A forensic investigation of digital evidence is commonly employed as a post-event response to a serious information security incident; this can be both time consuming and expensive. There are many circumstances where an organisation can benefit from the ability to gather and preserve digital evidence before an incident occurs; a Digital Forensics Readiness Policy details the immediate procedures to be employed for any forensic investigation of digital evidence.
Forensic readiness is defined as the ability of an organisation to maximise its potential to use digital evidence whilst minimising the costs of an investigation.
A Digital Forensics Readiness Policy should be established to confirm an organisation’s commitment:
Note: The term Digital Forensics Readiness Policy is interchangeable with Computer Forensics Readiness Policy.