12 \|t Countries with Different Fixed Line Telephone Connections -- \|g Appendix 13 \|t Some Interview Questions -- \|g Appendix 14 \|t Evidence Labeling -- \|g Appendix 15 \|t Forensic Preview Forms -- \|g Appendix 16 \|t A Traveling Forensic Laboratory -- \|g Appendix 17 \|t Movement Sheet -- \|g Appendix 18 \|t Incident Response Report -- \|g Appendix 19 \|t Postincident Review Agenda -- \|g Appendix 20 \|t Incident Processing Checklist -- \|g 9. \|t Case Processing -- \|g 9.1. \|t Introduction to Case Processing -- \|g 9.2. \|t Case Types -- \|g 9.3. \|t Precase Processing -- \|g 9.4. \|t Equipment Maintenance -- \|g 9.5. \|t Management Processes -- \|g 9.6. \|t Booking Exhibits in and out of the Secure Property Store -- \|g 9.7. \|t Starting a New Case -- \|g 9.8. \|t Preparing the Forensic Workstation -- \|g 9.9. \|t Imaging -- \|g 9.10. \|t Examination -- \|g 9.11. \|t Dual Tool Verification -- \|g 9.12. \|t Digital Time Stamping -- \|g 9.13. \|t Production of an Internal Case Report -- \|g 9.14. \|t Creating Exhibits -- \|g 9.15. \|t Producing a Case Report for External Use -- \|g 9.16. \|t Statements, Depositions, and Similar -- \|g 9.17. \|t Forensic Software Tools -- \|g 9.18. \|t Backing up and Archiving a Case -- \|g 9.19. \|t Disclosure -- \|g 9.20. \|t Disposal -- \|g Appendix 1 \|t Some International Forensic Good Practice -- \|g Appendix 2 \|t Some International and National Standards Relating to Digital Forensics -- \|g Appendix 3 \|t Hard Disk Log Details -- \|g Appendix 4 \|t Disk History Log -- \|g Appendix 5 \|t Tape Log Details -- \|g Appendix 6 \|t Tape History Log -- \|g Appendix 7 \|t Small Digital Media Log Details -- \|g Appendix 8 \|t Small Digital Media Device Log -- \|g Appendix 9 \|t Forensic Case Work Log -- \|g Appendix 10 \|t Case Processing KPIs -- \|g Appendix 11 \|t Contents of Sample Exhibit Rejection Letter -- \|g Appendix 12 \|t Sample Continuity Label Contents -- \|g Appendix 13 \|t Details of the Forensic Laboratory Property Log -- \|g Appendix 14 \|t Exhibit Acceptance Letter Template -- \|g Appendix 15 \|t Property Special Handling Log -- \|g Appendix 16 \|t Evidence Sought -- \|g Appendix 17 \|t Request for Forensic Examination -- \|g Appendix 18 \|t Client Virtual Case File Structure -- \|g Appendix 19 \|t Computer Details Log -- \|g Appendix 20 \|t Other Equipment Details Log -- \|g Appendix 21 \|t Hard Disk Details Log -- \|g Appendix 22 \|t Other Media Details Log -- \|g Appendix 23 \|t Cell Phone Details Log -- \|g Appendix 24 \|t Other Device Details Log -- \|g Appendix 25 \|t Some Evidence Found in Volatile Memory -- \|g Appendix 26 \|t Some File Metadata -- \|g Appendix 27 \|t Case Progress Checklist -- \|g Appendix 28 \|t Meeting the Requirements of HB 171 -- \|g Appendix 29 \|t Internal Case Report Template -- \|g Appendix 30 \|t Forensic Laboratory Exhibit Log -- \|g Appendix 31 \|t Report Production Checklist -- \|g 10. \|t Case Management -- \|g 10.1. \|t Overview -- \|g 10.2. \|t Hard Copy Forms -- \|g 10.3. \|t MARS -- \|g 10.4. \|t Setting up a New Case -- \|g 10.5. \|t Processing a Forensic Case -- \|g 10.6. \|t Reports General -- \|g 10.7. \|t Administrator's Reports -- \|g 10.8. \|t User Reports -- \|g Appendix 1 \|t Setting up Organisational Details -- \|g Appendix 2 \|t Set up the Administrator -- \|g Appendix 3 \|t Audit Reports -- \|g Appendix 4 \|t Manage Users -- \|g Appendix 5 \|t Manage Manufacturers -- \|g Appendix 6 \|t Manage Suppliers -- \|g Appendix 7 \|t Manage Clients -- \|g Appendix 8 \|t Manage Investigators -- \|g Appendix 9 \|t Manage Disks -- \|g Appendix 10 \|t Manage Tapes -- \|g Appendix 11 \|t Manage Small Digital Media -- \|g Appendix 12 \|t Exhibit Details -- \|g Appendix 13 \|t Evidence Sought -- \|g Appendix 14 \|t Estimates -- \|g Appendix 15 \|t Accept or Reject Case -- \|g Appendix 16 \|t Movement Log -- \|g Appendix 17 \|t Examination Log -- \|g Appendix 18 \|t Computer Hardware Details -- \|g Appendix 19 \|t Non-Computer Exhibit Details -- \|g Appendix 20 \|t Hard Disk Details -- \|g Appendix 21 \|t Other Media Details -- \|g Appendix 22 \|t Work Record Details -- \|g Appendix 23 \|t Updating Case Estimates -- \|g Appendix 24 \|t Create Exhibit -- \|g Appendix 25 \|t Case Result -- \|g Appendix 26 \|t Case Backup -- \|g Appendix 27 \|t Billing and Feedback -- \|g Appendix 28 \|t Feedback Received -- \|g Appendix 29 \|t Organization Report -- \|g Appendix 30 \|t Users Report -- \|g Appendix 31 \|t Manufacturers Report -- \|g Appendix 32 \|t Supplier Report -- \|g Appendix 33 \|t Clients Report -- \|g Appendix 34 \|t Investigator's Report -- \|g Appendix 35 \|t Disks by Assignment Report -- \|g Appendix 36 \|t Disks by Reference Number Report -- \|g Appendix 37 \|t Wiped Disks Report -- \|g Appendix 38 \|t Disposed Disks Report -- \|g Appendix 39 \|t Disk History Report -- \|g Appendix 40 \|t Tapes by Assignment Report -- \|g Appendix 41 \|t Tapes by Reference Number Report -- \|g Appendix 42 \|t Wiped Tapes Report -- \|g Appendix 43 \|t Disposed Tapes Report -- \|g Appendix 44 \|t Tape History Report -- \|g Appendix 45 \|t Small Digital Media by Assignment Report -- \|g Appendix 46 \|t Small Digital Media by Reference Number Report -- \|g Appendix 47 \|t Wiped Small Digital Media Report -- \|g Appendix 48 \|t Disposed Small Digital Media Report -- \|g Appendix 49 \|t Small Digital Media History Report -- \|g Appendix 50 \|t Wipe Methods Report -- \|g Appendix 51 \|t Disposal Methods Report -- \|g Appendix 52 \|t Imaging Methods Report -- \|g Appendix 53 \|t Operating Systems Report -- \|g Appendix 54 \|t Media Types Report -- \|g Appendix 55 \|t Exhibit Type Report -- \|g Appendix 56 \|t Case Setup Details Report -- \|g Appendix 57 \|t Case Movement Report -- \|g Appendix 58 \|t Case Computers Report -- \|g Appendix 59 \|t Case Non-Computer Evidence Report -- \|g Appendix 60 \|t Case Disks Received Report -- \|g Appendix 61 \|t Case Other Media Received -- \|g Appendix 62 \|t Case Exhibits Received Report -- \|g Appendix 63 \|t Case Work Record -- \|g Appendix 64 \|t Cases Rejected Report -- \|g Appendix 65 \|t Cases Accepted -- \|g Appendix 66 \|t Case Estimates Report -- \|g Appendix 67 \|t Cases by Forensic Analyst -- \|g Appendix 68 \|t Cases by Client Report -- \|g Appendix 69 \|t Cases by Investigator Report -- \|g Appendix 70 \|t Case Target Dates Report -- \|g Appendix 71 \|t Cases Within "x" Days of Target Date Report -- \|g Appendix 72 \|t Cases Past Target Date Report -- \|g Appendix 73 \|t Cases Unassigned Report -- \|g Appendix 74 \|t Case Exhibits Produced Report -- \|g Appendix 75 \|t Case Results Report -- \|g Appendix 76 \|t Case Backups Report -- \|g Appendix 77 \|t Billing Run Report -- \|g Appendix 78 \|t Feedback Letters -- \|g Appendix 79 \|t Feedback Forms Printout -- \|g Appendix 80 \|t Feedback Reporting Summary by Case -- \|g Appendix 81 \|t Feedback Reporting Summary by Forensic Analyst -- \|g Appendix 82 \|t Feedback Reporting Summary by Client -- \|g Appendix 83 \|t Complete Case Report -- \|g Appendix 84 \|t Processed Report -- \|g Appendix 85 \|t Insurance Report -- \|g 11. \|t Evidence Presentation -- \|g 11.1. \|t Overview -- \|g 11.2. \|t Notes -- \|g 11.3. \|t Evidence -- \|g 11.4. \|t Types of Witness -- \|g 11.5. \|t Reports -- \|g 11.6. \|t Testimony in Court -- \|g 11.7. \|t Why Cases Fail -- \|g Appendix 1 \|t Nations Ratifying the Budapest Convention -- \|g Appendix 2 \|t Criteria for Selection an Expert Witness -- \|g Appendix 3 \|t The Forensic Laboratory Code of Conduct for Expert Witnesses -- \|g Appendix 4 \|t Report Writing Checklist -- \|g Appendix 5 \|t Statement and Deposition Writing Checklist -- \|g Appendix 6 \|t Non-Verbal Communication to Avoid -- \|g Appendix 7 \|t Etiquette in Court -- \|g Appendix 8 \|t Testimony Feedback Form -- \|g 12. \|t Secure Working Practices -- \|g 12.1. \|t Introduction -- \|g 12.2. \|t Principles of Information Security within the Forensic Laboratory -- \|g 12.3. \|t Managing Information Security in the Forensic Laboratory -- \|g 12.4. \|t Physical Security in the Forensic Laboratory -- \|g 12.5. \|t Managing Service Delivery -- \|g 12.6. \|t Managing System Access -- \|g 12.7. \|t Managing Information on Public Systems -- \|g 12.8. \|t Securely Managing IT Systems -- \|g 12.9. \|t Information Processing Systems Development and Maintenance -- \|g Appendix 1 \|t The Forensic Laboratory SoA -- \|g Appendix 2 \|t Meeting the Requirements of GAISP -- \|g Appendix 3 \|t Software License Database Information Held -- \|g Appendix 4 \|t Information Security Manager, Job Description -- \|g Appendix 5 \|t Logon Banner -- \|g Appendix 6 \|t The Forensic Laboratory's Security Objectives -- \|g Appendix 7 \|t Asset Details to be Recorded in the Asset Register -- \|g Appendix 8 \|t Details Required for Removal of an Asset -- \|g Appendix 9 \|t Handling Classified Assets -- \|g Appendix 10 \|t Asset Disposal Form -- \|g Appendix 11 \|t Visitor Checklist -- \|g Appendix 12 \|t Rules of the Data Center -- \|g Appendix 13 \|t User Account Management Form Contents -- \|g Appendix 14 \|t Teleworking Request Form Contents -- \|g 13. \|t Ensuring Continuity of Operations -- \|g 13.1. \|t Business Justification for Ensuring Continuity of Operations -- \|g 13.2. \|t Management Commitment -- \|g 13.3. \|t Training and Competence -- \|g 13.4. \|t Determining the Business Continuity Strategy -- \|g 13.5. \|t Developing and Implementing a Business Continuity Management Response -- \|g 13.6. \|t Exercising, Maintaining, and Reviewing Business Continuity
505	0	0	\|t Arrangements -- \|g 13.7. \|t Maintaining and Improving the BCMS -- \|g 13.8. \|t Embedding Business Continuity Forensic Laboratory Processes -- \|g 13.9. \|t BCMS Documentation and Records -- General -- \|g Appendix 1 \|t Supplier Details Held -- \|g Appendix 2 \|t Headings for Financial and Security Questionnaire -- \|g Appendix 3 \|t Business Continuity Manager, Job Description -- \|g Appendix 4 \|t Contents of the Forensic Laboratory BIA Form -- \|g Appendix 5 \|t Proposed BCMS Development and Certification Timescales -- \|g Appendix 6 \|t Incident Scenarios -- \|g Appendix 7 \|t Strategy Options -- \|g Appendix 8 \|t Standard Forensic Laboratory BCP Contents -- \|g Appendix 9 \|t Table of Contents to the Appendix to a BCP -- \|g Appendix 10 \|t BCP Change List Contents -- \|g Appendix 11 \|t BCP Scenario Plan Contents -- \|g Appendix 12 \|t BCP Review Report Template Contents -- \|g Appendix 13 \|t Mapping IMS Procedures to ISO 22301 -- \|g Appendix 14 \|t Differences between ISO 22301 and BS 25999 -- \|g 14. \|t Managing Business Relationships -- \|g 14.1. \|t The Need for Third Parties -- \|g 14.2. \|t Clients -- \|g 14.3. \|t Third Parties Accessing the Forensic Laboratory.
505	0	0	\|g Note continued: \|g 14.4. \|t Managing Service Level Agreements -- \|g 14.5. \|t Suppliers of Office and IT Products and Services -- \|g 14.6. \|t Utility Service Providers -- \|g 14.7. \|t Contracted Forensic Consultants and Expert Witnesses -- \|g 14.8. \|t Outsourcing -- \|g 14.9. \|t Use of Sub-Contractors -- \|g 14.10. \|t Managing Complaints -- \|g 14.11. \|t Reasons for Outsourcing Failure -- \|g Appendix 1 \|t Contents of a Service Plan -- \|g Appendix 2 \|t Risks to Consider with Third Parties -- \|g Appendix 3 \|t Contract Checklist for Information Security Issues -- \|g Appendix 4 \|t SLA Template for Products and Services for Clients -- \|g Appendix 5 \|t RFx Descriptions -- \|g Appendix 6 \|t The Forensic Laboratory RFx Template Checklist -- \|g Appendix 7 \|t RFx Timeline for Response, Evaluation, and Selection -- \|g Appendix 8 \|t Forensic Consultant's Personal Attributes -- \|g Appendix 9 \|t Some Tips for Selecting an Outsourcing Service Provider -- \|g Appendix 10 \|t Areas to Consider for Outsourcing Contracts -- \|g 15. \|t Effective Records Management -- \|g 15.1. \|t Introduction -- \|g 15.2. \|t Legislative, Regulatory, and Other Requirements -- \|g 15.3. \|t Record Characteristics -- \|g 15.4. \|t A Records Management Policy -- \|g 15.5. \|t Defining the Requirements for Records Management in the Forensic Laboratory -- \|g 15.6. \|t Determining Forensic Laboratory Records to be Managed by the ERMS -- \|g 15.7. \|t Using Metadata in the Forensic Laboratory -- \|g 15.8. \|t Record Management Procedures -- \|g 15.9. \|t Business Continuity -- \|g Appendix 1 \|t MoReq2 Functional Requirements -- \|g Appendix 2 \|t Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures -- \|g Appendix 3 \|t Types of Legislation and Regulation that will Affect Record Keeping -- \|g Appendix 4 \|t Forensic Laboratory Record Keeping Policy -- \|g Appendix 5 \|t Record Management System Objectives -- \|g Appendix 6 \|t Business Case Contents -- \|g Appendix 7 \|t Outline of the ERMS Project -- \|g Appendix 8 \|t Selection Criteria for an ERMS -- \|g Appendix 9 \|t Initial ERMS Feedback Questionnaire -- \|g Appendix 10 \|t Metadata Required in the ERMS -- \|g Appendix 11 \|t Sample E-mail Metadata -- \|g Appendix 12 \|t Forensic Case Records Stored in the ERMS -- \|g Appendix 13 \|t Dublin Core Metadata Elements -- \|g Appendix 14 \|t National Archives of Australia Metadata Standard -- \|g Appendix 15 \|t Responsibilities for Records Management in the Forensic Laboratory -- \|g Appendix 16 \|t Metadata for Records Stored Off-Site -- \|g Appendix 17 \|t Records Classification System -- \|g Appendix 18 \|t Disposition Authorization -- \|g Appendix 19 \|t Additional Requirements for Physical Record Recovery -- \|g Appendix 20 \|t Specialized Equipment Needed for Inspection and Recovery of Damaged Records -- \|g 16. \|t Performance Assessment -- \|g 16.1. \|t Overview -- \|g 16.2. \|t Performance Assessment -- \|g 17. \|t Health and Safety Procedures -- \|g 17.1. \|t General -- \|g 17.2. \|t Planning for OH & S -- \|g 17.3. \|t Implementation and Operation of the OH & S Management System -- \|g 17.4. \|t Checking Compliance with OH & S Requirements -- \|g 17.5. \|t Improving the OH & S Management System -- \|g Appendix 1 \|t OH & S Policy Checklist -- \|g Appendix 2 \|t The Forensic Laboratory OH & S Policy -- \|g Appendix 3 \|t Health and Safety Manager Job Description -- \|g Appendix 4 \|t Some Examples of OH & S Drivers -- \|g Appendix 5 \|t The Forensic Laboratory OH & S Objectives -- \|g Appendix 6 \|t Sample Hazards in the Forensic Laboratory -- \|g Appendix 7 \|t Hazard Identification Form -- \|g Appendix 8 \|t Some Areas for Inspection for Hazards -- \|g Appendix 9 \|t Inputs to the Risk Assessment Process -- \|g Appendix 10 \|t OH & S Risk Rating -- \|g Appendix 11 \|t DSE Initial Workstation Self-Assessment Checklist -- \|g Appendix 12 \|t DSE Training Syllabus -- \|g Appendix 13 \|t DSE Assessors Checklist -- \|g Appendix 14 \|t Measurement of OH & S Success -- \|g Appendix 15 \|t Specific OH & S Incident Reporting Requirements -- \|g Appendix 16 \|t OH & S Investigation Checklist and Form Contents -- \|g Appendix 17 \|t OH & S Incident Review -- \|g Appendix 18 \|t OHSAS 18001 Mapping to IMS Procedures -- \|g 18. \|t Human Resources -- \|g 18.1. \|t Employee Development -- \|g 18.2. \|t Development -- \|g 18.3. \|t Termination -- \|g Appendix 1 \|t Training Feedback Form -- \|g Appendix 2 \|t Employee Security Screening Policy Checklist -- \|g Appendix 3 \|t Employment Application Form -- \|g Appendix 4 \|t Employment Application Form Notes -- \|g Appendix 5 \|t Some Documents that can Verify Identity -- \|g Appendix 6 \|t Document Authenticity Checklist -- \|g Appendix 7 \|t Verifying Addresses -- \|g Appendix 8 \|t Right to Work Checklist -- \|g Appendix 9 \|t Reference Authorization -- \|g Appendix 10 \|t Statutory Declaration -- \|g Appendix 11 \|t Employer Reference Form -- \|g Appendix 12 \|t Employer's Oral Reference Form -- \|g Appendix 13 \|t Confirmation of an Oral Reference Letter -- \|g Appendix 14 \|t Qualification Verification Checklist -- \|g Appendix 15 \|t Criminal Record Declaration Checklist -- \|g Appendix 16 \|t Personal Reference Form -- \|g Appendix 17 \|t Personal Oral Reference Form -- \|g Appendix 18 \|t Other Reference Form -- \|g Appendix 19 \|t Other Reference Form -- \|g Appendix 20 \|t Employee Security Screening File -- \|g Appendix 21 \|t Top Management Acceptance of Employment Risk -- \|g Appendix 22 \|t Third-Party Employee Security Screening Provider Checklist -- \|g Appendix 23 \|t Recruitment Agency Contract Checklist -- \|g Appendix 24 \|t Investigation Manager, Job Description -- \|g Appendix 25 \|t Forensic Laboratory System Administrator, Job Description -- \|g Appendix 26 \|t Employee, Job Description -- \|g Appendix 27 \|t Areas of Technical Competence -- \|g Appendix 28 \|t Some Professional Forensic and Security Organizations -- \|g Appendix 29 \|t Training Specification Template -- \|g Appendix 30 \|t Training Proposal Evaluation Checklist -- \|g Appendix 31 \|t Training Supplier Interview and Presentation Checklist -- \|g Appendix 32 \|t Training Reaction Level Questionnaire -- \|g Appendix 33 \|t The Forensic Laboratory Code of Ethics -- \|g Appendix 34 \|t Termination Checklist -- \|g 19. \|t Accreditation and Certification for a Forensic Laboratory -- \|g 19.1. \|t Accreditation and Certification -- \|g 19.2. \|t Accreditation for a Forensic Laboratory -- \|g 19.3. \|t Certification for a Forensic Laboratory -- \|g Appendix 1 \|t Typical Conditions of Accreditation -- \|g Appendix 2 \|t Contents of an Audit Response -- \|g Appendix 3 \|t Management System Assessment Non-Conformance Examples -- \|g Appendix 4 \|t Typical Closeout Periods -- \|g 20. \|t Emerging Issues -- \|g 20.1. \|t Introduction -- \|g 20.2. \|t Specific Challenges.
546			\|a English.
650		0	\|a Computer crimes \|x Investigation. \|0 http://id.loc.gov/authorities/subjects/sh85029493
650		0	\|a Evidence preservation \|x Standards.
650		0	\|a Forensic sciences \|x Standards.
650		0	\|a Computer science. \|0 http://id.loc.gov/authorities/subjects/sh89003285
650		0	\|a Electronic data processing. \|0 http://id.loc.gov/authorities/subjects/sh85042288
650		6	\|a Criminalité informatique \|x Enquêtes.
650		6	\|a Preuve (Droit pénal) \|x Conservation \|x Normes.
650		6	\|a Criminalistique \|x Normes.
650		6	\|a Informatique.
650		7	\|a computer science. \|2 aat
650		7	\|a data processing. \|2 aat
650		7	\|a Electronic data processing \|2 fast
650		7	\|a Computer crimes \|x Investigation \|2 fast
650		7	\|a Computer science \|2 fast
700	1		\|a Jones, Andrew.
776	0	8	\|i Print version: \|z 9781597497428
856	4	0	\|l FWS01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=485049 \|3 Volltext
856	4	0	\|l FWS01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://www.sciencedirect.com/science/book/9781597497428 \|3 Volltext
938			\|a Askews and Holts Library Services \|b ASKH \|n AH25553690
938			\|a ebrary \|b EBRY \|n ebr10755369
938			\|a ProQuest MyiLibrary Digital eBook Collection \|b IDEB \|n cis26099257
994			\|a 92 \|b GEBAY
912			\|a ZDB-4-EBA
049			\|a DE-863

Datensatz im Suchindex

DE-BY-FWS_katkey	ZDB-4-EBA-ocn857712561
_version_	1816882243677716481
adam_text
any_adam_object
author	Watson, David (David Lilburn)
author2	Jones, Andrew
author2_role
author2_variant	a j aj
author_GND	http://id.loc.gov/authorities/names/n2013032300
author_facet	Watson, David (David Lilburn) Jones, Andrew
author_role
author_sort	Watson, David
author_variant	d w dw
building	Verbundindex
bvnumber	localFWS
callnumber-first	H - Social Science
callnumber-label	HV8079
callnumber-raw	HV8079.C65 W38 2013
callnumber-search	HV8079.C65 W38 2013
callnumber-sort	HV 48079 C65 W38 42013
callnumber-subject	HV - Social Pathology, Criminology
collection	ZDB-4-EBA
contents	Introduction -- Some Types of Cases Involving Digital Forensics -- Growth of Hard Disk Drives for Personal Computers -- Disk Drive Size Nomenclature -- Forensic Laboratory Accommodation -- The Building -- Protecting Against External and Environmental Threats -- Utilities and Services -- Physical Security -- Layout of the Forensic Laboratory -- Sample Outline for a Business Case -- Forensic Laboratory Physical Security Policy -- Setting up the Forensic Laboratory -- The Forensic Laboratory ToR -- Cross Reference between ISO 9001 and ISO 17025 -- Conflict of Interest Policy -- Quality Policy -- The Forensic Laboratory Integrated Management System -- Benefits -- The Forensic Laboratory IMS -- The Forensic Laboratory Policies -- Planning -- Implementation and Operation -- Performance Assessment -- Continuous Improvement -- Management Reviews -- Mapping ISO Guide 72 Requirements to PAS 99 -- PAS 99 Glossary -- PAS 99 Mapping to IMS Procedures -- The Forensic Laboratory Goal Statement -- The Forensic Laboratory Baseline Measures -- Environment Policy -- Health and Safety Policy -- Undue Influene Policy -- Business Continuity Policy -- Information Security Policy -- Access Control Policy -- Change or Termination Policy -- Clear Desk and Clear Screen Policy -- Continuous Improvement Policy -- Cryptographic Control Policy -- Document Retention Policy -- Financial Management Policy -- Mobile Devices Policy -- Network Service Policy -- Personnel Screening Policy -- Relationship Management Policy -- Release Management Policy -- Service Management Policy -- Service Reporting Policy -- Third-Party Access Control Policy -- Acceptable use Policy -- Audit Committee -- Business Continuity Committee -- Environment Committee -- Health and Safety Committee -- Information Security Committee -- Quality Committee -- Risk Committee -- Service Delivery Committee -- Whistle Blowing Policy -- Management Review Agenda -- Document Control Checklist -- Document Metadata -- File-Naming Standards -- Watermarks in Use in the Forensic Laboratory -- Document Review Form -- IMS Calendar -- Audit Plan Letter -- Audit Reporting Form -- CAR/PAR Form -- Opening Meeting Agenda -- Closing Meeting Agenda -- Audit Report Template -- Root Causes for Non-Conformity -- Risk Management -- A Short History of Risk Management -- An Information Security Risk Management Framework -- Framework Stage 1 -- ISMS Policy -- Framework Stage 2: Planning, Resourcing, and Communication -- Framework Stage 3: Information Security Risk Management Process -- Framework Stage 4: Implementation and Operational Procedures -- Framework Stage 5: Follow-up Procedures -- Sample Communication Plan -- Sample Information Security Plan -- Asset Type Examples -- Asset Values -- Consequences Table -- Some Common Business Risks -- Some Common Project Risks -- Security Threat Examples -- Common Security Vulnerabilities -- Risk Management Policy -- The IMS and ISMS Scope Document -- Criticality Ratings -- Likelihood of Occurrence -- Risk Appetite -- Security Controls from CobIT and NIST 800-53 -- Information Classification -- The Corporate Risk Register -- Comparison between Qualitative and Quantitative Methods -- Mapping Control Functions to ISO 27001 -- Mapping Security Concerns to ISO 27001 -- SoA Template -- The Forensic Laboratory's Security Metrics Report -- Mapping ISO 31000 and ISO 27001 to IMS Procedures -- Quality in the Forensic Laboratory -- Quality and Good Laboratory Practice -- Management Requirements for Operating the Forensic Laboratory -- ISO 9001 for the Forensic Laboratory -- The Forensic Laboratory's QMS -- Responsibilities in the QMS -- Managing Sales -- Product and Service Realization -- Reviewing Deliverables -- Signing Off a Case -- Archiving a Case -- Maintaining Client Confidentiality -- Technical Requirements for the Forensic Laboratory -- Measurement, Analysis, and Improvement -- Managing Client Complaints -- Mapping ISO 9001 to IMS Procedures -- Mapping ISO 17025 to IMS Procedures -- Mapping SWGDE Quality Requirements to IMS Procedures -- Mapping NIST-150 Quality Requirements to IMS Procedures -- Mapping ENFSI Quality Requirements to IMS Procedures -- Mapping FSR Quality Requirements to IMS Procedures -- Quality Manager, Job Description -- Business Plan Template -- Business KPIs -- Quality Plan Contents -- Induction Checklist Contents -- Induction Feedback -- Standard Proposal Template -- Issues to Consider for Case Processing -- Standard Quotation Contents -- Standard Terms and Conditions -- ERMS Client Areas -- Cost Estimation Spreadsheet -- Draft Review Form -- Client Sign-Off and Feedback Form -- Information Required for Registering a Complaint -- Complaint Resolution Timescales -- Complaint Metrics -- Laboratory Manager, Job Description -- Forensic Analyst, Job Description -- Training Agenda -- Some Individual Forensic Certifications -- Minimum Equipment Records Required by ISO 17025 -- Reference Case Tests -- ISO 17025 Reporting Requirements -- Standard Forensic Laboratory Report -- IT Infrastructure -- Hardware -- Software -- Infrastructure -- Process Management -- Hardware Management -- Software Management -- Network Management -- Some Forensic Workstation Providers -- Some Mobile Forensic Workstation Providers -- Standard Build for a Forensic Workstation -- Some Case Processing Tools -- Policy for Securing IT Cabling -- Policy for Siting and Protecting IT Equipment -- ISO 20000-1 Mapping -- Service Desk Manager, Job Description -- Incident Manager, Job Description -- Incident Status Levels -- Incident Priority Levels -- Service Desk Feedback Form -- Problem Manager, Job Description -- Contents of the Forensic Laboratory SIP -- Change Categories -- Change Manager, Job Description -- Standard Requirements of a Request for Change -- Emergency Change Policy -- Release Manager, Job Description -- Configuration Management Plan Contents -- Configuration Management Policy -- Configuration Manager, Job Description -- Information Stored in the DSL and DHL -- Capacity Manager, Job Description -- Capacity Management Plan -- Service Management Policy -- Service Level Manager, Job Description -- Policy for Maintaining and Servicing IT Equipment -- ISO 17025 Tool Test Method Documentation -- Standard Forensic Tool Tests -- Forensic Tool Test Report Template -- Overnight Backup Checklist -- Incident Response -- General -- Evidence -- Incident Response as a Process -- Initial Contact -- Types of First Response -- The Incident Scene -- Transportation to the Forensic Laboratory -- Crime Scene and Seizure Reports -- Postincident Review -- Mapping ISO 17020 to IMS Procedures -- First Response Briefing Agenda -- Contents of the Grab Bag -- New Case Form -- First Responder Seizure Summary Log -- Site Summary Form -- Seizure Log -- Evidence Locations in Devices and Media -- Types of Evidence Typically Needed for a Case -- The On/Off Rule. Some Types of Metadata That may be Recoverable from Digital Images -- Countries with Different Fixed Line Telephone Connections -- Some Interview Questions -- Evidence Labeling -- Forensic Preview Forms -- A Traveling Forensic Laboratory -- Movement Sheet -- Incident Response Report -- Postincident Review Agenda -- Incident Processing Checklist -- Case Processing -- Introduction to Case Processing -- Case Types -- Precase Processing -- Equipment Maintenance -- Management Processes -- Booking Exhibits in and out of the Secure Property Store -- Starting a New Case -- Preparing the Forensic Workstation -- Imaging -- Examination -- Dual Tool Verification -- Digital Time Stamping -- Production of an Internal Case Report -- Creating Exhibits -- Producing a Case Report for External Use -- Statements, Depositions, and Similar -- Forensic Software Tools -- Backing up and Archiving a Case -- Disclosure -- Disposal -- Some International Forensic Good Practice -- Some International and National Standards Relating to Digital Forensics -- Hard Disk Log Details -- Disk History Log -- Tape Log Details -- Tape History Log -- Small Digital Media Log Details -- Small Digital Media Device Log -- Forensic Case Work Log -- Case Processing KPIs -- Contents of Sample Exhibit Rejection Letter -- Sample Continuity Label Contents -- Details of the Forensic Laboratory Property Log -- Exhibit Acceptance Letter Template -- Property Special Handling Log -- Evidence Sought -- Request for Forensic Examination -- Client Virtual Case File Structure -- Computer Details Log -- Other Equipment Details Log -- Hard Disk Details Log -- Other Media Details Log -- Cell Phone Details Log -- Other Device Details Log -- Some Evidence Found in Volatile Memory -- Some File Metadata -- Case Progress Checklist -- Meeting the Requirements of HB 171 -- Internal Case Report Template -- Forensic Laboratory Exhibit Log -- Report Production Checklist -- Case Management -- Overview -- Hard Copy Forms -- MARS -- Setting up a New Case -- Processing a Forensic Case -- Reports General -- Administrator's Reports -- User Reports -- Setting up Organisational Details -- Set up the Administrator -- Audit Reports -- Manage Users -- Manage Manufacturers -- Manage Suppliers -- Manage Clients -- Manage Investigators -- Manage Disks -- Manage Tapes -- Manage Small Digital Media -- Exhibit Details -- Estimates -- Accept or Reject Case -- Movement Log -- Examination Log -- Computer Hardware Details -- Non-Computer Exhibit Details -- Hard Disk Details -- Other Media Details -- Work Record Details -- Updating Case Estimates -- Create Exhibit -- Case Result -- Case Backup -- Billing and Feedback -- Feedback Received -- Organization Report -- Users Report -- Manufacturers Report -- Supplier Report -- Clients Report -- Investigator's Report -- Disks by Assignment Report -- Disks by Reference Number Report -- Wiped Disks Report -- Disposed Disks Report -- Disk History Report -- Tapes by Assignment Report -- Tapes by Reference Number Report -- Wiped Tapes Report -- Disposed Tapes Report -- Tape History Report -- Small Digital Media by Assignment Report -- Small Digital Media by Reference Number Report -- Wiped Small Digital Media Report -- Disposed Small Digital Media Report -- Small Digital Media History Report -- Wipe Methods Report -- Disposal Methods Report -- Imaging Methods Report -- Operating Systems Report -- Media Types Report -- Exhibit Type Report -- Case Setup Details Report -- Case Movement Report -- Case Computers Report -- Case Non-Computer Evidence Report -- Case Disks Received Report -- Case Other Media Received -- Case Exhibits Received Report -- Case Work Record -- Cases Rejected Report -- Cases Accepted -- Case Estimates Report -- Cases by Forensic Analyst -- Cases by Client Report -- Cases by Investigator Report -- Case Target Dates Report -- Cases Within "x" Days of Target Date Report -- Cases Past Target Date Report -- Cases Unassigned Report -- Case Exhibits Produced Report -- Case Results Report -- Case Backups Report -- Billing Run Report -- Feedback Letters -- Feedback Forms Printout -- Feedback Reporting Summary by Case -- Feedback Reporting Summary by Forensic Analyst -- Feedback Reporting Summary by Client -- Complete Case Report -- Processed Report -- Insurance Report -- Evidence Presentation -- Notes -- Types of Witness -- Reports -- Testimony in Court -- Why Cases Fail -- Nations Ratifying the Budapest Convention -- Criteria for Selection an Expert Witness -- The Forensic Laboratory Code of Conduct for Expert Witnesses -- Report Writing Checklist -- Statement and Deposition Writing Checklist -- Non-Verbal Communication to Avoid -- Etiquette in Court -- Testimony Feedback Form -- Secure Working Practices -- Principles of Information Security within the Forensic Laboratory -- Managing Information Security in the Forensic Laboratory -- Physical Security in the Forensic Laboratory -- Managing Service Delivery -- Managing System Access -- Managing Information on Public Systems -- Securely Managing IT Systems -- Information Processing Systems Development and Maintenance -- The Forensic Laboratory SoA -- Meeting the Requirements of GAISP -- Software License Database Information Held -- Information Security Manager, Job Description -- Logon Banner -- The Forensic Laboratory's Security Objectives -- Asset Details to be Recorded in the Asset Register -- Details Required for Removal of an Asset -- Handling Classified Assets -- Asset Disposal Form -- Visitor Checklist -- Rules of the Data Center -- User Account Management Form Contents -- Teleworking Request Form Contents -- Ensuring Continuity of Operations -- Business Justification for Ensuring Continuity of Operations -- Management Commitment -- Training and Competence -- Determining the Business Continuity Strategy -- Developing and Implementing a Business Continuity Management Response -- Exercising, Maintaining, and Reviewing Business Continuity Arrangements -- Maintaining and Improving the BCMS -- Embedding Business Continuity Forensic Laboratory Processes -- BCMS Documentation and Records -- General -- Supplier Details Held -- Headings for Financial and Security Questionnaire -- Business Continuity Manager, Job Description -- Contents of the Forensic Laboratory BIA Form -- Proposed BCMS Development and Certification Timescales -- Incident Scenarios -- Strategy Options -- Standard Forensic Laboratory BCP Contents -- Table of Contents to the Appendix to a BCP -- BCP Change List Contents -- BCP Scenario Plan Contents -- BCP Review Report Template Contents -- Mapping IMS Procedures to ISO 22301 -- Differences between ISO 22301 and BS 25999 -- Managing Business Relationships -- The Need for Third Parties -- Clients -- Third Parties Accessing the Forensic Laboratory. Managing Service Level Agreements -- Suppliers of Office and IT Products and Services -- Utility Service Providers -- Contracted Forensic Consultants and Expert Witnesses -- Outsourcing -- Use of Sub-Contractors -- Managing Complaints -- Reasons for Outsourcing Failure -- Contents of a Service Plan -- Risks to Consider with Third Parties -- Contract Checklist for Information Security Issues -- SLA Template for Products and Services for Clients -- RFx Descriptions -- The Forensic Laboratory RFx Template Checklist -- RFx Timeline for Response, Evaluation, and Selection -- Forensic Consultant's Personal Attributes -- Some Tips for Selecting an Outsourcing Service Provider -- Areas to Consider for Outsourcing Contracts -- Effective Records Management -- Legislative, Regulatory, and Other Requirements -- Record Characteristics -- A Records Management Policy -- Defining the Requirements for Records Management in the Forensic Laboratory -- Determining Forensic Laboratory Records to be Managed by the ERMS -- Using Metadata in the Forensic Laboratory -- Record Management Procedures -- Business Continuity -- MoReq2 Functional Requirements -- Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures -- Types of Legislation and Regulation that will Affect Record Keeping -- Forensic Laboratory Record Keeping Policy -- Record Management System Objectives -- Business Case Contents -- Outline of the ERMS Project -- Selection Criteria for an ERMS -- Initial ERMS Feedback Questionnaire -- Metadata Required in the ERMS -- Sample E-mail Metadata -- Forensic Case Records Stored in the ERMS -- Dublin Core Metadata Elements -- National Archives of Australia Metadata Standard -- Responsibilities for Records Management in the Forensic Laboratory -- Metadata for Records Stored Off-Site -- Records Classification System -- Disposition Authorization -- Additional Requirements for Physical Record Recovery -- Specialized Equipment Needed for Inspection and Recovery of Damaged Records -- Health and Safety Procedures -- Planning for OH & S -- Implementation and Operation of the OH & S Management System -- Checking Compliance with OH & S Requirements -- Improving the OH & S Management System -- OH & S Policy Checklist -- The Forensic Laboratory OH & S Policy -- Health and Safety Manager Job Description -- Some Examples of OH & S Drivers -- The Forensic Laboratory OH & S Objectives -- Sample Hazards in the Forensic Laboratory -- Hazard Identification Form -- Some Areas for Inspection for Hazards -- Inputs to the Risk Assessment Process -- OH & S Risk Rating -- DSE Initial Workstation Self-Assessment Checklist -- DSE Training Syllabus -- DSE Assessors Checklist -- Measurement of OH & S Success -- Specific OH & S Incident Reporting Requirements -- OH & S Investigation Checklist and Form Contents -- OH & S Incident Review -- OHSAS 18001 Mapping to IMS Procedures -- Human Resources -- Employee Development -- Development -- Termination -- Training Feedback Form -- Employee Security Screening Policy Checklist -- Employment Application Form -- Employment Application Form Notes -- Some Documents that can Verify Identity -- Document Authenticity Checklist -- Verifying Addresses -- Right to Work Checklist -- Reference Authorization -- Statutory Declaration -- Employer Reference Form -- Employer's Oral Reference Form -- Confirmation of an Oral Reference Letter -- Qualification Verification Checklist -- Criminal Record Declaration Checklist -- Personal Reference Form -- Personal Oral Reference Form -- Other Reference Form -- Employee Security Screening File -- Top Management Acceptance of Employment Risk -- Third-Party Employee Security Screening Provider Checklist -- Recruitment Agency Contract Checklist -- Investigation Manager, Job Description -- Forensic Laboratory System Administrator, Job Description -- Employee, Job Description -- Areas of Technical Competence -- Some Professional Forensic and Security Organizations -- Training Specification Template -- Training Proposal Evaluation Checklist -- Training Supplier Interview and Presentation Checklist -- Training Reaction Level Questionnaire -- The Forensic Laboratory Code of Ethics -- Termination Checklist -- Accreditation and Certification for a Forensic Laboratory -- Accreditation and Certification -- Accreditation for a Forensic Laboratory -- Certification for a Forensic Laboratory -- Typical Conditions of Accreditation -- Contents of an Audit Response -- Management System Assessment Non-Conformance Examples -- Typical Closeout Periods -- Emerging Issues -- Specific Challenges.
ctrlnum	(OCoLC)857712561
dewey-full	363.250285
dewey-hundreds	300 - Social sciences
dewey-ones	363 - Other social problems and services
dewey-raw	363.250285
dewey-search	363.250285
dewey-sort	3363.250285
dewey-tens	360 - Social problems and services; associations
discipline	Soziologie
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>29039cam a2200721Ma 4500</leader><controlfield tag="001">ZDB-4-EBA-ocn857712561</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr \|n\|\|\|\|\|\|\|\|\|</controlfield><controlfield tag="008">130906s2013 ne ob 001 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">IDEBK</subfield><subfield code="b">eng</subfield><subfield code="e">pn</subfield><subfield code="c">IDEBK</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OPELS</subfield><subfield code="d">E7B</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">UIU</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">COO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">AZK</subfield><subfield code="d">AGLDB</subfield><subfield code="d">K6U</subfield><subfield code="d">Z5A</subfield><subfield code="d">PIFAG</subfield><subfield code="d">FVL</subfield><subfield code="d">LIV</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">U3W</subfield><subfield code="d">STF</subfield><subfield code="d">OCLCF</subfield><subfield code="d">D6H</subfield><subfield code="d">TOF</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">TKN</subfield><subfield code="d">UKAHL</subfield><subfield code="d">BRF</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCL</subfield><subfield code="d">QGK</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield><subfield code="d">SXB</subfield><subfield code="d">OCLCQ</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">961574910</subfield><subfield code="a">1259256646</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1299833144</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781299833142</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781597497459</subfield><subfield code="q">(e-book)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1597497452</subfield><subfield code="q">(e-book)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781597497428</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">1597497428</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)857712561</subfield><subfield code="z">(OCoLC)961574910</subfield><subfield code="z">(OCoLC)1259256646</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">514565</subfield><subfield code="b">MIL</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">HV8079.C65</subfield><subfield code="b">W38 2013</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">363.250285</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Watson, David</subfield><subfield code="q">(David Lilburn)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCjtkpGQ9Xgkd9wWQWbd4v3</subfield><subfield code="0">http://id.loc.gov/authorities/names/n2013032300</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Digital forensics processing and procedures :</subfield><subfield code="b">meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements /</subfield><subfield code="c">David Watson, Andrew Jones.</subfield></datafield><datafield tag="260" ind1=" " ind2=" "><subfield code="a">Amsterdam ;</subfield><subfield code="a">Boston :</subfield><subfield code="b">Syngress,</subfield><subfield code="c">2013.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="347" ind1=" " ind2=" "><subfield code="a">text file</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab. A step-by-step guide to designing, building and using a digital forensics lab. A comprehensive guide for all roles in a digital forensics laboratoryBased on international standards and certifications.</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Print version record.</subfield></datafield><datafield tag="505" ind1="0" ind2="0"><subfield code="g">Machine generated contents note:</subfield><subfield code="g">1.</subfield><subfield code="t">Introduction --</subfield><subfield code="g">1.1.</subfield><subfield code="t">Introduction --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Some Types of Cases Involving Digital Forensics --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Growth of Hard Disk Drives for Personal Computers --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Disk Drive Size Nomenclature --</subfield><subfield code="g">2.</subfield><subfield code="t">Forensic Laboratory Accommodation --</subfield><subfield code="g">2.1.</subfield><subfield code="t">The Building --</subfield><subfield code="g">2.2.</subfield><subfield code="t">Protecting Against External and Environmental Threats --</subfield><subfield code="g">2.3.</subfield><subfield code="t">Utilities and Services --</subfield><subfield code="g">2.4.</subfield><subfield code="t">Physical Security --</subfield><subfield code="g">2.5.</subfield><subfield code="t">Layout of the Forensic Laboratory --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Sample Outline for a Business Case --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Forensic Laboratory Physical Security Policy --</subfield><subfield code="g">3.</subfield><subfield code="t">Setting up the Forensic Laboratory --</subfield><subfield code="g">3.1.</subfield><subfield code="t">Setting up the Forensic Laboratory --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">The Forensic Laboratory ToR --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Cross Reference between ISO 9001 and ISO 17025 --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Conflict of Interest Policy --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Quality Policy --</subfield><subfield code="g">4.</subfield><subfield code="t">The Forensic Laboratory Integrated Management System --</subfield><subfield code="g">4.1.</subfield><subfield code="t">Introduction --</subfield><subfield code="g">4.2.</subfield><subfield code="t">Benefits --</subfield><subfield code="g">4.3.</subfield><subfield code="t">The Forensic Laboratory IMS --</subfield><subfield code="g">4.4.</subfield><subfield code="t">The Forensic Laboratory Policies --</subfield><subfield code="g">4.5.</subfield><subfield code="t">Planning --</subfield><subfield code="g">4.6.</subfield><subfield code="t">Implementation and Operation --</subfield><subfield code="g">4.7.</subfield><subfield code="t">Performance Assessment --</subfield><subfield code="g">4.8.</subfield><subfield code="t">Continuous Improvement --</subfield><subfield code="g">4.9.</subfield><subfield code="t">Management Reviews --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Mapping ISO Guide 72 Requirements to PAS 99 --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">PAS 99 Glossary --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">PAS 99 Mapping to IMS Procedures --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">The Forensic Laboratory Goal Statement --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">The Forensic Laboratory Baseline Measures --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Environment Policy --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Health and Safety Policy --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Undue Influene Policy --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Business Continuity Policy --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Information Security Policy --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">Access Control Policy --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Change or Termination Policy --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Clear Desk and Clear Screen Policy --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Continuous Improvement Policy --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Cryptographic Control Policy --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">Document Retention Policy --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">Financial Management Policy --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">Mobile Devices Policy --</subfield><subfield code="g">Appendix 19</subfield><subfield code="t">Network Service Policy --</subfield><subfield code="g">Appendix 20</subfield><subfield code="t">Personnel Screening Policy --</subfield><subfield code="g">Appendix 21</subfield><subfield code="t">Relationship Management Policy --</subfield><subfield code="g">Appendix 22</subfield><subfield code="t">Release Management Policy --</subfield><subfield code="g">Appendix 23</subfield><subfield code="t">Service Management Policy --</subfield><subfield code="g">Appendix 24</subfield><subfield code="t">Service Reporting Policy --</subfield><subfield code="g">Appendix 25</subfield><subfield code="t">Third-Party Access Control Policy --</subfield><subfield code="g">Appendix 26</subfield><subfield code="t">Acceptable use Policy --</subfield><subfield code="g">Appendix 27</subfield><subfield code="t">Audit Committee --</subfield><subfield code="g">Appendix 28</subfield><subfield code="t">Business Continuity Committee --</subfield><subfield code="g">Appendix 29</subfield><subfield code="t">Environment Committee --</subfield><subfield code="g">Appendix 30</subfield><subfield code="t">Health and Safety Committee --</subfield><subfield code="g">Appendix 31</subfield><subfield code="t">Information Security Committee --</subfield><subfield code="g">Appendix 32</subfield><subfield code="t">Quality Committee --</subfield><subfield code="g">Appendix 33</subfield><subfield code="t">Risk Committee --</subfield><subfield code="g">Appendix 34</subfield><subfield code="t">Service Delivery Committee --</subfield><subfield code="g">Appendix 35</subfield><subfield code="t">Whistle Blowing Policy --</subfield><subfield code="g">Appendix 36</subfield><subfield code="t">Management Review Agenda --</subfield><subfield code="g">Appendix 37</subfield><subfield code="t">Document Control Checklist --</subfield><subfield code="g">Appendix 38</subfield><subfield code="t">Document Metadata --</subfield><subfield code="g">Appendix 39</subfield><subfield code="t">File-Naming Standards --</subfield><subfield code="g">Appendix 40</subfield><subfield code="t">Watermarks in Use in the Forensic Laboratory --</subfield><subfield code="g">Appendix 41</subfield><subfield code="t">Document Review Form --</subfield><subfield code="g">Appendix 42</subfield><subfield code="t">IMS Calendar --</subfield><subfield code="g">Appendix 43</subfield><subfield code="t">Audit Plan Letter --</subfield><subfield code="g">Appendix 44</subfield><subfield code="t">Audit Reporting Form --</subfield><subfield code="g">Appendix 45</subfield><subfield code="t">CAR/PAR Form --</subfield><subfield code="g">Appendix 46</subfield><subfield code="t">Opening Meeting Agenda --</subfield><subfield code="g">Appendix 47</subfield><subfield code="t">Closing Meeting Agenda --</subfield><subfield code="g">Appendix 48</subfield><subfield code="t">Audit Report Template --</subfield><subfield code="g">Appendix 49</subfield><subfield code="t">Root Causes for Non-Conformity --</subfield><subfield code="g">5.</subfield><subfield code="t">Risk Management --</subfield><subfield code="g">5.1.</subfield><subfield code="t">A Short History of Risk Management --</subfield><subfield code="g">5.2.</subfield><subfield code="t">An Information Security Risk Management Framework --</subfield><subfield code="g">5.3.</subfield><subfield code="t">Framework Stage 1 -- ISMS Policy --</subfield><subfield code="g">5.4.</subfield><subfield code="t">Framework Stage 2: Planning, Resourcing, and Communication --</subfield><subfield code="g">5.5.</subfield><subfield code="t">Framework Stage 3: Information Security Risk Management Process --</subfield><subfield code="g">5.6.</subfield><subfield code="t">Framework Stage 4: Implementation and Operational Procedures --</subfield><subfield code="g">5.7.</subfield><subfield code="t">Framework Stage 5: Follow-up Procedures --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Sample Communication Plan --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Sample Information Security Plan --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Asset Type Examples --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Asset Values --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Consequences Table --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Some Common Business Risks --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Some Common Project Risks --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Security Threat Examples --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Common Security Vulnerabilities --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Risk Management Policy --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">The IMS and ISMS Scope Document --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Criticality Ratings --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Likelihood of Occurrence --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Risk Appetite --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Security Controls from CobIT and NIST 800-53 --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">Information Classification --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">The Corporate Risk Register --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">Comparison between Qualitative and Quantitative Methods --</subfield><subfield code="g">Appendix 19</subfield><subfield code="t">Mapping Control Functions to ISO 27001 --</subfield><subfield code="g">Appendix 20</subfield><subfield code="t">Mapping Security Concerns to ISO 27001 --</subfield><subfield code="g">Appendix 21</subfield><subfield code="t">SoA Template --</subfield><subfield code="g">Appendix 22</subfield><subfield code="t">The Forensic Laboratory's Security Metrics Report --</subfield><subfield code="g">Appendix 23</subfield><subfield code="t">Mapping ISO 31000 and ISO 27001 to IMS Procedures --</subfield><subfield code="g">6.</subfield><subfield code="t">Quality in the Forensic Laboratory --</subfield><subfield code="g">6.1.</subfield><subfield code="t">Quality and Good Laboratory Practice --</subfield><subfield code="g">6.2.</subfield><subfield code="t">Management Requirements for Operating the Forensic Laboratory --</subfield><subfield code="g">6.3.</subfield><subfield code="t">ISO 9001 for the Forensic Laboratory --</subfield><subfield code="g">6.4.</subfield><subfield code="t">The Forensic Laboratory's QMS --</subfield><subfield code="g">6.5.</subfield><subfield code="t">Responsibilities in the QMS --</subfield><subfield code="g">6.6.</subfield><subfield code="t">Managing Sales --</subfield><subfield code="g">6.7.</subfield><subfield code="t">Product and Service Realization --</subfield><subfield code="g">6.8.</subfield><subfield code="t">Reviewing Deliverables --</subfield><subfield code="g">6.9.</subfield><subfield code="t">Signing Off a Case --</subfield><subfield code="g">6.10.</subfield><subfield code="t">Archiving a Case --</subfield><subfield code="g">6.11.</subfield><subfield code="t">Maintaining Client Confidentiality --</subfield><subfield code="g">6.12.</subfield><subfield code="t">Technical Requirements for the Forensic Laboratory --</subfield><subfield code="g">6.13.</subfield><subfield code="t">Measurement, Analysis, and Improvement --</subfield><subfield code="g">6.14.</subfield><subfield code="t">Managing Client Complaints --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Mapping ISO 9001 to IMS Procedures --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Mapping ISO 17025 to IMS Procedures --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Mapping SWGDE Quality Requirements to IMS Procedures --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Mapping NIST-150 Quality Requirements to IMS Procedures --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Mapping ENFSI Quality Requirements to IMS Procedures --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Mapping FSR Quality Requirements to IMS Procedures --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Quality Manager, Job Description --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Business Plan Template --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Business KPIs --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Quality Plan Contents --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">Induction Checklist Contents --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Induction Feedback --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Standard Proposal Template --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Issues to Consider for Case Processing --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Standard Quotation Contents --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">Standard Terms and Conditions --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">ERMS Client Areas --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">Cost Estimation Spreadsheet --</subfield><subfield code="g">Appendix 19</subfield><subfield code="t">Draft Review Form --</subfield><subfield code="g">Appendix 20</subfield><subfield code="t">Client Sign-Off and Feedback Form --</subfield><subfield code="g">Appendix 21</subfield><subfield code="t">Information Required for Registering a Complaint --</subfield><subfield code="g">Appendix 22</subfield><subfield code="t">Complaint Resolution Timescales --</subfield><subfield code="g">Appendix 23</subfield><subfield code="t">Complaint Metrics --</subfield><subfield code="g">Appendix 24</subfield><subfield code="t">Laboratory Manager, Job Description --</subfield><subfield code="g">Appendix 25</subfield><subfield code="t">Forensic Analyst, Job Description --</subfield><subfield code="g">Appendix 26</subfield><subfield code="t">Training Agenda --</subfield><subfield code="g">Appendix 27</subfield><subfield code="t">Some Individual Forensic Certifications --</subfield><subfield code="g">Appendix 28</subfield><subfield code="t">Minimum Equipment Records Required by ISO 17025 --</subfield><subfield code="g">Appendix 29</subfield><subfield code="t">Reference Case Tests --</subfield><subfield code="g">Appendix 30</subfield><subfield code="t">ISO 17025 Reporting Requirements --</subfield><subfield code="g">Appendix 31</subfield><subfield code="t">Standard Forensic Laboratory Report --</subfield><subfield code="g">7.</subfield><subfield code="t">IT Infrastructure --</subfield><subfield code="g">7.1.</subfield><subfield code="t">Hardware --</subfield><subfield code="g">7.2.</subfield><subfield code="t">Software --</subfield><subfield code="g">7.3.</subfield><subfield code="t">Infrastructure --</subfield><subfield code="g">7.4.</subfield><subfield code="t">Process Management --</subfield><subfield code="g">7.5.</subfield><subfield code="t">Hardware Management --</subfield><subfield code="g">7.6.</subfield><subfield code="t">Software Management --</subfield><subfield code="g">7.7.</subfield><subfield code="t">Network Management --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Some Forensic Workstation Providers --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Some Mobile Forensic Workstation Providers --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Standard Build for a Forensic Workstation --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Some Case Processing Tools --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Policy for Securing IT Cabling --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Policy for Siting and Protecting IT Equipment --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">ISO 20000-1 Mapping --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Service Desk Manager, Job Description --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Incident Manager, Job Description --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Incident Status Levels --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">Incident Priority Levels --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Service Desk Feedback Form --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Problem Manager, Job Description --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Contents of the Forensic Laboratory SIP --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Change Categories --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">Change Manager, Job Description --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">Standard Requirements of a Request for Change --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">Emergency Change Policy --</subfield><subfield code="g">Appendix 19</subfield><subfield code="t">Release Management Policy --</subfield><subfield code="g">Appendix 20</subfield><subfield code="t">Release Manager, Job Description --</subfield><subfield code="g">Appendix 21</subfield><subfield code="t">Configuration Management Plan Contents --</subfield><subfield code="g">Appendix 22</subfield><subfield code="t">Configuration Management Policy --</subfield><subfield code="g">Appendix 23</subfield><subfield code="t">Configuration Manager, Job Description --</subfield><subfield code="g">Appendix 24</subfield><subfield code="t">Information Stored in the DSL and DHL --</subfield><subfield code="g">Appendix 25</subfield><subfield code="t">Capacity Manager, Job Description --</subfield><subfield code="g">Appendix 26</subfield><subfield code="t">Capacity Management Plan --</subfield><subfield code="g">Appendix 27</subfield><subfield code="t">Service Management Policy </subfield></datafield><datafield tag="505" ind1="0" ind2="0"><subfield code="t">--</subfield><subfield code="g">Appendix 28</subfield><subfield code="t">Service Level Manager, Job Description --</subfield><subfield code="g">Appendix 29</subfield><subfield code="t">Service Reporting Policy --</subfield><subfield code="g">Appendix 30</subfield><subfield code="t">Policy for Maintaining and Servicing IT Equipment --</subfield><subfield code="g">Appendix 31</subfield><subfield code="t">ISO 17025 Tool Test Method Documentation --</subfield><subfield code="g">Appendix 32</subfield><subfield code="t">Standard Forensic Tool Tests --</subfield><subfield code="g">Appendix 33</subfield><subfield code="t">Forensic Tool Test Report Template --</subfield><subfield code="g">Appendix 34</subfield><subfield code="t">Overnight Backup Checklist --</subfield><subfield code="g">8.</subfield><subfield code="t">Incident Response --</subfield><subfield code="g">8.1.</subfield><subfield code="t">General --</subfield><subfield code="g">8.2.</subfield><subfield code="t">Evidence --</subfield><subfield code="g">8.3.</subfield><subfield code="t">Incident Response as a Process --</subfield><subfield code="g">8.4.</subfield><subfield code="t">Initial Contact --</subfield><subfield code="g">8.5.</subfield><subfield code="t">Types of First Response --</subfield><subfield code="g">8.6.</subfield><subfield code="t">The Incident Scene --</subfield><subfield code="g">8.7.</subfield><subfield code="t">Transportation to the Forensic Laboratory --</subfield><subfield code="g">8.8.</subfield><subfield code="t">Crime Scene and Seizure Reports --</subfield><subfield code="g">8.9.</subfield><subfield code="t">Postincident Review --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Mapping ISO 17020 to IMS Procedures --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">First Response Briefing Agenda --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Contents of the Grab Bag --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">New Case Form --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">First Responder Seizure Summary Log --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Site Summary Form --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Seizure Log --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Evidence Locations in Devices and Media --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Types of Evidence Typically Needed for a Case --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">The On/Off Rule.</subfield></datafield><datafield tag="505" ind1="0" ind2="0"><subfield code="g">Note continued:</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">Some Types of Metadata That may be Recoverable from Digital Images --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Countries with Different Fixed Line Telephone Connections --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Some Interview Questions --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Evidence Labeling --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Forensic Preview Forms --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">A Traveling Forensic Laboratory --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">Movement Sheet --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">Incident Response Report --</subfield><subfield code="g">Appendix 19</subfield><subfield code="t">Postincident Review Agenda --</subfield><subfield code="g">Appendix 20</subfield><subfield code="t">Incident Processing Checklist --</subfield><subfield code="g">9.</subfield><subfield code="t">Case Processing --</subfield><subfield code="g">9.1.</subfield><subfield code="t">Introduction to Case Processing --</subfield><subfield code="g">9.2.</subfield><subfield code="t">Case Types --</subfield><subfield code="g">9.3.</subfield><subfield code="t">Precase Processing --</subfield><subfield code="g">9.4.</subfield><subfield code="t">Equipment Maintenance --</subfield><subfield code="g">9.5.</subfield><subfield code="t">Management Processes --</subfield><subfield code="g">9.6.</subfield><subfield code="t">Booking Exhibits in and out of the Secure Property Store --</subfield><subfield code="g">9.7.</subfield><subfield code="t">Starting a New Case --</subfield><subfield code="g">9.8.</subfield><subfield code="t">Preparing the Forensic Workstation --</subfield><subfield code="g">9.9.</subfield><subfield code="t">Imaging --</subfield><subfield code="g">9.10.</subfield><subfield code="t">Examination --</subfield><subfield code="g">9.11.</subfield><subfield code="t">Dual Tool Verification --</subfield><subfield code="g">9.12.</subfield><subfield code="t">Digital Time Stamping --</subfield><subfield code="g">9.13.</subfield><subfield code="t">Production of an Internal Case Report --</subfield><subfield code="g">9.14.</subfield><subfield code="t">Creating Exhibits --</subfield><subfield code="g">9.15.</subfield><subfield code="t">Producing a Case Report for External Use --</subfield><subfield code="g">9.16.</subfield><subfield code="t">Statements, Depositions, and Similar --</subfield><subfield code="g">9.17.</subfield><subfield code="t">Forensic Software Tools --</subfield><subfield code="g">9.18.</subfield><subfield code="t">Backing up and Archiving a Case --</subfield><subfield code="g">9.19.</subfield><subfield code="t">Disclosure --</subfield><subfield code="g">9.20.</subfield><subfield code="t">Disposal --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Some International Forensic Good Practice --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Some International and National Standards Relating to Digital Forensics --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Hard Disk Log Details --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Disk History Log --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Tape Log Details --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Tape History Log --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Small Digital Media Log Details --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Small Digital Media Device Log --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Forensic Case Work Log --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Case Processing KPIs --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">Contents of Sample Exhibit Rejection Letter --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Sample Continuity Label Contents --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Details of the Forensic Laboratory Property Log --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Exhibit Acceptance Letter Template --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Property Special Handling Log --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">Evidence Sought --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">Request for Forensic Examination --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">Client Virtual Case File Structure --</subfield><subfield code="g">Appendix 19</subfield><subfield code="t">Computer Details Log --</subfield><subfield code="g">Appendix 20</subfield><subfield code="t">Other Equipment Details Log --</subfield><subfield code="g">Appendix 21</subfield><subfield code="t">Hard Disk Details Log --</subfield><subfield code="g">Appendix 22</subfield><subfield code="t">Other Media Details Log --</subfield><subfield code="g">Appendix 23</subfield><subfield code="t">Cell Phone Details Log --</subfield><subfield code="g">Appendix 24</subfield><subfield code="t">Other Device Details Log --</subfield><subfield code="g">Appendix 25</subfield><subfield code="t">Some Evidence Found in Volatile Memory --</subfield><subfield code="g">Appendix 26</subfield><subfield code="t">Some File Metadata --</subfield><subfield code="g">Appendix 27</subfield><subfield code="t">Case Progress Checklist --</subfield><subfield code="g">Appendix 28</subfield><subfield code="t">Meeting the Requirements of HB 171 --</subfield><subfield code="g">Appendix 29</subfield><subfield code="t">Internal Case Report Template --</subfield><subfield code="g">Appendix 30</subfield><subfield code="t">Forensic Laboratory Exhibit Log --</subfield><subfield code="g">Appendix 31</subfield><subfield code="t">Report Production Checklist --</subfield><subfield code="g">10.</subfield><subfield code="t">Case Management --</subfield><subfield code="g">10.1.</subfield><subfield code="t">Overview --</subfield><subfield code="g">10.2.</subfield><subfield code="t">Hard Copy Forms --</subfield><subfield code="g">10.3.</subfield><subfield code="t">MARS --</subfield><subfield code="g">10.4.</subfield><subfield code="t">Setting up a New Case --</subfield><subfield code="g">10.5.</subfield><subfield code="t">Processing a Forensic Case --</subfield><subfield code="g">10.6.</subfield><subfield code="t">Reports General --</subfield><subfield code="g">10.7.</subfield><subfield code="t">Administrator's Reports --</subfield><subfield code="g">10.8.</subfield><subfield code="t">User Reports --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Setting up Organisational Details --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Set up the Administrator --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Audit Reports --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Manage Users --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Manage Manufacturers --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Manage Suppliers --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Manage Clients --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Manage Investigators --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Manage Disks --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Manage Tapes --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">Manage Small Digital Media --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Exhibit Details --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Evidence Sought --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Estimates --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Accept or Reject Case --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">Movement Log --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">Examination Log --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">Computer Hardware Details --</subfield><subfield code="g">Appendix 19</subfield><subfield code="t">Non-Computer Exhibit Details --</subfield><subfield code="g">Appendix 20</subfield><subfield code="t">Hard Disk Details --</subfield><subfield code="g">Appendix 21</subfield><subfield code="t">Other Media Details --</subfield><subfield code="g">Appendix 22</subfield><subfield code="t">Work Record Details --</subfield><subfield code="g">Appendix 23</subfield><subfield code="t">Updating Case Estimates --</subfield><subfield code="g">Appendix 24</subfield><subfield code="t">Create Exhibit --</subfield><subfield code="g">Appendix 25</subfield><subfield code="t">Case Result --</subfield><subfield code="g">Appendix 26</subfield><subfield code="t">Case Backup --</subfield><subfield code="g">Appendix 27</subfield><subfield code="t">Billing and Feedback --</subfield><subfield code="g">Appendix 28</subfield><subfield code="t">Feedback Received --</subfield><subfield code="g">Appendix 29</subfield><subfield code="t">Organization Report --</subfield><subfield code="g">Appendix 30</subfield><subfield code="t">Users Report --</subfield><subfield code="g">Appendix 31</subfield><subfield code="t">Manufacturers Report --</subfield><subfield code="g">Appendix 32</subfield><subfield code="t">Supplier Report --</subfield><subfield code="g">Appendix 33</subfield><subfield code="t">Clients Report --</subfield><subfield code="g">Appendix 34</subfield><subfield code="t">Investigator's Report --</subfield><subfield code="g">Appendix 35</subfield><subfield code="t">Disks by Assignment Report --</subfield><subfield code="g">Appendix 36</subfield><subfield code="t">Disks by Reference Number Report --</subfield><subfield code="g">Appendix 37</subfield><subfield code="t">Wiped Disks Report --</subfield><subfield code="g">Appendix 38</subfield><subfield code="t">Disposed Disks Report --</subfield><subfield code="g">Appendix 39</subfield><subfield code="t">Disk History Report --</subfield><subfield code="g">Appendix 40</subfield><subfield code="t">Tapes by Assignment Report --</subfield><subfield code="g">Appendix 41</subfield><subfield code="t">Tapes by Reference Number Report --</subfield><subfield code="g">Appendix 42</subfield><subfield code="t">Wiped Tapes Report --</subfield><subfield code="g">Appendix 43</subfield><subfield code="t">Disposed Tapes Report --</subfield><subfield code="g">Appendix 44</subfield><subfield code="t">Tape History Report --</subfield><subfield code="g">Appendix 45</subfield><subfield code="t">Small Digital Media by Assignment Report --</subfield><subfield code="g">Appendix 46</subfield><subfield code="t">Small Digital Media by Reference Number Report --</subfield><subfield code="g">Appendix 47</subfield><subfield code="t">Wiped Small Digital Media Report --</subfield><subfield code="g">Appendix 48</subfield><subfield code="t">Disposed Small Digital Media Report --</subfield><subfield code="g">Appendix 49</subfield><subfield code="t">Small Digital Media History Report --</subfield><subfield code="g">Appendix 50</subfield><subfield code="t">Wipe Methods Report --</subfield><subfield code="g">Appendix 51</subfield><subfield code="t">Disposal Methods Report --</subfield><subfield code="g">Appendix 52</subfield><subfield code="t">Imaging Methods Report --</subfield><subfield code="g">Appendix 53</subfield><subfield code="t">Operating Systems Report --</subfield><subfield code="g">Appendix 54</subfield><subfield code="t">Media Types Report --</subfield><subfield code="g">Appendix 55</subfield><subfield code="t">Exhibit Type Report --</subfield><subfield code="g">Appendix 56</subfield><subfield code="t">Case Setup Details Report --</subfield><subfield code="g">Appendix 57</subfield><subfield code="t">Case Movement Report --</subfield><subfield code="g">Appendix 58</subfield><subfield code="t">Case Computers Report --</subfield><subfield code="g">Appendix 59</subfield><subfield code="t">Case Non-Computer Evidence Report --</subfield><subfield code="g">Appendix 60</subfield><subfield code="t">Case Disks Received Report --</subfield><subfield code="g">Appendix 61</subfield><subfield code="t">Case Other Media Received --</subfield><subfield code="g">Appendix 62</subfield><subfield code="t">Case Exhibits Received Report --</subfield><subfield code="g">Appendix 63</subfield><subfield code="t">Case Work Record --</subfield><subfield code="g">Appendix 64</subfield><subfield code="t">Cases Rejected Report --</subfield><subfield code="g">Appendix 65</subfield><subfield code="t">Cases Accepted --</subfield><subfield code="g">Appendix 66</subfield><subfield code="t">Case Estimates Report --</subfield><subfield code="g">Appendix 67</subfield><subfield code="t">Cases by Forensic Analyst --</subfield><subfield code="g">Appendix 68</subfield><subfield code="t">Cases by Client Report --</subfield><subfield code="g">Appendix 69</subfield><subfield code="t">Cases by Investigator Report --</subfield><subfield code="g">Appendix 70</subfield><subfield code="t">Case Target Dates Report --</subfield><subfield code="g">Appendix 71</subfield><subfield code="t">Cases Within "x" Days of Target Date Report --</subfield><subfield code="g">Appendix 72</subfield><subfield code="t">Cases Past Target Date Report --</subfield><subfield code="g">Appendix 73</subfield><subfield code="t">Cases Unassigned Report --</subfield><subfield code="g">Appendix 74</subfield><subfield code="t">Case Exhibits Produced Report --</subfield><subfield code="g">Appendix 75</subfield><subfield code="t">Case Results Report --</subfield><subfield code="g">Appendix 76</subfield><subfield code="t">Case Backups Report --</subfield><subfield code="g">Appendix 77</subfield><subfield code="t">Billing Run Report --</subfield><subfield code="g">Appendix 78</subfield><subfield code="t">Feedback Letters --</subfield><subfield code="g">Appendix 79</subfield><subfield code="t">Feedback Forms Printout --</subfield><subfield code="g">Appendix 80</subfield><subfield code="t">Feedback Reporting Summary by Case --</subfield><subfield code="g">Appendix 81</subfield><subfield code="t">Feedback Reporting Summary by Forensic Analyst --</subfield><subfield code="g">Appendix 82</subfield><subfield code="t">Feedback Reporting Summary by Client --</subfield><subfield code="g">Appendix 83</subfield><subfield code="t">Complete Case Report --</subfield><subfield code="g">Appendix 84</subfield><subfield code="t">Processed Report --</subfield><subfield code="g">Appendix 85</subfield><subfield code="t">Insurance Report --</subfield><subfield code="g">11.</subfield><subfield code="t">Evidence Presentation --</subfield><subfield code="g">11.1.</subfield><subfield code="t">Overview --</subfield><subfield code="g">11.2.</subfield><subfield code="t">Notes --</subfield><subfield code="g">11.3.</subfield><subfield code="t">Evidence --</subfield><subfield code="g">11.4.</subfield><subfield code="t">Types of Witness --</subfield><subfield code="g">11.5.</subfield><subfield code="t">Reports --</subfield><subfield code="g">11.6.</subfield><subfield code="t">Testimony in Court --</subfield><subfield code="g">11.7.</subfield><subfield code="t">Why Cases Fail --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Nations Ratifying the Budapest Convention --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Criteria for Selection an Expert Witness --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">The Forensic Laboratory Code of Conduct for Expert Witnesses --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Report Writing Checklist --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Statement and Deposition Writing Checklist --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Non-Verbal Communication to Avoid --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Etiquette in Court --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Testimony Feedback Form --</subfield><subfield code="g">12.</subfield><subfield code="t">Secure Working Practices --</subfield><subfield code="g">12.1.</subfield><subfield code="t">Introduction --</subfield><subfield code="g">12.2.</subfield><subfield code="t">Principles of Information Security within the Forensic Laboratory --</subfield><subfield code="g">12.3.</subfield><subfield code="t">Managing Information Security in the Forensic Laboratory --</subfield><subfield code="g">12.4.</subfield><subfield code="t">Physical Security in the Forensic Laboratory --</subfield><subfield code="g">12.5.</subfield><subfield code="t">Managing Service Delivery --</subfield><subfield code="g">12.6.</subfield><subfield code="t">Managing System Access --</subfield><subfield code="g">12.7.</subfield><subfield code="t">Managing Information on Public Systems --</subfield><subfield code="g">12.8.</subfield><subfield code="t">Securely Managing IT Systems --</subfield><subfield code="g">12.9.</subfield><subfield code="t">Information Processing Systems Development and Maintenance --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">The Forensic Laboratory SoA --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Meeting the Requirements of GAISP --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Software License Database Information Held --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Information Security Manager, Job Description --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Logon Banner --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">The Forensic Laboratory's Security Objectives --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Asset Details to be Recorded in the Asset Register --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Details Required for Removal of an Asset --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Handling Classified Assets --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Asset Disposal Form --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">Visitor Checklist --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Rules of the Data Center --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">User Account Management Form Contents --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Teleworking Request Form Contents --</subfield><subfield code="g">13.</subfield><subfield code="t">Ensuring Continuity of Operations --</subfield><subfield code="g">13.1.</subfield><subfield code="t">Business Justification for Ensuring Continuity of Operations --</subfield><subfield code="g">13.2.</subfield><subfield code="t">Management Commitment --</subfield><subfield code="g">13.3.</subfield><subfield code="t">Training and Competence --</subfield><subfield code="g">13.4.</subfield><subfield code="t">Determining the Business Continuity Strategy --</subfield><subfield code="g">13.5.</subfield><subfield code="t">Developing and Implementing a Business Continuity Management Response --</subfield><subfield code="g">13.6.</subfield><subfield code="t">Exercising, Maintaining, and Reviewing Business Continuity </subfield></datafield><datafield tag="505" ind1="0" ind2="0"><subfield code="t">Arrangements --</subfield><subfield code="g">13.7.</subfield><subfield code="t">Maintaining and Improving the BCMS --</subfield><subfield code="g">13.8.</subfield><subfield code="t">Embedding Business Continuity Forensic Laboratory Processes --</subfield><subfield code="g">13.9.</subfield><subfield code="t">BCMS Documentation and Records -- General --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Supplier Details Held --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Headings for Financial and Security Questionnaire --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Business Continuity Manager, Job Description --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Contents of the Forensic Laboratory BIA Form --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Proposed BCMS Development and Certification Timescales --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Incident Scenarios --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Strategy Options --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Standard Forensic Laboratory BCP Contents --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Table of Contents to the Appendix to a BCP --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">BCP Change List Contents --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">BCP Scenario Plan Contents --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">BCP Review Report Template Contents --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Mapping IMS Procedures to ISO 22301 --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Differences between ISO 22301 and BS 25999 --</subfield><subfield code="g">14.</subfield><subfield code="t">Managing Business Relationships --</subfield><subfield code="g">14.1.</subfield><subfield code="t">The Need for Third Parties --</subfield><subfield code="g">14.2.</subfield><subfield code="t">Clients --</subfield><subfield code="g">14.3.</subfield><subfield code="t">Third Parties Accessing the Forensic Laboratory.</subfield></datafield><datafield tag="505" ind1="0" ind2="0"><subfield code="g">Note continued:</subfield><subfield code="g">14.4.</subfield><subfield code="t">Managing Service Level Agreements --</subfield><subfield code="g">14.5.</subfield><subfield code="t">Suppliers of Office and IT Products and Services --</subfield><subfield code="g">14.6.</subfield><subfield code="t">Utility Service Providers --</subfield><subfield code="g">14.7.</subfield><subfield code="t">Contracted Forensic Consultants and Expert Witnesses --</subfield><subfield code="g">14.8.</subfield><subfield code="t">Outsourcing --</subfield><subfield code="g">14.9.</subfield><subfield code="t">Use of Sub-Contractors --</subfield><subfield code="g">14.10.</subfield><subfield code="t">Managing Complaints --</subfield><subfield code="g">14.11.</subfield><subfield code="t">Reasons for Outsourcing Failure --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Contents of a Service Plan --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Risks to Consider with Third Parties --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Contract Checklist for Information Security Issues --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">SLA Template for Products and Services for Clients --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">RFx Descriptions --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">The Forensic Laboratory RFx Template Checklist --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">RFx Timeline for Response, Evaluation, and Selection --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Forensic Consultant's Personal Attributes --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Some Tips for Selecting an Outsourcing Service Provider --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Areas to Consider for Outsourcing Contracts --</subfield><subfield code="g">15.</subfield><subfield code="t">Effective Records Management --</subfield><subfield code="g">15.1.</subfield><subfield code="t">Introduction --</subfield><subfield code="g">15.2.</subfield><subfield code="t">Legislative, Regulatory, and Other Requirements --</subfield><subfield code="g">15.3.</subfield><subfield code="t">Record Characteristics --</subfield><subfield code="g">15.4.</subfield><subfield code="t">A Records Management Policy --</subfield><subfield code="g">15.5.</subfield><subfield code="t">Defining the Requirements for Records Management in the Forensic Laboratory --</subfield><subfield code="g">15.6.</subfield><subfield code="t">Determining Forensic Laboratory Records to be Managed by the ERMS --</subfield><subfield code="g">15.7.</subfield><subfield code="t">Using Metadata in the Forensic Laboratory --</subfield><subfield code="g">15.8.</subfield><subfield code="t">Record Management Procedures --</subfield><subfield code="g">15.9.</subfield><subfield code="t">Business Continuity --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">MoReq2 Functional Requirements --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Types of Legislation and Regulation that will Affect Record Keeping --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Forensic Laboratory Record Keeping Policy --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Record Management System Objectives --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Business Case Contents --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Outline of the ERMS Project --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Selection Criteria for an ERMS --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Initial ERMS Feedback Questionnaire --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Metadata Required in the ERMS --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">Sample E-mail Metadata --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Forensic Case Records Stored in the ERMS --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Dublin Core Metadata Elements --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">National Archives of Australia Metadata Standard --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Responsibilities for Records Management in the Forensic Laboratory --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">Metadata for Records Stored Off-Site --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">Records Classification System --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">Disposition Authorization --</subfield><subfield code="g">Appendix 19</subfield><subfield code="t">Additional Requirements for Physical Record Recovery --</subfield><subfield code="g">Appendix 20</subfield><subfield code="t">Specialized Equipment Needed for Inspection and Recovery of Damaged Records --</subfield><subfield code="g">16.</subfield><subfield code="t">Performance Assessment --</subfield><subfield code="g">16.1.</subfield><subfield code="t">Overview --</subfield><subfield code="g">16.2.</subfield><subfield code="t">Performance Assessment --</subfield><subfield code="g">17.</subfield><subfield code="t">Health and Safety Procedures --</subfield><subfield code="g">17.1.</subfield><subfield code="t">General --</subfield><subfield code="g">17.2.</subfield><subfield code="t">Planning for OH & S --</subfield><subfield code="g">17.3.</subfield><subfield code="t">Implementation and Operation of the OH & S Management System --</subfield><subfield code="g">17.4.</subfield><subfield code="t">Checking Compliance with OH & S Requirements --</subfield><subfield code="g">17.5.</subfield><subfield code="t">Improving the OH & S Management System --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">OH & S Policy Checklist --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">The Forensic Laboratory OH & S Policy --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Health and Safety Manager Job Description --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Some Examples of OH & S Drivers --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">The Forensic Laboratory OH & S Objectives --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Sample Hazards in the Forensic Laboratory --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Hazard Identification Form --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Some Areas for Inspection for Hazards --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Inputs to the Risk Assessment Process --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">OH & S Risk Rating --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">DSE Initial Workstation Self-Assessment Checklist --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">DSE Training Syllabus --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">DSE Assessors Checklist --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Measurement of OH & S Success --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Specific OH & S Incident Reporting Requirements --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">OH & S Investigation Checklist and Form Contents --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">OH & S Incident Review --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">OHSAS 18001 Mapping to IMS Procedures --</subfield><subfield code="g">18.</subfield><subfield code="t">Human Resources --</subfield><subfield code="g">18.1.</subfield><subfield code="t">Employee Development --</subfield><subfield code="g">18.2.</subfield><subfield code="t">Development --</subfield><subfield code="g">18.3.</subfield><subfield code="t">Termination --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Training Feedback Form --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Employee Security Screening Policy Checklist --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Employment Application Form --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Employment Application Form Notes --</subfield><subfield code="g">Appendix 5</subfield><subfield code="t">Some Documents that can Verify Identity --</subfield><subfield code="g">Appendix 6</subfield><subfield code="t">Document Authenticity Checklist --</subfield><subfield code="g">Appendix 7</subfield><subfield code="t">Verifying Addresses --</subfield><subfield code="g">Appendix 8</subfield><subfield code="t">Right to Work Checklist --</subfield><subfield code="g">Appendix 9</subfield><subfield code="t">Reference Authorization --</subfield><subfield code="g">Appendix 10</subfield><subfield code="t">Statutory Declaration --</subfield><subfield code="g">Appendix 11</subfield><subfield code="t">Employer Reference Form --</subfield><subfield code="g">Appendix 12</subfield><subfield code="t">Employer's Oral Reference Form --</subfield><subfield code="g">Appendix 13</subfield><subfield code="t">Confirmation of an Oral Reference Letter --</subfield><subfield code="g">Appendix 14</subfield><subfield code="t">Qualification Verification Checklist --</subfield><subfield code="g">Appendix 15</subfield><subfield code="t">Criminal Record Declaration Checklist --</subfield><subfield code="g">Appendix 16</subfield><subfield code="t">Personal Reference Form --</subfield><subfield code="g">Appendix 17</subfield><subfield code="t">Personal Oral Reference Form --</subfield><subfield code="g">Appendix 18</subfield><subfield code="t">Other Reference Form --</subfield><subfield code="g">Appendix 19</subfield><subfield code="t">Other Reference Form --</subfield><subfield code="g">Appendix 20</subfield><subfield code="t">Employee Security Screening File --</subfield><subfield code="g">Appendix 21</subfield><subfield code="t">Top Management Acceptance of Employment Risk --</subfield><subfield code="g">Appendix 22</subfield><subfield code="t">Third-Party Employee Security Screening Provider Checklist --</subfield><subfield code="g">Appendix 23</subfield><subfield code="t">Recruitment Agency Contract Checklist --</subfield><subfield code="g">Appendix 24</subfield><subfield code="t">Investigation Manager, Job Description --</subfield><subfield code="g">Appendix 25</subfield><subfield code="t">Forensic Laboratory System Administrator, Job Description --</subfield><subfield code="g">Appendix 26</subfield><subfield code="t">Employee, Job Description --</subfield><subfield code="g">Appendix 27</subfield><subfield code="t">Areas of Technical Competence --</subfield><subfield code="g">Appendix 28</subfield><subfield code="t">Some Professional Forensic and Security Organizations --</subfield><subfield code="g">Appendix 29</subfield><subfield code="t">Training Specification Template --</subfield><subfield code="g">Appendix 30</subfield><subfield code="t">Training Proposal Evaluation Checklist --</subfield><subfield code="g">Appendix 31</subfield><subfield code="t">Training Supplier Interview and Presentation Checklist --</subfield><subfield code="g">Appendix 32</subfield><subfield code="t">Training Reaction Level Questionnaire --</subfield><subfield code="g">Appendix 33</subfield><subfield code="t">The Forensic Laboratory Code of Ethics --</subfield><subfield code="g">Appendix 34</subfield><subfield code="t">Termination Checklist --</subfield><subfield code="g">19.</subfield><subfield code="t">Accreditation and Certification for a Forensic Laboratory --</subfield><subfield code="g">19.1.</subfield><subfield code="t">Accreditation and Certification --</subfield><subfield code="g">19.2.</subfield><subfield code="t">Accreditation for a Forensic Laboratory --</subfield><subfield code="g">19.3.</subfield><subfield code="t">Certification for a Forensic Laboratory --</subfield><subfield code="g">Appendix 1</subfield><subfield code="t">Typical Conditions of Accreditation --</subfield><subfield code="g">Appendix 2</subfield><subfield code="t">Contents of an Audit Response --</subfield><subfield code="g">Appendix 3</subfield><subfield code="t">Management System Assessment Non-Conformance Examples --</subfield><subfield code="g">Appendix 4</subfield><subfield code="t">Typical Closeout Periods --</subfield><subfield code="g">20.</subfield><subfield code="t">Emerging Issues --</subfield><subfield code="g">20.1.</subfield><subfield code="t">Introduction --</subfield><subfield code="g">20.2.</subfield><subfield code="t">Specific Challenges.</subfield></datafield><datafield tag="546" ind1=" " ind2=" "><subfield code="a">English.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer crimes</subfield><subfield code="x">Investigation.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85029493</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Evidence preservation</subfield><subfield code="x">Standards.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Forensic sciences</subfield><subfield code="x">Standards.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer science.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh89003285</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Electronic data processing.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85042288</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Criminalité informatique</subfield><subfield code="x">Enquêtes.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Preuve (Droit pénal)</subfield><subfield code="x">Conservation</subfield><subfield code="x">Normes.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Criminalistique</subfield><subfield code="x">Normes.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Informatique.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">computer science.</subfield><subfield code="2">aat</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">data processing.</subfield><subfield code="2">aat</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Electronic data processing</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer crimes</subfield><subfield code="x">Investigation</subfield><subfield code="2">fast</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer science</subfield><subfield code="2">fast</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Jones, Andrew.</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="z">9781597497428</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=485049</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://www.sciencedirect.com/science/book/9781597497428</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">Askews and Holts Library Services</subfield><subfield code="b">ASKH</subfield><subfield code="n">AH25553690</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ebrary</subfield><subfield code="b">EBRY</subfield><subfield code="n">ebr10755369</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest MyiLibrary Digital eBook Collection</subfield><subfield code="b">IDEB</subfield><subfield code="n">cis26099257</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection>
id	ZDB-4-EBA-ocn857712561
illustrated	Not Illustrated
indexdate	2024-11-27T13:25:31Z
institution	BVB
isbn	1299833144 9781299833142 9781597497459 1597497452
language	English
oclc_num	857712561
open_access_boolean
owner	MAIN DE-863 DE-BY-FWS
owner_facet	MAIN DE-863 DE-BY-FWS
physical	1 online resource
psigel	ZDB-4-EBA
publishDate	2013
publishDateSearch	2013
publishDateSort	2013
publisher	Syngress,
record_format	marc
spelling	Watson, David (David Lilburn) https://id.oclc.org/worldcat/entity/E39PCjtkpGQ9Xgkd9wWQWbd4v3 http://id.loc.gov/authorities/names/n2013032300 Digital forensics processing and procedures : meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements / David Watson, Andrew Jones. Amsterdam ; Boston : Syngress, 2013. 1 online resource text txt rdacontent computer c rdamedia online resource cr rdacarrier text file Includes bibliographical references and index. This is the first digital forensics book that covers the complete lifecycle of digital evidence and the chain of custody. This comprehensive handbook includes international procedures, best practices, compliance, and a companion web site with downloadable forms. Written by world-renowned digital forensics experts, this book is a must for any digital forensics lab. It provides anyone who handles digital evidence with a guide to proper procedure throughout the chain of custody--from incident response through analysis in the lab. A step-by-step guide to designing, building and using a digital forensics lab. A comprehensive guide for all roles in a digital forensics laboratoryBased on international standards and certifications. Print version record. Machine generated contents note: 1. Introduction -- 1.1. Introduction -- Appendix 1 Some Types of Cases Involving Digital Forensics -- Appendix 2 Growth of Hard Disk Drives for Personal Computers -- Appendix 3 Disk Drive Size Nomenclature -- 2. Forensic Laboratory Accommodation -- 2.1. The Building -- 2.2. Protecting Against External and Environmental Threats -- 2.3. Utilities and Services -- 2.4. Physical Security -- 2.5. Layout of the Forensic Laboratory -- Appendix 1 Sample Outline for a Business Case -- Appendix 2 Forensic Laboratory Physical Security Policy -- 3. Setting up the Forensic Laboratory -- 3.1. Setting up the Forensic Laboratory -- Appendix 1 The Forensic Laboratory ToR -- Appendix 2 Cross Reference between ISO 9001 and ISO 17025 -- Appendix 3 Conflict of Interest Policy -- Appendix 4 Quality Policy -- 4. The Forensic Laboratory Integrated Management System -- 4.1. Introduction -- 4.2. Benefits -- 4.3. The Forensic Laboratory IMS -- 4.4. The Forensic Laboratory Policies -- 4.5. Planning -- 4.6. Implementation and Operation -- 4.7. Performance Assessment -- 4.8. Continuous Improvement -- 4.9. Management Reviews -- Appendix 1 Mapping ISO Guide 72 Requirements to PAS 99 -- Appendix 2 PAS 99 Glossary -- Appendix 3 PAS 99 Mapping to IMS Procedures -- Appendix 4 The Forensic Laboratory Goal Statement -- Appendix 5 The Forensic Laboratory Baseline Measures -- Appendix 6 Environment Policy -- Appendix 7 Health and Safety Policy -- Appendix 8 Undue Influene Policy -- Appendix 9 Business Continuity Policy -- Appendix 10 Information Security Policy -- Appendix 11 Access Control Policy -- Appendix 12 Change or Termination Policy -- Appendix 13 Clear Desk and Clear Screen Policy -- Appendix 14 Continuous Improvement Policy -- Appendix 15 Cryptographic Control Policy -- Appendix 16 Document Retention Policy -- Appendix 17 Financial Management Policy -- Appendix 18 Mobile Devices Policy -- Appendix 19 Network Service Policy -- Appendix 20 Personnel Screening Policy -- Appendix 21 Relationship Management Policy -- Appendix 22 Release Management Policy -- Appendix 23 Service Management Policy -- Appendix 24 Service Reporting Policy -- Appendix 25 Third-Party Access Control Policy -- Appendix 26 Acceptable use Policy -- Appendix 27 Audit Committee -- Appendix 28 Business Continuity Committee -- Appendix 29 Environment Committee -- Appendix 30 Health and Safety Committee -- Appendix 31 Information Security Committee -- Appendix 32 Quality Committee -- Appendix 33 Risk Committee -- Appendix 34 Service Delivery Committee -- Appendix 35 Whistle Blowing Policy -- Appendix 36 Management Review Agenda -- Appendix 37 Document Control Checklist -- Appendix 38 Document Metadata -- Appendix 39 File-Naming Standards -- Appendix 40 Watermarks in Use in the Forensic Laboratory -- Appendix 41 Document Review Form -- Appendix 42 IMS Calendar -- Appendix 43 Audit Plan Letter -- Appendix 44 Audit Reporting Form -- Appendix 45 CAR/PAR Form -- Appendix 46 Opening Meeting Agenda -- Appendix 47 Closing Meeting Agenda -- Appendix 48 Audit Report Template -- Appendix 49 Root Causes for Non-Conformity -- 5. Risk Management -- 5.1. A Short History of Risk Management -- 5.2. An Information Security Risk Management Framework -- 5.3. Framework Stage 1 -- ISMS Policy -- 5.4. Framework Stage 2: Planning, Resourcing, and Communication -- 5.5. Framework Stage 3: Information Security Risk Management Process -- 5.6. Framework Stage 4: Implementation and Operational Procedures -- 5.7. Framework Stage 5: Follow-up Procedures -- Appendix 1 Sample Communication Plan -- Appendix 2 Sample Information Security Plan -- Appendix 3 Asset Type Examples -- Appendix 4 Asset Values -- Appendix 5 Consequences Table -- Appendix 6 Some Common Business Risks -- Appendix 7 Some Common Project Risks -- Appendix 8 Security Threat Examples -- Appendix 9 Common Security Vulnerabilities -- Appendix 10 Risk Management Policy -- Appendix 11 The IMS and ISMS Scope Document -- Appendix 12 Criticality Ratings -- Appendix 13 Likelihood of Occurrence -- Appendix 14 Risk Appetite -- Appendix 15 Security Controls from CobIT and NIST 800-53 -- Appendix 16 Information Classification -- Appendix 17 The Corporate Risk Register -- Appendix 18 Comparison between Qualitative and Quantitative Methods -- Appendix 19 Mapping Control Functions to ISO 27001 -- Appendix 20 Mapping Security Concerns to ISO 27001 -- Appendix 21 SoA Template -- Appendix 22 The Forensic Laboratory's Security Metrics Report -- Appendix 23 Mapping ISO 31000 and ISO 27001 to IMS Procedures -- 6. Quality in the Forensic Laboratory -- 6.1. Quality and Good Laboratory Practice -- 6.2. Management Requirements for Operating the Forensic Laboratory -- 6.3. ISO 9001 for the Forensic Laboratory -- 6.4. The Forensic Laboratory's QMS -- 6.5. Responsibilities in the QMS -- 6.6. Managing Sales -- 6.7. Product and Service Realization -- 6.8. Reviewing Deliverables -- 6.9. Signing Off a Case -- 6.10. Archiving a Case -- 6.11. Maintaining Client Confidentiality -- 6.12. Technical Requirements for the Forensic Laboratory -- 6.13. Measurement, Analysis, and Improvement -- 6.14. Managing Client Complaints -- Appendix 1 Mapping ISO 9001 to IMS Procedures -- Appendix 2 Mapping ISO 17025 to IMS Procedures -- Appendix 3 Mapping SWGDE Quality Requirements to IMS Procedures -- Appendix 4 Mapping NIST-150 Quality Requirements to IMS Procedures -- Appendix 5 Mapping ENFSI Quality Requirements to IMS Procedures -- Appendix 6 Mapping FSR Quality Requirements to IMS Procedures -- Appendix 7 Quality Manager, Job Description -- Appendix 8 Business Plan Template -- Appendix 9 Business KPIs -- Appendix 10 Quality Plan Contents -- Appendix 11 Induction Checklist Contents -- Appendix 12 Induction Feedback -- Appendix 13 Standard Proposal Template -- Appendix 14 Issues to Consider for Case Processing -- Appendix 15 Standard Quotation Contents -- Appendix 16 Standard Terms and Conditions -- Appendix 17 ERMS Client Areas -- Appendix 18 Cost Estimation Spreadsheet -- Appendix 19 Draft Review Form -- Appendix 20 Client Sign-Off and Feedback Form -- Appendix 21 Information Required for Registering a Complaint -- Appendix 22 Complaint Resolution Timescales -- Appendix 23 Complaint Metrics -- Appendix 24 Laboratory Manager, Job Description -- Appendix 25 Forensic Analyst, Job Description -- Appendix 26 Training Agenda -- Appendix 27 Some Individual Forensic Certifications -- Appendix 28 Minimum Equipment Records Required by ISO 17025 -- Appendix 29 Reference Case Tests -- Appendix 30 ISO 17025 Reporting Requirements -- Appendix 31 Standard Forensic Laboratory Report -- 7. IT Infrastructure -- 7.1. Hardware -- 7.2. Software -- 7.3. Infrastructure -- 7.4. Process Management -- 7.5. Hardware Management -- 7.6. Software Management -- 7.7. Network Management -- Appendix 1 Some Forensic Workstation Providers -- Appendix 2 Some Mobile Forensic Workstation Providers -- Appendix 3 Standard Build for a Forensic Workstation -- Appendix 4 Some Case Processing Tools -- Appendix 5 Policy for Securing IT Cabling -- Appendix 6 Policy for Siting and Protecting IT Equipment -- Appendix 7 ISO 20000-1 Mapping -- Appendix 8 Service Desk Manager, Job Description -- Appendix 9 Incident Manager, Job Description -- Appendix 10 Incident Status Levels -- Appendix 11 Incident Priority Levels -- Appendix 12 Service Desk Feedback Form -- Appendix 13 Problem Manager, Job Description -- Appendix 14 Contents of the Forensic Laboratory SIP -- Appendix 15 Change Categories -- Appendix 16 Change Manager, Job Description -- Appendix 17 Standard Requirements of a Request for Change -- Appendix 18 Emergency Change Policy -- Appendix 19 Release Management Policy -- Appendix 20 Release Manager, Job Description -- Appendix 21 Configuration Management Plan Contents -- Appendix 22 Configuration Management Policy -- Appendix 23 Configuration Manager, Job Description -- Appendix 24 Information Stored in the DSL and DHL -- Appendix 25 Capacity Manager, Job Description -- Appendix 26 Capacity Management Plan -- Appendix 27 Service Management Policy -- Appendix 28 Service Level Manager, Job Description -- Appendix 29 Service Reporting Policy -- Appendix 30 Policy for Maintaining and Servicing IT Equipment -- Appendix 31 ISO 17025 Tool Test Method Documentation -- Appendix 32 Standard Forensic Tool Tests -- Appendix 33 Forensic Tool Test Report Template -- Appendix 34 Overnight Backup Checklist -- 8. Incident Response -- 8.1. General -- 8.2. Evidence -- 8.3. Incident Response as a Process -- 8.4. Initial Contact -- 8.5. Types of First Response -- 8.6. The Incident Scene -- 8.7. Transportation to the Forensic Laboratory -- 8.8. Crime Scene and Seizure Reports -- 8.9. Postincident Review -- Appendix 1 Mapping ISO 17020 to IMS Procedures -- Appendix 2 First Response Briefing Agenda -- Appendix 3 Contents of the Grab Bag -- Appendix 4 New Case Form -- Appendix 5 First Responder Seizure Summary Log -- Appendix 6 Site Summary Form -- Appendix 7 Seizure Log -- Appendix 8 Evidence Locations in Devices and Media -- Appendix 9 Types of Evidence Typically Needed for a Case -- Appendix 10 The On/Off Rule. Note continued: Appendix 11 Some Types of Metadata That may be Recoverable from Digital Images -- Appendix 12 Countries with Different Fixed Line Telephone Connections -- Appendix 13 Some Interview Questions -- Appendix 14 Evidence Labeling -- Appendix 15 Forensic Preview Forms -- Appendix 16 A Traveling Forensic Laboratory -- Appendix 17 Movement Sheet -- Appendix 18 Incident Response Report -- Appendix 19 Postincident Review Agenda -- Appendix 20 Incident Processing Checklist -- 9. Case Processing -- 9.1. Introduction to Case Processing -- 9.2. Case Types -- 9.3. Precase Processing -- 9.4. Equipment Maintenance -- 9.5. Management Processes -- 9.6. Booking Exhibits in and out of the Secure Property Store -- 9.7. Starting a New Case -- 9.8. Preparing the Forensic Workstation -- 9.9. Imaging -- 9.10. Examination -- 9.11. Dual Tool Verification -- 9.12. Digital Time Stamping -- 9.13. Production of an Internal Case Report -- 9.14. Creating Exhibits -- 9.15. Producing a Case Report for External Use -- 9.16. Statements, Depositions, and Similar -- 9.17. Forensic Software Tools -- 9.18. Backing up and Archiving a Case -- 9.19. Disclosure -- 9.20. Disposal -- Appendix 1 Some International Forensic Good Practice -- Appendix 2 Some International and National Standards Relating to Digital Forensics -- Appendix 3 Hard Disk Log Details -- Appendix 4 Disk History Log -- Appendix 5 Tape Log Details -- Appendix 6 Tape History Log -- Appendix 7 Small Digital Media Log Details -- Appendix 8 Small Digital Media Device Log -- Appendix 9 Forensic Case Work Log -- Appendix 10 Case Processing KPIs -- Appendix 11 Contents of Sample Exhibit Rejection Letter -- Appendix 12 Sample Continuity Label Contents -- Appendix 13 Details of the Forensic Laboratory Property Log -- Appendix 14 Exhibit Acceptance Letter Template -- Appendix 15 Property Special Handling Log -- Appendix 16 Evidence Sought -- Appendix 17 Request for Forensic Examination -- Appendix 18 Client Virtual Case File Structure -- Appendix 19 Computer Details Log -- Appendix 20 Other Equipment Details Log -- Appendix 21 Hard Disk Details Log -- Appendix 22 Other Media Details Log -- Appendix 23 Cell Phone Details Log -- Appendix 24 Other Device Details Log -- Appendix 25 Some Evidence Found in Volatile Memory -- Appendix 26 Some File Metadata -- Appendix 27 Case Progress Checklist -- Appendix 28 Meeting the Requirements of HB 171 -- Appendix 29 Internal Case Report Template -- Appendix 30 Forensic Laboratory Exhibit Log -- Appendix 31 Report Production Checklist -- 10. Case Management -- 10.1. Overview -- 10.2. Hard Copy Forms -- 10.3. MARS -- 10.4. Setting up a New Case -- 10.5. Processing a Forensic Case -- 10.6. Reports General -- 10.7. Administrator's Reports -- 10.8. User Reports -- Appendix 1 Setting up Organisational Details -- Appendix 2 Set up the Administrator -- Appendix 3 Audit Reports -- Appendix 4 Manage Users -- Appendix 5 Manage Manufacturers -- Appendix 6 Manage Suppliers -- Appendix 7 Manage Clients -- Appendix 8 Manage Investigators -- Appendix 9 Manage Disks -- Appendix 10 Manage Tapes -- Appendix 11 Manage Small Digital Media -- Appendix 12 Exhibit Details -- Appendix 13 Evidence Sought -- Appendix 14 Estimates -- Appendix 15 Accept or Reject Case -- Appendix 16 Movement Log -- Appendix 17 Examination Log -- Appendix 18 Computer Hardware Details -- Appendix 19 Non-Computer Exhibit Details -- Appendix 20 Hard Disk Details -- Appendix 21 Other Media Details -- Appendix 22 Work Record Details -- Appendix 23 Updating Case Estimates -- Appendix 24 Create Exhibit -- Appendix 25 Case Result -- Appendix 26 Case Backup -- Appendix 27 Billing and Feedback -- Appendix 28 Feedback Received -- Appendix 29 Organization Report -- Appendix 30 Users Report -- Appendix 31 Manufacturers Report -- Appendix 32 Supplier Report -- Appendix 33 Clients Report -- Appendix 34 Investigator's Report -- Appendix 35 Disks by Assignment Report -- Appendix 36 Disks by Reference Number Report -- Appendix 37 Wiped Disks Report -- Appendix 38 Disposed Disks Report -- Appendix 39 Disk History Report -- Appendix 40 Tapes by Assignment Report -- Appendix 41 Tapes by Reference Number Report -- Appendix 42 Wiped Tapes Report -- Appendix 43 Disposed Tapes Report -- Appendix 44 Tape History Report -- Appendix 45 Small Digital Media by Assignment Report -- Appendix 46 Small Digital Media by Reference Number Report -- Appendix 47 Wiped Small Digital Media Report -- Appendix 48 Disposed Small Digital Media Report -- Appendix 49 Small Digital Media History Report -- Appendix 50 Wipe Methods Report -- Appendix 51 Disposal Methods Report -- Appendix 52 Imaging Methods Report -- Appendix 53 Operating Systems Report -- Appendix 54 Media Types Report -- Appendix 55 Exhibit Type Report -- Appendix 56 Case Setup Details Report -- Appendix 57 Case Movement Report -- Appendix 58 Case Computers Report -- Appendix 59 Case Non-Computer Evidence Report -- Appendix 60 Case Disks Received Report -- Appendix 61 Case Other Media Received -- Appendix 62 Case Exhibits Received Report -- Appendix 63 Case Work Record -- Appendix 64 Cases Rejected Report -- Appendix 65 Cases Accepted -- Appendix 66 Case Estimates Report -- Appendix 67 Cases by Forensic Analyst -- Appendix 68 Cases by Client Report -- Appendix 69 Cases by Investigator Report -- Appendix 70 Case Target Dates Report -- Appendix 71 Cases Within "x" Days of Target Date Report -- Appendix 72 Cases Past Target Date Report -- Appendix 73 Cases Unassigned Report -- Appendix 74 Case Exhibits Produced Report -- Appendix 75 Case Results Report -- Appendix 76 Case Backups Report -- Appendix 77 Billing Run Report -- Appendix 78 Feedback Letters -- Appendix 79 Feedback Forms Printout -- Appendix 80 Feedback Reporting Summary by Case -- Appendix 81 Feedback Reporting Summary by Forensic Analyst -- Appendix 82 Feedback Reporting Summary by Client -- Appendix 83 Complete Case Report -- Appendix 84 Processed Report -- Appendix 85 Insurance Report -- 11. Evidence Presentation -- 11.1. Overview -- 11.2. Notes -- 11.3. Evidence -- 11.4. Types of Witness -- 11.5. Reports -- 11.6. Testimony in Court -- 11.7. Why Cases Fail -- Appendix 1 Nations Ratifying the Budapest Convention -- Appendix 2 Criteria for Selection an Expert Witness -- Appendix 3 The Forensic Laboratory Code of Conduct for Expert Witnesses -- Appendix 4 Report Writing Checklist -- Appendix 5 Statement and Deposition Writing Checklist -- Appendix 6 Non-Verbal Communication to Avoid -- Appendix 7 Etiquette in Court -- Appendix 8 Testimony Feedback Form -- 12. Secure Working Practices -- 12.1. Introduction -- 12.2. Principles of Information Security within the Forensic Laboratory -- 12.3. Managing Information Security in the Forensic Laboratory -- 12.4. Physical Security in the Forensic Laboratory -- 12.5. Managing Service Delivery -- 12.6. Managing System Access -- 12.7. Managing Information on Public Systems -- 12.8. Securely Managing IT Systems -- 12.9. Information Processing Systems Development and Maintenance -- Appendix 1 The Forensic Laboratory SoA -- Appendix 2 Meeting the Requirements of GAISP -- Appendix 3 Software License Database Information Held -- Appendix 4 Information Security Manager, Job Description -- Appendix 5 Logon Banner -- Appendix 6 The Forensic Laboratory's Security Objectives -- Appendix 7 Asset Details to be Recorded in the Asset Register -- Appendix 8 Details Required for Removal of an Asset -- Appendix 9 Handling Classified Assets -- Appendix 10 Asset Disposal Form -- Appendix 11 Visitor Checklist -- Appendix 12 Rules of the Data Center -- Appendix 13 User Account Management Form Contents -- Appendix 14 Teleworking Request Form Contents -- 13. Ensuring Continuity of Operations -- 13.1. Business Justification for Ensuring Continuity of Operations -- 13.2. Management Commitment -- 13.3. Training and Competence -- 13.4. Determining the Business Continuity Strategy -- 13.5. Developing and Implementing a Business Continuity Management Response -- 13.6. Exercising, Maintaining, and Reviewing Business Continuity Arrangements -- 13.7. Maintaining and Improving the BCMS -- 13.8. Embedding Business Continuity Forensic Laboratory Processes -- 13.9. BCMS Documentation and Records -- General -- Appendix 1 Supplier Details Held -- Appendix 2 Headings for Financial and Security Questionnaire -- Appendix 3 Business Continuity Manager, Job Description -- Appendix 4 Contents of the Forensic Laboratory BIA Form -- Appendix 5 Proposed BCMS Development and Certification Timescales -- Appendix 6 Incident Scenarios -- Appendix 7 Strategy Options -- Appendix 8 Standard Forensic Laboratory BCP Contents -- Appendix 9 Table of Contents to the Appendix to a BCP -- Appendix 10 BCP Change List Contents -- Appendix 11 BCP Scenario Plan Contents -- Appendix 12 BCP Review Report Template Contents -- Appendix 13 Mapping IMS Procedures to ISO 22301 -- Appendix 14 Differences between ISO 22301 and BS 25999 -- 14. Managing Business Relationships -- 14.1. The Need for Third Parties -- 14.2. Clients -- 14.3. Third Parties Accessing the Forensic Laboratory. Note continued: 14.4. Managing Service Level Agreements -- 14.5. Suppliers of Office and IT Products and Services -- 14.6. Utility Service Providers -- 14.7. Contracted Forensic Consultants and Expert Witnesses -- 14.8. Outsourcing -- 14.9. Use of Sub-Contractors -- 14.10. Managing Complaints -- 14.11. Reasons for Outsourcing Failure -- Appendix 1 Contents of a Service Plan -- Appendix 2 Risks to Consider with Third Parties -- Appendix 3 Contract Checklist for Information Security Issues -- Appendix 4 SLA Template for Products and Services for Clients -- Appendix 5 RFx Descriptions -- Appendix 6 The Forensic Laboratory RFx Template Checklist -- Appendix 7 RFx Timeline for Response, Evaluation, and Selection -- Appendix 8 Forensic Consultant's Personal Attributes -- Appendix 9 Some Tips for Selecting an Outsourcing Service Provider -- Appendix 10 Areas to Consider for Outsourcing Contracts -- 15. Effective Records Management -- 15.1. Introduction -- 15.2. Legislative, Regulatory, and Other Requirements -- 15.3. Record Characteristics -- 15.4. A Records Management Policy -- 15.5. Defining the Requirements for Records Management in the Forensic Laboratory -- 15.6. Determining Forensic Laboratory Records to be Managed by the ERMS -- 15.7. Using Metadata in the Forensic Laboratory -- 15.8. Record Management Procedures -- 15.9. Business Continuity -- Appendix 1 MoReq2 Functional Requirements -- Appendix 2 Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures -- Appendix 3 Types of Legislation and Regulation that will Affect Record Keeping -- Appendix 4 Forensic Laboratory Record Keeping Policy -- Appendix 5 Record Management System Objectives -- Appendix 6 Business Case Contents -- Appendix 7 Outline of the ERMS Project -- Appendix 8 Selection Criteria for an ERMS -- Appendix 9 Initial ERMS Feedback Questionnaire -- Appendix 10 Metadata Required in the ERMS -- Appendix 11 Sample E-mail Metadata -- Appendix 12 Forensic Case Records Stored in the ERMS -- Appendix 13 Dublin Core Metadata Elements -- Appendix 14 National Archives of Australia Metadata Standard -- Appendix 15 Responsibilities for Records Management in the Forensic Laboratory -- Appendix 16 Metadata for Records Stored Off-Site -- Appendix 17 Records Classification System -- Appendix 18 Disposition Authorization -- Appendix 19 Additional Requirements for Physical Record Recovery -- Appendix 20 Specialized Equipment Needed for Inspection and Recovery of Damaged Records -- 16. Performance Assessment -- 16.1. Overview -- 16.2. Performance Assessment -- 17. Health and Safety Procedures -- 17.1. General -- 17.2. Planning for OH & S -- 17.3. Implementation and Operation of the OH & S Management System -- 17.4. Checking Compliance with OH & S Requirements -- 17.5. Improving the OH & S Management System -- Appendix 1 OH & S Policy Checklist -- Appendix 2 The Forensic Laboratory OH & S Policy -- Appendix 3 Health and Safety Manager Job Description -- Appendix 4 Some Examples of OH & S Drivers -- Appendix 5 The Forensic Laboratory OH & S Objectives -- Appendix 6 Sample Hazards in the Forensic Laboratory -- Appendix 7 Hazard Identification Form -- Appendix 8 Some Areas for Inspection for Hazards -- Appendix 9 Inputs to the Risk Assessment Process -- Appendix 10 OH & S Risk Rating -- Appendix 11 DSE Initial Workstation Self-Assessment Checklist -- Appendix 12 DSE Training Syllabus -- Appendix 13 DSE Assessors Checklist -- Appendix 14 Measurement of OH & S Success -- Appendix 15 Specific OH & S Incident Reporting Requirements -- Appendix 16 OH & S Investigation Checklist and Form Contents -- Appendix 17 OH & S Incident Review -- Appendix 18 OHSAS 18001 Mapping to IMS Procedures -- 18. Human Resources -- 18.1. Employee Development -- 18.2. Development -- 18.3. Termination -- Appendix 1 Training Feedback Form -- Appendix 2 Employee Security Screening Policy Checklist -- Appendix 3 Employment Application Form -- Appendix 4 Employment Application Form Notes -- Appendix 5 Some Documents that can Verify Identity -- Appendix 6 Document Authenticity Checklist -- Appendix 7 Verifying Addresses -- Appendix 8 Right to Work Checklist -- Appendix 9 Reference Authorization -- Appendix 10 Statutory Declaration -- Appendix 11 Employer Reference Form -- Appendix 12 Employer's Oral Reference Form -- Appendix 13 Confirmation of an Oral Reference Letter -- Appendix 14 Qualification Verification Checklist -- Appendix 15 Criminal Record Declaration Checklist -- Appendix 16 Personal Reference Form -- Appendix 17 Personal Oral Reference Form -- Appendix 18 Other Reference Form -- Appendix 19 Other Reference Form -- Appendix 20 Employee Security Screening File -- Appendix 21 Top Management Acceptance of Employment Risk -- Appendix 22 Third-Party Employee Security Screening Provider Checklist -- Appendix 23 Recruitment Agency Contract Checklist -- Appendix 24 Investigation Manager, Job Description -- Appendix 25 Forensic Laboratory System Administrator, Job Description -- Appendix 26 Employee, Job Description -- Appendix 27 Areas of Technical Competence -- Appendix 28 Some Professional Forensic and Security Organizations -- Appendix 29 Training Specification Template -- Appendix 30 Training Proposal Evaluation Checklist -- Appendix 31 Training Supplier Interview and Presentation Checklist -- Appendix 32 Training Reaction Level Questionnaire -- Appendix 33 The Forensic Laboratory Code of Ethics -- Appendix 34 Termination Checklist -- 19. Accreditation and Certification for a Forensic Laboratory -- 19.1. Accreditation and Certification -- 19.2. Accreditation for a Forensic Laboratory -- 19.3. Certification for a Forensic Laboratory -- Appendix 1 Typical Conditions of Accreditation -- Appendix 2 Contents of an Audit Response -- Appendix 3 Management System Assessment Non-Conformance Examples -- Appendix 4 Typical Closeout Periods -- 20. Emerging Issues -- 20.1. Introduction -- 20.2. Specific Challenges. English. Computer crimes Investigation. http://id.loc.gov/authorities/subjects/sh85029493 Evidence preservation Standards. Forensic sciences Standards. Computer science. http://id.loc.gov/authorities/subjects/sh89003285 Electronic data processing. http://id.loc.gov/authorities/subjects/sh85042288 Criminalité informatique Enquêtes. Preuve (Droit pénal) Conservation Normes. Criminalistique Normes. Informatique. computer science. aat data processing. aat Electronic data processing fast Computer crimes Investigation fast Computer science fast Jones, Andrew. Print version: 9781597497428 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=485049 Volltext FWS01 ZDB-4-EBA FWS_PDA_EBA https://www.sciencedirect.com/science/book/9781597497428 Volltext
spellingShingle	Watson, David (David Lilburn) Digital forensics processing and procedures : meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements / Introduction -- Some Types of Cases Involving Digital Forensics -- Growth of Hard Disk Drives for Personal Computers -- Disk Drive Size Nomenclature -- Forensic Laboratory Accommodation -- The Building -- Protecting Against External and Environmental Threats -- Utilities and Services -- Physical Security -- Layout of the Forensic Laboratory -- Sample Outline for a Business Case -- Forensic Laboratory Physical Security Policy -- Setting up the Forensic Laboratory -- The Forensic Laboratory ToR -- Cross Reference between ISO 9001 and ISO 17025 -- Conflict of Interest Policy -- Quality Policy -- The Forensic Laboratory Integrated Management System -- Benefits -- The Forensic Laboratory IMS -- The Forensic Laboratory Policies -- Planning -- Implementation and Operation -- Performance Assessment -- Continuous Improvement -- Management Reviews -- Mapping ISO Guide 72 Requirements to PAS 99 -- PAS 99 Glossary -- PAS 99 Mapping to IMS Procedures -- The Forensic Laboratory Goal Statement -- The Forensic Laboratory Baseline Measures -- Environment Policy -- Health and Safety Policy -- Undue Influene Policy -- Business Continuity Policy -- Information Security Policy -- Access Control Policy -- Change or Termination Policy -- Clear Desk and Clear Screen Policy -- Continuous Improvement Policy -- Cryptographic Control Policy -- Document Retention Policy -- Financial Management Policy -- Mobile Devices Policy -- Network Service Policy -- Personnel Screening Policy -- Relationship Management Policy -- Release Management Policy -- Service Management Policy -- Service Reporting Policy -- Third-Party Access Control Policy -- Acceptable use Policy -- Audit Committee -- Business Continuity Committee -- Environment Committee -- Health and Safety Committee -- Information Security Committee -- Quality Committee -- Risk Committee -- Service Delivery Committee -- Whistle Blowing Policy -- Management Review Agenda -- Document Control Checklist -- Document Metadata -- File-Naming Standards -- Watermarks in Use in the Forensic Laboratory -- Document Review Form -- IMS Calendar -- Audit Plan Letter -- Audit Reporting Form -- CAR/PAR Form -- Opening Meeting Agenda -- Closing Meeting Agenda -- Audit Report Template -- Root Causes for Non-Conformity -- Risk Management -- A Short History of Risk Management -- An Information Security Risk Management Framework -- Framework Stage 1 -- ISMS Policy -- Framework Stage 2: Planning, Resourcing, and Communication -- Framework Stage 3: Information Security Risk Management Process -- Framework Stage 4: Implementation and Operational Procedures -- Framework Stage 5: Follow-up Procedures -- Sample Communication Plan -- Sample Information Security Plan -- Asset Type Examples -- Asset Values -- Consequences Table -- Some Common Business Risks -- Some Common Project Risks -- Security Threat Examples -- Common Security Vulnerabilities -- Risk Management Policy -- The IMS and ISMS Scope Document -- Criticality Ratings -- Likelihood of Occurrence -- Risk Appetite -- Security Controls from CobIT and NIST 800-53 -- Information Classification -- The Corporate Risk Register -- Comparison between Qualitative and Quantitative Methods -- Mapping Control Functions to ISO 27001 -- Mapping Security Concerns to ISO 27001 -- SoA Template -- The Forensic Laboratory's Security Metrics Report -- Mapping ISO 31000 and ISO 27001 to IMS Procedures -- Quality in the Forensic Laboratory -- Quality and Good Laboratory Practice -- Management Requirements for Operating the Forensic Laboratory -- ISO 9001 for the Forensic Laboratory -- The Forensic Laboratory's QMS -- Responsibilities in the QMS -- Managing Sales -- Product and Service Realization -- Reviewing Deliverables -- Signing Off a Case -- Archiving a Case -- Maintaining Client Confidentiality -- Technical Requirements for the Forensic Laboratory -- Measurement, Analysis, and Improvement -- Managing Client Complaints -- Mapping ISO 9001 to IMS Procedures -- Mapping ISO 17025 to IMS Procedures -- Mapping SWGDE Quality Requirements to IMS Procedures -- Mapping NIST-150 Quality Requirements to IMS Procedures -- Mapping ENFSI Quality Requirements to IMS Procedures -- Mapping FSR Quality Requirements to IMS Procedures -- Quality Manager, Job Description -- Business Plan Template -- Business KPIs -- Quality Plan Contents -- Induction Checklist Contents -- Induction Feedback -- Standard Proposal Template -- Issues to Consider for Case Processing -- Standard Quotation Contents -- Standard Terms and Conditions -- ERMS Client Areas -- Cost Estimation Spreadsheet -- Draft Review Form -- Client Sign-Off and Feedback Form -- Information Required for Registering a Complaint -- Complaint Resolution Timescales -- Complaint Metrics -- Laboratory Manager, Job Description -- Forensic Analyst, Job Description -- Training Agenda -- Some Individual Forensic Certifications -- Minimum Equipment Records Required by ISO 17025 -- Reference Case Tests -- ISO 17025 Reporting Requirements -- Standard Forensic Laboratory Report -- IT Infrastructure -- Hardware -- Software -- Infrastructure -- Process Management -- Hardware Management -- Software Management -- Network Management -- Some Forensic Workstation Providers -- Some Mobile Forensic Workstation Providers -- Standard Build for a Forensic Workstation -- Some Case Processing Tools -- Policy for Securing IT Cabling -- Policy for Siting and Protecting IT Equipment -- ISO 20000-1 Mapping -- Service Desk Manager, Job Description -- Incident Manager, Job Description -- Incident Status Levels -- Incident Priority Levels -- Service Desk Feedback Form -- Problem Manager, Job Description -- Contents of the Forensic Laboratory SIP -- Change Categories -- Change Manager, Job Description -- Standard Requirements of a Request for Change -- Emergency Change Policy -- Release Manager, Job Description -- Configuration Management Plan Contents -- Configuration Management Policy -- Configuration Manager, Job Description -- Information Stored in the DSL and DHL -- Capacity Manager, Job Description -- Capacity Management Plan -- Service Management Policy -- Service Level Manager, Job Description -- Policy for Maintaining and Servicing IT Equipment -- ISO 17025 Tool Test Method Documentation -- Standard Forensic Tool Tests -- Forensic Tool Test Report Template -- Overnight Backup Checklist -- Incident Response -- General -- Evidence -- Incident Response as a Process -- Initial Contact -- Types of First Response -- The Incident Scene -- Transportation to the Forensic Laboratory -- Crime Scene and Seizure Reports -- Postincident Review -- Mapping ISO 17020 to IMS Procedures -- First Response Briefing Agenda -- Contents of the Grab Bag -- New Case Form -- First Responder Seizure Summary Log -- Site Summary Form -- Seizure Log -- Evidence Locations in Devices and Media -- Types of Evidence Typically Needed for a Case -- The On/Off Rule. Some Types of Metadata That may be Recoverable from Digital Images -- Countries with Different Fixed Line Telephone Connections -- Some Interview Questions -- Evidence Labeling -- Forensic Preview Forms -- A Traveling Forensic Laboratory -- Movement Sheet -- Incident Response Report -- Postincident Review Agenda -- Incident Processing Checklist -- Case Processing -- Introduction to Case Processing -- Case Types -- Precase Processing -- Equipment Maintenance -- Management Processes -- Booking Exhibits in and out of the Secure Property Store -- Starting a New Case -- Preparing the Forensic Workstation -- Imaging -- Examination -- Dual Tool Verification -- Digital Time Stamping -- Production of an Internal Case Report -- Creating Exhibits -- Producing a Case Report for External Use -- Statements, Depositions, and Similar -- Forensic Software Tools -- Backing up and Archiving a Case -- Disclosure -- Disposal -- Some International Forensic Good Practice -- Some International and National Standards Relating to Digital Forensics -- Hard Disk Log Details -- Disk History Log -- Tape Log Details -- Tape History Log -- Small Digital Media Log Details -- Small Digital Media Device Log -- Forensic Case Work Log -- Case Processing KPIs -- Contents of Sample Exhibit Rejection Letter -- Sample Continuity Label Contents -- Details of the Forensic Laboratory Property Log -- Exhibit Acceptance Letter Template -- Property Special Handling Log -- Evidence Sought -- Request for Forensic Examination -- Client Virtual Case File Structure -- Computer Details Log -- Other Equipment Details Log -- Hard Disk Details Log -- Other Media Details Log -- Cell Phone Details Log -- Other Device Details Log -- Some Evidence Found in Volatile Memory -- Some File Metadata -- Case Progress Checklist -- Meeting the Requirements of HB 171 -- Internal Case Report Template -- Forensic Laboratory Exhibit Log -- Report Production Checklist -- Case Management -- Overview -- Hard Copy Forms -- MARS -- Setting up a New Case -- Processing a Forensic Case -- Reports General -- Administrator's Reports -- User Reports -- Setting up Organisational Details -- Set up the Administrator -- Audit Reports -- Manage Users -- Manage Manufacturers -- Manage Suppliers -- Manage Clients -- Manage Investigators -- Manage Disks -- Manage Tapes -- Manage Small Digital Media -- Exhibit Details -- Estimates -- Accept or Reject Case -- Movement Log -- Examination Log -- Computer Hardware Details -- Non-Computer Exhibit Details -- Hard Disk Details -- Other Media Details -- Work Record Details -- Updating Case Estimates -- Create Exhibit -- Case Result -- Case Backup -- Billing and Feedback -- Feedback Received -- Organization Report -- Users Report -- Manufacturers Report -- Supplier Report -- Clients Report -- Investigator's Report -- Disks by Assignment Report -- Disks by Reference Number Report -- Wiped Disks Report -- Disposed Disks Report -- Disk History Report -- Tapes by Assignment Report -- Tapes by Reference Number Report -- Wiped Tapes Report -- Disposed Tapes Report -- Tape History Report -- Small Digital Media by Assignment Report -- Small Digital Media by Reference Number Report -- Wiped Small Digital Media Report -- Disposed Small Digital Media Report -- Small Digital Media History Report -- Wipe Methods Report -- Disposal Methods Report -- Imaging Methods Report -- Operating Systems Report -- Media Types Report -- Exhibit Type Report -- Case Setup Details Report -- Case Movement Report -- Case Computers Report -- Case Non-Computer Evidence Report -- Case Disks Received Report -- Case Other Media Received -- Case Exhibits Received Report -- Case Work Record -- Cases Rejected Report -- Cases Accepted -- Case Estimates Report -- Cases by Forensic Analyst -- Cases by Client Report -- Cases by Investigator Report -- Case Target Dates Report -- Cases Within "x" Days of Target Date Report -- Cases Past Target Date Report -- Cases Unassigned Report -- Case Exhibits Produced Report -- Case Results Report -- Case Backups Report -- Billing Run Report -- Feedback Letters -- Feedback Forms Printout -- Feedback Reporting Summary by Case -- Feedback Reporting Summary by Forensic Analyst -- Feedback Reporting Summary by Client -- Complete Case Report -- Processed Report -- Insurance Report -- Evidence Presentation -- Notes -- Types of Witness -- Reports -- Testimony in Court -- Why Cases Fail -- Nations Ratifying the Budapest Convention -- Criteria for Selection an Expert Witness -- The Forensic Laboratory Code of Conduct for Expert Witnesses -- Report Writing Checklist -- Statement and Deposition Writing Checklist -- Non-Verbal Communication to Avoid -- Etiquette in Court -- Testimony Feedback Form -- Secure Working Practices -- Principles of Information Security within the Forensic Laboratory -- Managing Information Security in the Forensic Laboratory -- Physical Security in the Forensic Laboratory -- Managing Service Delivery -- Managing System Access -- Managing Information on Public Systems -- Securely Managing IT Systems -- Information Processing Systems Development and Maintenance -- The Forensic Laboratory SoA -- Meeting the Requirements of GAISP -- Software License Database Information Held -- Information Security Manager, Job Description -- Logon Banner -- The Forensic Laboratory's Security Objectives -- Asset Details to be Recorded in the Asset Register -- Details Required for Removal of an Asset -- Handling Classified Assets -- Asset Disposal Form -- Visitor Checklist -- Rules of the Data Center -- User Account Management Form Contents -- Teleworking Request Form Contents -- Ensuring Continuity of Operations -- Business Justification for Ensuring Continuity of Operations -- Management Commitment -- Training and Competence -- Determining the Business Continuity Strategy -- Developing and Implementing a Business Continuity Management Response -- Exercising, Maintaining, and Reviewing Business Continuity Arrangements -- Maintaining and Improving the BCMS -- Embedding Business Continuity Forensic Laboratory Processes -- BCMS Documentation and Records -- General -- Supplier Details Held -- Headings for Financial and Security Questionnaire -- Business Continuity Manager, Job Description -- Contents of the Forensic Laboratory BIA Form -- Proposed BCMS Development and Certification Timescales -- Incident Scenarios -- Strategy Options -- Standard Forensic Laboratory BCP Contents -- Table of Contents to the Appendix to a BCP -- BCP Change List Contents -- BCP Scenario Plan Contents -- BCP Review Report Template Contents -- Mapping IMS Procedures to ISO 22301 -- Differences between ISO 22301 and BS 25999 -- Managing Business Relationships -- The Need for Third Parties -- Clients -- Third Parties Accessing the Forensic Laboratory. Managing Service Level Agreements -- Suppliers of Office and IT Products and Services -- Utility Service Providers -- Contracted Forensic Consultants and Expert Witnesses -- Outsourcing -- Use of Sub-Contractors -- Managing Complaints -- Reasons for Outsourcing Failure -- Contents of a Service Plan -- Risks to Consider with Third Parties -- Contract Checklist for Information Security Issues -- SLA Template for Products and Services for Clients -- RFx Descriptions -- The Forensic Laboratory RFx Template Checklist -- RFx Timeline for Response, Evaluation, and Selection -- Forensic Consultant's Personal Attributes -- Some Tips for Selecting an Outsourcing Service Provider -- Areas to Consider for Outsourcing Contracts -- Effective Records Management -- Legislative, Regulatory, and Other Requirements -- Record Characteristics -- A Records Management Policy -- Defining the Requirements for Records Management in the Forensic Laboratory -- Determining Forensic Laboratory Records to be Managed by the ERMS -- Using Metadata in the Forensic Laboratory -- Record Management Procedures -- Business Continuity -- MoReq2 Functional Requirements -- Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures -- Types of Legislation and Regulation that will Affect Record Keeping -- Forensic Laboratory Record Keeping Policy -- Record Management System Objectives -- Business Case Contents -- Outline of the ERMS Project -- Selection Criteria for an ERMS -- Initial ERMS Feedback Questionnaire -- Metadata Required in the ERMS -- Sample E-mail Metadata -- Forensic Case Records Stored in the ERMS -- Dublin Core Metadata Elements -- National Archives of Australia Metadata Standard -- Responsibilities for Records Management in the Forensic Laboratory -- Metadata for Records Stored Off-Site -- Records Classification System -- Disposition Authorization -- Additional Requirements for Physical Record Recovery -- Specialized Equipment Needed for Inspection and Recovery of Damaged Records -- Health and Safety Procedures -- Planning for OH & S -- Implementation and Operation of the OH & S Management System -- Checking Compliance with OH & S Requirements -- Improving the OH & S Management System -- OH & S Policy Checklist -- The Forensic Laboratory OH & S Policy -- Health and Safety Manager Job Description -- Some Examples of OH & S Drivers -- The Forensic Laboratory OH & S Objectives -- Sample Hazards in the Forensic Laboratory -- Hazard Identification Form -- Some Areas for Inspection for Hazards -- Inputs to the Risk Assessment Process -- OH & S Risk Rating -- DSE Initial Workstation Self-Assessment Checklist -- DSE Training Syllabus -- DSE Assessors Checklist -- Measurement of OH & S Success -- Specific OH & S Incident Reporting Requirements -- OH & S Investigation Checklist and Form Contents -- OH & S Incident Review -- OHSAS 18001 Mapping to IMS Procedures -- Human Resources -- Employee Development -- Development -- Termination -- Training Feedback Form -- Employee Security Screening Policy Checklist -- Employment Application Form -- Employment Application Form Notes -- Some Documents that can Verify Identity -- Document Authenticity Checklist -- Verifying Addresses -- Right to Work Checklist -- Reference Authorization -- Statutory Declaration -- Employer Reference Form -- Employer's Oral Reference Form -- Confirmation of an Oral Reference Letter -- Qualification Verification Checklist -- Criminal Record Declaration Checklist -- Personal Reference Form -- Personal Oral Reference Form -- Other Reference Form -- Employee Security Screening File -- Top Management Acceptance of Employment Risk -- Third-Party Employee Security Screening Provider Checklist -- Recruitment Agency Contract Checklist -- Investigation Manager, Job Description -- Forensic Laboratory System Administrator, Job Description -- Employee, Job Description -- Areas of Technical Competence -- Some Professional Forensic and Security Organizations -- Training Specification Template -- Training Proposal Evaluation Checklist -- Training Supplier Interview and Presentation Checklist -- Training Reaction Level Questionnaire -- The Forensic Laboratory Code of Ethics -- Termination Checklist -- Accreditation and Certification for a Forensic Laboratory -- Accreditation and Certification -- Accreditation for a Forensic Laboratory -- Certification for a Forensic Laboratory -- Typical Conditions of Accreditation -- Contents of an Audit Response -- Management System Assessment Non-Conformance Examples -- Typical Closeout Periods -- Emerging Issues -- Specific Challenges. Computer crimes Investigation. http://id.loc.gov/authorities/subjects/sh85029493 Evidence preservation Standards. Forensic sciences Standards. Computer science. http://id.loc.gov/authorities/subjects/sh89003285 Electronic data processing. http://id.loc.gov/authorities/subjects/sh85042288 Criminalité informatique Enquêtes. Preuve (Droit pénal) Conservation Normes. Criminalistique Normes. Informatique. computer science. aat data processing. aat Electronic data processing fast Computer crimes Investigation fast Computer science fast
subject_GND	http://id.loc.gov/authorities/subjects/sh85029493 http://id.loc.gov/authorities/subjects/sh89003285 http://id.loc.gov/authorities/subjects/sh85042288
title	Digital forensics processing and procedures : meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements /
title_alt	Introduction -- Some Types of Cases Involving Digital Forensics -- Growth of Hard Disk Drives for Personal Computers -- Disk Drive Size Nomenclature -- Forensic Laboratory Accommodation -- The Building -- Protecting Against External and Environmental Threats -- Utilities and Services -- Physical Security -- Layout of the Forensic Laboratory -- Sample Outline for a Business Case -- Forensic Laboratory Physical Security Policy -- Setting up the Forensic Laboratory -- The Forensic Laboratory ToR -- Cross Reference between ISO 9001 and ISO 17025 -- Conflict of Interest Policy -- Quality Policy -- The Forensic Laboratory Integrated Management System -- Benefits -- The Forensic Laboratory IMS -- The Forensic Laboratory Policies -- Planning -- Implementation and Operation -- Performance Assessment -- Continuous Improvement -- Management Reviews -- Mapping ISO Guide 72 Requirements to PAS 99 -- PAS 99 Glossary -- PAS 99 Mapping to IMS Procedures -- The Forensic Laboratory Goal Statement -- The Forensic Laboratory Baseline Measures -- Environment Policy -- Health and Safety Policy -- Undue Influene Policy -- Business Continuity Policy -- Information Security Policy -- Access Control Policy -- Change or Termination Policy -- Clear Desk and Clear Screen Policy -- Continuous Improvement Policy -- Cryptographic Control Policy -- Document Retention Policy -- Financial Management Policy -- Mobile Devices Policy -- Network Service Policy -- Personnel Screening Policy -- Relationship Management Policy -- Release Management Policy -- Service Management Policy -- Service Reporting Policy -- Third-Party Access Control Policy -- Acceptable use Policy -- Audit Committee -- Business Continuity Committee -- Environment Committee -- Health and Safety Committee -- Information Security Committee -- Quality Committee -- Risk Committee -- Service Delivery Committee -- Whistle Blowing Policy -- Management Review Agenda -- Document Control Checklist -- Document Metadata -- File-Naming Standards -- Watermarks in Use in the Forensic Laboratory -- Document Review Form -- IMS Calendar -- Audit Plan Letter -- Audit Reporting Form -- CAR/PAR Form -- Opening Meeting Agenda -- Closing Meeting Agenda -- Audit Report Template -- Root Causes for Non-Conformity -- Risk Management -- A Short History of Risk Management -- An Information Security Risk Management Framework -- Framework Stage 1 -- ISMS Policy -- Framework Stage 2: Planning, Resourcing, and Communication -- Framework Stage 3: Information Security Risk Management Process -- Framework Stage 4: Implementation and Operational Procedures -- Framework Stage 5: Follow-up Procedures -- Sample Communication Plan -- Sample Information Security Plan -- Asset Type Examples -- Asset Values -- Consequences Table -- Some Common Business Risks -- Some Common Project Risks -- Security Threat Examples -- Common Security Vulnerabilities -- Risk Management Policy -- The IMS and ISMS Scope Document -- Criticality Ratings -- Likelihood of Occurrence -- Risk Appetite -- Security Controls from CobIT and NIST 800-53 -- Information Classification -- The Corporate Risk Register -- Comparison between Qualitative and Quantitative Methods -- Mapping Control Functions to ISO 27001 -- Mapping Security Concerns to ISO 27001 -- SoA Template -- The Forensic Laboratory's Security Metrics Report -- Mapping ISO 31000 and ISO 27001 to IMS Procedures -- Quality in the Forensic Laboratory -- Quality and Good Laboratory Practice -- Management Requirements for Operating the Forensic Laboratory -- ISO 9001 for the Forensic Laboratory -- The Forensic Laboratory's QMS -- Responsibilities in the QMS -- Managing Sales -- Product and Service Realization -- Reviewing Deliverables -- Signing Off a Case -- Archiving a Case -- Maintaining Client Confidentiality -- Technical Requirements for the Forensic Laboratory -- Measurement, Analysis, and Improvement -- Managing Client Complaints -- Mapping ISO 9001 to IMS Procedures -- Mapping ISO 17025 to IMS Procedures -- Mapping SWGDE Quality Requirements to IMS Procedures -- Mapping NIST-150 Quality Requirements to IMS Procedures -- Mapping ENFSI Quality Requirements to IMS Procedures -- Mapping FSR Quality Requirements to IMS Procedures -- Quality Manager, Job Description -- Business Plan Template -- Business KPIs -- Quality Plan Contents -- Induction Checklist Contents -- Induction Feedback -- Standard Proposal Template -- Issues to Consider for Case Processing -- Standard Quotation Contents -- Standard Terms and Conditions -- ERMS Client Areas -- Cost Estimation Spreadsheet -- Draft Review Form -- Client Sign-Off and Feedback Form -- Information Required for Registering a Complaint -- Complaint Resolution Timescales -- Complaint Metrics -- Laboratory Manager, Job Description -- Forensic Analyst, Job Description -- Training Agenda -- Some Individual Forensic Certifications -- Minimum Equipment Records Required by ISO 17025 -- Reference Case Tests -- ISO 17025 Reporting Requirements -- Standard Forensic Laboratory Report -- IT Infrastructure -- Hardware -- Software -- Infrastructure -- Process Management -- Hardware Management -- Software Management -- Network Management -- Some Forensic Workstation Providers -- Some Mobile Forensic Workstation Providers -- Standard Build for a Forensic Workstation -- Some Case Processing Tools -- Policy for Securing IT Cabling -- Policy for Siting and Protecting IT Equipment -- ISO 20000-1 Mapping -- Service Desk Manager, Job Description -- Incident Manager, Job Description -- Incident Status Levels -- Incident Priority Levels -- Service Desk Feedback Form -- Problem Manager, Job Description -- Contents of the Forensic Laboratory SIP -- Change Categories -- Change Manager, Job Description -- Standard Requirements of a Request for Change -- Emergency Change Policy -- Release Manager, Job Description -- Configuration Management Plan Contents -- Configuration Management Policy -- Configuration Manager, Job Description -- Information Stored in the DSL and DHL -- Capacity Manager, Job Description -- Capacity Management Plan -- Service Management Policy -- Service Level Manager, Job Description -- Policy for Maintaining and Servicing IT Equipment -- ISO 17025 Tool Test Method Documentation -- Standard Forensic Tool Tests -- Forensic Tool Test Report Template -- Overnight Backup Checklist -- Incident Response -- General -- Evidence -- Incident Response as a Process -- Initial Contact -- Types of First Response -- The Incident Scene -- Transportation to the Forensic Laboratory -- Crime Scene and Seizure Reports -- Postincident Review -- Mapping ISO 17020 to IMS Procedures -- First Response Briefing Agenda -- Contents of the Grab Bag -- New Case Form -- First Responder Seizure Summary Log -- Site Summary Form -- Seizure Log -- Evidence Locations in Devices and Media -- Types of Evidence Typically Needed for a Case -- The On/Off Rule. Some Types of Metadata That may be Recoverable from Digital Images -- Countries with Different Fixed Line Telephone Connections -- Some Interview Questions -- Evidence Labeling -- Forensic Preview Forms -- A Traveling Forensic Laboratory -- Movement Sheet -- Incident Response Report -- Postincident Review Agenda -- Incident Processing Checklist -- Case Processing -- Introduction to Case Processing -- Case Types -- Precase Processing -- Equipment Maintenance -- Management Processes -- Booking Exhibits in and out of the Secure Property Store -- Starting a New Case -- Preparing the Forensic Workstation -- Imaging -- Examination -- Dual Tool Verification -- Digital Time Stamping -- Production of an Internal Case Report -- Creating Exhibits -- Producing a Case Report for External Use -- Statements, Depositions, and Similar -- Forensic Software Tools -- Backing up and Archiving a Case -- Disclosure -- Disposal -- Some International Forensic Good Practice -- Some International and National Standards Relating to Digital Forensics -- Hard Disk Log Details -- Disk History Log -- Tape Log Details -- Tape History Log -- Small Digital Media Log Details -- Small Digital Media Device Log -- Forensic Case Work Log -- Case Processing KPIs -- Contents of Sample Exhibit Rejection Letter -- Sample Continuity Label Contents -- Details of the Forensic Laboratory Property Log -- Exhibit Acceptance Letter Template -- Property Special Handling Log -- Evidence Sought -- Request for Forensic Examination -- Client Virtual Case File Structure -- Computer Details Log -- Other Equipment Details Log -- Hard Disk Details Log -- Other Media Details Log -- Cell Phone Details Log -- Other Device Details Log -- Some Evidence Found in Volatile Memory -- Some File Metadata -- Case Progress Checklist -- Meeting the Requirements of HB 171 -- Internal Case Report Template -- Forensic Laboratory Exhibit Log -- Report Production Checklist -- Case Management -- Overview -- Hard Copy Forms -- MARS -- Setting up a New Case -- Processing a Forensic Case -- Reports General -- Administrator's Reports -- User Reports -- Setting up Organisational Details -- Set up the Administrator -- Audit Reports -- Manage Users -- Manage Manufacturers -- Manage Suppliers -- Manage Clients -- Manage Investigators -- Manage Disks -- Manage Tapes -- Manage Small Digital Media -- Exhibit Details -- Estimates -- Accept or Reject Case -- Movement Log -- Examination Log -- Computer Hardware Details -- Non-Computer Exhibit Details -- Hard Disk Details -- Other Media Details -- Work Record Details -- Updating Case Estimates -- Create Exhibit -- Case Result -- Case Backup -- Billing and Feedback -- Feedback Received -- Organization Report -- Users Report -- Manufacturers Report -- Supplier Report -- Clients Report -- Investigator's Report -- Disks by Assignment Report -- Disks by Reference Number Report -- Wiped Disks Report -- Disposed Disks Report -- Disk History Report -- Tapes by Assignment Report -- Tapes by Reference Number Report -- Wiped Tapes Report -- Disposed Tapes Report -- Tape History Report -- Small Digital Media by Assignment Report -- Small Digital Media by Reference Number Report -- Wiped Small Digital Media Report -- Disposed Small Digital Media Report -- Small Digital Media History Report -- Wipe Methods Report -- Disposal Methods Report -- Imaging Methods Report -- Operating Systems Report -- Media Types Report -- Exhibit Type Report -- Case Setup Details Report -- Case Movement Report -- Case Computers Report -- Case Non-Computer Evidence Report -- Case Disks Received Report -- Case Other Media Received -- Case Exhibits Received Report -- Case Work Record -- Cases Rejected Report -- Cases Accepted -- Case Estimates Report -- Cases by Forensic Analyst -- Cases by Client Report -- Cases by Investigator Report -- Case Target Dates Report -- Cases Within "x" Days of Target Date Report -- Cases Past Target Date Report -- Cases Unassigned Report -- Case Exhibits Produced Report -- Case Results Report -- Case Backups Report -- Billing Run Report -- Feedback Letters -- Feedback Forms Printout -- Feedback Reporting Summary by Case -- Feedback Reporting Summary by Forensic Analyst -- Feedback Reporting Summary by Client -- Complete Case Report -- Processed Report -- Insurance Report -- Evidence Presentation -- Notes -- Types of Witness -- Reports -- Testimony in Court -- Why Cases Fail -- Nations Ratifying the Budapest Convention -- Criteria for Selection an Expert Witness -- The Forensic Laboratory Code of Conduct for Expert Witnesses -- Report Writing Checklist -- Statement and Deposition Writing Checklist -- Non-Verbal Communication to Avoid -- Etiquette in Court -- Testimony Feedback Form -- Secure Working Practices -- Principles of Information Security within the Forensic Laboratory -- Managing Information Security in the Forensic Laboratory -- Physical Security in the Forensic Laboratory -- Managing Service Delivery -- Managing System Access -- Managing Information on Public Systems -- Securely Managing IT Systems -- Information Processing Systems Development and Maintenance -- The Forensic Laboratory SoA -- Meeting the Requirements of GAISP -- Software License Database Information Held -- Information Security Manager, Job Description -- Logon Banner -- The Forensic Laboratory's Security Objectives -- Asset Details to be Recorded in the Asset Register -- Details Required for Removal of an Asset -- Handling Classified Assets -- Asset Disposal Form -- Visitor Checklist -- Rules of the Data Center -- User Account Management Form Contents -- Teleworking Request Form Contents -- Ensuring Continuity of Operations -- Business Justification for Ensuring Continuity of Operations -- Management Commitment -- Training and Competence -- Determining the Business Continuity Strategy -- Developing and Implementing a Business Continuity Management Response -- Exercising, Maintaining, and Reviewing Business Continuity Arrangements -- Maintaining and Improving the BCMS -- Embedding Business Continuity Forensic Laboratory Processes -- BCMS Documentation and Records -- General -- Supplier Details Held -- Headings for Financial and Security Questionnaire -- Business Continuity Manager, Job Description -- Contents of the Forensic Laboratory BIA Form -- Proposed BCMS Development and Certification Timescales -- Incident Scenarios -- Strategy Options -- Standard Forensic Laboratory BCP Contents -- Table of Contents to the Appendix to a BCP -- BCP Change List Contents -- BCP Scenario Plan Contents -- BCP Review Report Template Contents -- Mapping IMS Procedures to ISO 22301 -- Differences between ISO 22301 and BS 25999 -- Managing Business Relationships -- The Need for Third Parties -- Clients -- Third Parties Accessing the Forensic Laboratory. Managing Service Level Agreements -- Suppliers of Office and IT Products and Services -- Utility Service Providers -- Contracted Forensic Consultants and Expert Witnesses -- Outsourcing -- Use of Sub-Contractors -- Managing Complaints -- Reasons for Outsourcing Failure -- Contents of a Service Plan -- Risks to Consider with Third Parties -- Contract Checklist for Information Security Issues -- SLA Template for Products and Services for Clients -- RFx Descriptions -- The Forensic Laboratory RFx Template Checklist -- RFx Timeline for Response, Evaluation, and Selection -- Forensic Consultant's Personal Attributes -- Some Tips for Selecting an Outsourcing Service Provider -- Areas to Consider for Outsourcing Contracts -- Effective Records Management -- Legislative, Regulatory, and Other Requirements -- Record Characteristics -- A Records Management Policy -- Defining the Requirements for Records Management in the Forensic Laboratory -- Determining Forensic Laboratory Records to be Managed by the ERMS -- Using Metadata in the Forensic Laboratory -- Record Management Procedures -- Business Continuity -- MoReq2 Functional Requirements -- Mapping of ISO 15489 Part 1 to Forensic Laboratory Procedures -- Types of Legislation and Regulation that will Affect Record Keeping -- Forensic Laboratory Record Keeping Policy -- Record Management System Objectives -- Business Case Contents -- Outline of the ERMS Project -- Selection Criteria for an ERMS -- Initial ERMS Feedback Questionnaire -- Metadata Required in the ERMS -- Sample E-mail Metadata -- Forensic Case Records Stored in the ERMS -- Dublin Core Metadata Elements -- National Archives of Australia Metadata Standard -- Responsibilities for Records Management in the Forensic Laboratory -- Metadata for Records Stored Off-Site -- Records Classification System -- Disposition Authorization -- Additional Requirements for Physical Record Recovery -- Specialized Equipment Needed for Inspection and Recovery of Damaged Records -- Health and Safety Procedures -- Planning for OH & S -- Implementation and Operation of the OH & S Management System -- Checking Compliance with OH & S Requirements -- Improving the OH & S Management System -- OH & S Policy Checklist -- The Forensic Laboratory OH & S Policy -- Health and Safety Manager Job Description -- Some Examples of OH & S Drivers -- The Forensic Laboratory OH & S Objectives -- Sample Hazards in the Forensic Laboratory -- Hazard Identification Form -- Some Areas for Inspection for Hazards -- Inputs to the Risk Assessment Process -- OH & S Risk Rating -- DSE Initial Workstation Self-Assessment Checklist -- DSE Training Syllabus -- DSE Assessors Checklist -- Measurement of OH & S Success -- Specific OH & S Incident Reporting Requirements -- OH & S Investigation Checklist and Form Contents -- OH & S Incident Review -- OHSAS 18001 Mapping to IMS Procedures -- Human Resources -- Employee Development -- Development -- Termination -- Training Feedback Form -- Employee Security Screening Policy Checklist -- Employment Application Form -- Employment Application Form Notes -- Some Documents that can Verify Identity -- Document Authenticity Checklist -- Verifying Addresses -- Right to Work Checklist -- Reference Authorization -- Statutory Declaration -- Employer Reference Form -- Employer's Oral Reference Form -- Confirmation of an Oral Reference Letter -- Qualification Verification Checklist -- Criminal Record Declaration Checklist -- Personal Reference Form -- Personal Oral Reference Form -- Other Reference Form -- Employee Security Screening File -- Top Management Acceptance of Employment Risk -- Third-Party Employee Security Screening Provider Checklist -- Recruitment Agency Contract Checklist -- Investigation Manager, Job Description -- Forensic Laboratory System Administrator, Job Description -- Employee, Job Description -- Areas of Technical Competence -- Some Professional Forensic and Security Organizations -- Training Specification Template -- Training Proposal Evaluation Checklist -- Training Supplier Interview and Presentation Checklist -- Training Reaction Level Questionnaire -- The Forensic Laboratory Code of Ethics -- Termination Checklist -- Accreditation and Certification for a Forensic Laboratory -- Accreditation and Certification -- Accreditation for a Forensic Laboratory -- Certification for a Forensic Laboratory -- Typical Conditions of Accreditation -- Contents of an Audit Response -- Management System Assessment Non-Conformance Examples -- Typical Closeout Periods -- Emerging Issues -- Specific Challenges.
title_auth	Digital forensics processing and procedures : meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements /
title_exact_search	Digital forensics processing and procedures : meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements /
title_full	Digital forensics processing and procedures : meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements / David Watson, Andrew Jones.
title_fullStr	Digital forensics processing and procedures : meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements / David Watson, Andrew Jones.
title_full_unstemmed	Digital forensics processing and procedures : meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements / David Watson, Andrew Jones.
title_short	Digital forensics processing and procedures :
title_sort	digital forensics processing and procedures meeting the requirements of iso 17020 iso 17025 iso 27001 and best practice requirements
title_sub	meeting the Requirements of ISO 17020, ISO 17025, ISO 27001 and best practice requirements /
topic	Computer crimes Investigation. http://id.loc.gov/authorities/subjects/sh85029493 Evidence preservation Standards. Forensic sciences Standards. Computer science. http://id.loc.gov/authorities/subjects/sh89003285 Electronic data processing. http://id.loc.gov/authorities/subjects/sh85042288 Criminalité informatique Enquêtes. Preuve (Droit pénal) Conservation Normes. Criminalistique Normes. Informatique. computer science. aat data processing. aat Electronic data processing fast Computer crimes Investigation fast Computer science fast
topic_facet	Computer crimes Investigation. Evidence preservation Standards. Forensic sciences Standards. Computer science. Electronic data processing. Criminalité informatique Enquêtes. Preuve (Droit pénal) Conservation Normes. Criminalistique Normes. Informatique. computer science. data processing. Electronic data processing Computer crimes Investigation Computer science
url	https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=485049 https://www.sciencedirect.com/science/book/9781597497428
work_keys_str_mv	AT watsondavid digitalforensicsprocessingandproceduresmeetingtherequirementsofiso17020iso17025iso27001andbestpracticerequirements AT jonesandrew digitalforensicsprocessingandproceduresmeetingtherequirementsofiso17020iso17025iso27001andbestpracticerequirements

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Volltext öffnen

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge