2. May 2007, 19:11 | by WD Milner | Full Article |

When an incident occurs requiring a computer forensic investigation it must be done in the most responsible manner possible. While it is a given that it be done in a legal and ethical manner, it must also be done in an effective manner. The following are some basics guidelines to follow to help ensure that any investigation provides the needed information.

Before beginning your active investigation, decide on some general objectives. Agree on what the goal is and set some milestones to measure progress. The ultimate goal of course is the protection of of the relevant entity from from the current allegation under investigation and any possible repercussions as a result of how the investigation proceeds. Do not start with a preconceived idea of the outcome and try to make the facts fit, even if that would be more convenient.

The investigatory methods should be appropriate for the corporate environment in which they are occuring. Activities of the investigation should make sense and follow practices the principals would be willing to publically support. Do not break the law, or hire anyone who is willing to, or willing to sub-contract anyone who will; down that path lies disaster.

The investigation should retain a tight focus so that it doesn’t veer off target and create a larger issue than it was started to deal with in the first place. The tendency to rush in and catch a perpetrator quickly is to be tempered with patience and avoid the possibility of spending much larger sums to solve a crime that cost a minor amount in comparison.

It is also important to be consistant during the course of the investigation. Make sure that the procedures and practices are well documented and can be replicated for presentation in legal proceedings if needs be. All employees regardless of their performance records or position should be treated equally during the investigation. Similarly, equitable standards should be used in dealing with contractors and subcontractors.

Allegations that result in an investigation should be held on a “need to know” basis and the group of people involved should only be expanded when absolutely necessary. Any general briefings can be done once allegations are confirmed or denied. It is also imperative that personnel policies state that communicatiosn be it data, telephone conversations, instant messaging, etc. that travels over company network and equipment is the property of the company and may be monitored, tracked, recorded and audited. Employees should always be aware of their rights, and any formal policy should contain guidelines as to when a person or persons under investigation should be apprised of that fact.

Often overlooked but a necessary part of any investigation is to plan for possible errors. There should be a process in place by which concerns can be raised about the manner of an investigation, and the process should work.

- 30 -

Categories: ,
Keywords: forensic,investigation,guidelines,incident



Textile help
* Indicates a required field.

As a SPAM prevention measure, comments are moderated and will be posted once vetted.


Article & Comments

Comments are not enabled for all articles or documents.

Article Navigation


Internet and WWW
Music and Audio
Society and Culture
Stage and Screen
Tips and Tricks
Web Design
Web Site

The Birches - Support Child Safety Online


 Help to FIGHT spam!