A image of a computer hard drive with a emergency vehicle
A image of a surgon working on a computer hard drive.
A image of a computer keyboard key with the word recovery on.
Forensic Readiness Planning

A forensic investigation of digital evidence is commonly employed as a post-event response to a serious information security incident; this can be both time consuming and expensive. There are many circumstances where an organisation can benefit from the ability to gather and preserve digital evidence before an incident occurs; a Digital Forensics Readiness Policy details the immediate procedures to be employed for any forensic investigation of digital evidence.

Forensic readiness is defined as the ability of an organisation to maximise its potential to use digital evidence whilst minimising the costs of an investigation.

A Digital Forensics Readiness Policy should be established to confirm an organisation’s commitment:


  • To gather admissible evidence legally and without interfering with business processes
  • To gather evidence targeting the potential crimes and disputes that may adversely impact the organisation
  • To allow an investigation to proceed at a cost in proportion to the incident
  • To minimise interruption to the business from any investigation
  • To ensure that evidence makes a positive impact on the outcome of any legal action, in order to continue core business functions of all Business Stakeholders in the event of a major incident.


Note: The term Digital Forensics Readiness Policy is interchangeable with Computer Forensics Readiness Policy.