Response Readiness Metric
Digital forensic readiness is defined as having an appropriate level of capability to be able to preserve, collect, protect and analyze digital evidence “in any legal matters; in security investigations; in …show more content…
Compliance is not a one-size-fits-all process. It is driven by factors such as an organization’s industry (such as financial services) or the countries where business is conducted (such as United Kingdom). Documenting evidence must meet compliance standards and must be specific to the requirements of both the regulation or law, and the jurisdiction (Pandit, 2016). To cut waste, the metric measures all aspect of the digital forensic process to include acquisition, examination, analysis, and reporting such as Chain of Custody, search warrant, written permissions, court order, privacy, evidence control, data preservation, and documentation (“Quality Standards”, 2012). Lastly, this metric must include timeliness in acquiring search warrant and other documentation for legal proceedings. To search a seized electronic media, a search warrant is needed, and the Fourth Amendment prevents delay in obtaining such document. For example, a case in 2009 where a 21-day delay in obtaining a search warrant for the suspect’s computer was upheld to be unreasonable (“Digital Search Warrants”, n.d.). Therefore, the threshold in acquiring a search warrant should not exceed three …show more content…
Evidence collection could have the longest cycle time that could directly impact investigators ability to gather the details in a timely manner. Tracking evidence collection time to include specific data about each collection attempt, the metric could help pinpoint area to improve, since there are many components that are potentially slow down the collection process. Some areas to consider, for example, are collecting data from a user located in another country, someone away on extended time, or over VPN. Measuring the time to collect data and analyzing the details of the outliers help the team to trace toward a process and remove waste. Additionally, understanding the largest bottleneck in the process will allow the team to appropriately set management expectations as to when more details will be forthcoming (Mason, 2014), and set customer expectations on the timeliness of the investigation. Lastly, it is necessary to move imaging speed as a separate metric to lessen complexity. A standalone metric provides greater focus and value to the