Incident Response and Forensic Readiness
When a compromise of security or an unauthorised/illegal action associated with a computer is suspected, it is important that steps are taken to ensure the protection of the data within the computer and/or storage media.
Sapphire can help you formulate incident response procedures to meet the Mandatory Requirement No37 of the Security Policy Framework (SPF) for Forensic Readiness Policy and Planning, a one day Forensic Readiness overview course is held at Sapphire Head office on a monthly basis.
Sapphire Computer Forensic, CLAS and ISO27001 consultants have a wealth of experience implementing relevant procedures and can ensure that you are aware of topical issues regarding Forensic Readiness.
Forensic Readiness should be addressed as part of your Risk Management documentation; Attempts at investigation involving computers often fail because of mistakes made at a very early stage when essential digital evidence is ignored, destroyed or compromised and suspects are inappropriately handled.
There are many key drivers for implementing a Forensic Readiness Policy:
- For GOV Forensic Readiness needs to be adopted to comply with SPF.
- LEA may find it beneficial to adopt a Forensic Readiness Policy.
- For private sector there may be key drivers to force compliance.
- Economic losses as a result of failing to detect fraudulent activity, damages/costs awarded against the organisation.
- Penalties for non-compliance.
Sapphire forensic technicians can also perform a technical analysis of compromised PC/Server platforms, and have had successful results from Internet Website hacking/intrusions and compromised desktop systems to name a few.
The success rate of this type of attack or intrusion can often be directly related to the implementation of Forensic Readiness Procedures, knowing what to do and just as importantly what not to do if you suspect this type of activity is the first step to securing any relevant data.
Often well meaning help from IT staff can compromise any successful outcome by removing traces of unauthorised activity or conducting forensically un-sound investigations.
- Support 0845 58 27999
- General 0845 58 27001
- Request a Call / Quote
