David Watson, Andrew Jones, in
Digital Forensics Processing and Procedures, 2013 The Forensic Laboratory has an obligation to ensure that only legal software is used on
Forensic Laboratory information-processing resources and to support this appropriate technology shall be used to audit Forensic Laboratory-owned software on Forensic Laboratory-owned equipment without employee permission. While the Forensic Laboratory has control over their own employees and information-processing resources, they cannot necessarily control third-party employees and information-processing resources to the same level.
This may mean that these employees have non-Forensic Laboratory software on their systems. This shall be excluded from any audits. Top Management shall be notified of any illegal or unlicensed software discovered as part of the audit process.The Forensic Laboratory Integrated Management System
Software and Hardware Auditing
Note
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000042
Quality in the Forensic Laboratory
David Watson, Andrew Jones, in Digital Forensics Processing and Procedures, 2013
6.3.3 Quality Policy Statements
The Forensic Laboratory’s Top Management endorses the following quality statements:
•the Forensic Laboratory is committed to good quality working practice in all tasks relating to its products and services for delivery to its Clients;
•all Forensic Laboratory employees must always perform their activities in accordance with policies, procedures, and standards documented in the IMS and to ensure that all the products and services that the Forensic Laboratory meets, and exceed, Client expectations;
•all Forensic Laboratory case processing must meet the requirements of the IMS, be scientifically sound, repeatable, and provide the Client with reliable results;
•all Forensic Laboratory employees shall undergo appropriate training to ensure that they are competent to perform their tasks, as appropriate;
•the Forensic Laboratory commits to meet the requirements of the relevant Accreditation Bodies, Certification Bodies, and other relevant professional organizations;
•quality in the Forensic Laboratory shall be measured by “KPIs” (designated as Quality Objectives) which Forensic Laboratory management review and set each year to ensure that all employees attain quality standards, and to ensure continuous improvement of the Forensic Laboratory’s quality and other objectives. The Forensic Laboratory “KPIs” are defined in Section 6.2.2.1;
•all Forensic Laboratory employees shall ensure that they are familiar with those aspects of the Forensic Laboratory’s policies and procedures in the IMS that relate to their day-to-day work;
•the Forensic Laboratory is committed to a process of continuous improvement in all of its products and services as defined in Chapter 4, Section 4.8;
•quality is the responsibility of all Forensic Laboratory employees.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000066
Health and Safety Procedures
David Watson, Andrew Jones, in Digital Forensics Processing and Procedures, 2013
17.1.4.4 The Forensic Laboratory, Generally
The Forensic Laboratory has a duty of care to their employees, and any third parties working on their behalf, to provide a safe working environment, as far as is reasonably practicable. This includes, but is not limited to the provision and maintenance of:
•safe access and egress to the Forensic Laboratory premises;
•safe systems of work;
•safe plant and equipment for use anywhere in the Forensic Laboratory;
•information, instructions, procedures, and training for all Forensic Laboratory employees relating to OH&S;
•a safe location where any Forensic Laboratory employees may work, including teleworking, mobile working, and on-site working.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000170
Secure Working Practices
David Watson, Andrew Jones, in Digital Forensics Processing and Procedures, 2013
12.3.13.1.5 Preventing Misuse of Information Systems
The Forensic Laboratory’s information processing facilities are for business use only. Limited personal use of Internet facilities may be permitted, but not from forensic case processing equipment. The use of any Forensic Laboratory information processing systems for non-business purposes is minimal. Excessive activity and specific activity are regularly monitored to detect and prevent abuse of the privilege. The following controls shall be in place:
•all Forensic Laboratory employees are provided with business specific accounts related solely to their role in the Forensic Laboratory;
•when an employee logs in, a message is displayed on the screen, stating that this is the Forensic Laboratory owned system and unauthorized access is not permitted—the employee must accept the message on the screen in order to continue with the log-on process. The Forensic Laboratory log-on banner is given in Appendix 5;
•usage monitoring is performed on all the Forensic Laboratory information processing systems, including Internet and e-mail facilities.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000121
Managing Business Relationships
David Watson, Andrew Jones, in Digital Forensics Processing and Procedures, 2013
14.2.1.1 Identification of Clients, Products, Services, and Stakeholders
Forensic Laboratory Clients, products, services, and stakeholders are identified via Service Level Agreements (SLAs) or Turn Round Times (TRTs), as follows:
•all Clients of the Forensic Laboratory services are identified in SLAs or TRTs, as defined in the proposal of call-off contract in Chapter 6, Section 6.6.2.3, and its review in Chapter 6, Section 6.6.2.4;
•each SLA or TRT describes a product or service that is provided by the Forensic Laboratory to particular business Client for forensic case processing;
•one SLA or TRT is in place for each Client or specific case;
•each SLA identifies:
-the product or service provided by the Forensic Laboratory;
-the Client;
-all service stakeholders.
Note
Where SLAs do not exist for a Client or a supplier, they are developed, as defined in Section 14.4.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000145
IT Infrastructure
David Watson, Andrew Jones, in Digital Forensics Processing and Procedures, 2013
7.4.6.1 Roles and Responsibilities
7.4.6.1.1 Capacity Manager
The Forensic Laboratory Capacity Manager (CaM) is responsible for the following aspects of capacity planning and management:
•creating the yearly capacity plan in coordination with relevant internal and external Clients;
•ensuring that the Forensic Laboratory capacity plan is up-to-date.
Note
The Forensic Laboratory CaM Job Description is given in Appendix 25.
7.4.6.1.2 IT Manager
The Forensic Laboratory IT Manager is responsible for the following aspects of capacity planning and management:
•conducting a monthly system capacity review in coordination with the CaM and other relevant stakeholders;
•providing trending and analysis information relating to capacity, as required;
•reviewing any incidents raised at the Service Desk that relate to capacity issues;
•determining anticipated capacity requirements for all new systems to be implemented in the Forensic Laboratory;
•reporting these new capacity requirements to the CaM;
•updating the Forensic Laboratory IT Department capacity plan with the CaM;
•authorizing changes to information systems for enhanced capacity purposes.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000078
Effective Records Management
David Watson, Andrew Jones, in Digital Forensics Processing and Procedures, 2013
Appendix 17 Records Classification System
The Forensic Laboratory uses a four-level classification system for records within the ERMS. These are as follows:
| Business critical | Records without which the Forensic Laboratory could not continue to operate. Records that give evidence of status and protect the Forensic Laboratory and its Clients Irreplaceable | • Legal documents; •Contracts; •Accounts; •All forensic case records. |
| Important | Important to the continued operation of the Forensic Laboratory. Could be reproduced from a variety of source documents, from Clients/suppliers, or backups. Replaceable | • Procedures; •Nonessential business records. |
| Useful | Loss would cause temporary inconvenience to the Forensic Laboratory Replaceable | • Most regularbusiness correspondence |
| Nonessential | No value to the Forensic Laboratory beyond either the time limits of the life cycle of the record or records/documents for public consumption Replaceable | • Advertising material; •Published articles. |
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000157
Human Resources
David Watson, Andrew Jones, in Digital Forensics Processing and Procedures, 2013
18.2.1.4 Information Security Training
Awareness of information security requirements relating to information held by the Forensic Laboratory is an essential responsibility of every Forensic Laboratory employee on a daily basis. Unauthorized access, disclosure, modification, or erasure of Forensic Laboratory information could result in a loss of work hours spent creating information, as well as more work hours trying to recover it and possible severe reputational loss or financial penalties. Information compromise inside or outside the work environment could result in the violation of Client confidentiality or relevant privacy legislation in the jurisdiction. This could lead to criminal charges or civil litigation.
It is ultimately the responsibility of the Forensic Laboratory Top Management to ensure that all employees with access to Forensic Laboratory information and information processing resources understand the key elements of information security, why it is needed, and their personal information security responsibilities.
All employees shall participate in the security awareness and training program, as defined in Chapter 12, Section 12.3.2.
All Forensic Laboratory employees must be provided with guidance to help them understand information security, the importance of complying with the relevant policies, procedures, and work instructions relating to information security within the Forensic Laboratory and to be aware of their own personal responsibilities. It is the responsibility of the Forensic Laboratory Line Managers, in cooperation with the Information Security Manager, to promote security awareness and training to all employees on a continuous basis.
The Forensic Laboratory shall follow these guidelines to promote awareness of information security among all employees with access to the Forensic Laboratory information and information processing resources:
•formal awareness and training sessions are run using specialized awareness material;
•all training sessions are kept up to date with current practices;
•training sessions must be attended by all Forensic Laboratory employees, including Top Management;
•information security awareness training sessions are regularly reviewed by the Information Security Manager;
•feedback from the information security awareness training sessions is regularly reviewed by the Information Security Manager to ensure continuous improvement is in place.
The objective of security training at the Forensic Laboratory is to ensure that:
•the Forensic Laboratory uses appropriate risk management techniques and tools to choose appropriate security controls;
•information security controls are applied correctly to the Forensic Laboratory information and information processing resources;
•the Forensic Laboratory develops products and services, and process cases, in a disciplined and secure manner.
The HR Manager and relevant Management System Owners are responsible for ensuring that the Forensic Laboratory employees obtain adequate training via:
•advising employees of available courses and seminars that are appropriate to their needs;
•encouraging membership of suitable professional bodies;
encouraging personal certification, where applicable;
•ensuring knowledge transfer from third parties to Forensic Laboratory employees;
•identifying on-line training resources and encouraging employees to use them;
•implementing a learning management system with learning re-inforcement that is part of the annual awareness update process. Those employees that do not pass the marking threshold shall have to retake the training until they do pass.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000182
Case Processing
David Watson, Andrew Jones, in Digital Forensics Processing and Procedures, 2013
Appendix 6 Tape History log
The Forensic Laboratory records the following details in MARS about the history of all tapes used in processing forensic cases:
•unique Forensic Laboratory number;
•action (wiped, used to backup a case, used to backup a case image, returned to store, transfer to outside agency, disposal, etc.);
•date action taken;
•action performed by;
•method or tool used;
•action authorized by.
Note
The tape history log will give a complete audit trail of all tape for their complete life cycle in the Forensic Laboratory.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000091
Ensuring Continuity of Operations
David Watson, Andrew Jones, in Digital Forensics Processing and Procedures, 2013
13.4.2 Key Products and Services
The Forensic Laboratory will have a list of the following high-level key company products and services that support the Forensic Laboratory’s objectives. It is the job of the Business Continuity Manager to either agree with these products and services or amend the list to accurately reflect the requirements of the Forensic Laboratory. It is these products and services that are included within the BCMS:
•acquire Clients;
•maintain Clients;
•process invoices;
•supplier process;
•process cases;
•internal procedures (non-IT);
•deliver Client’s requirements;
•internal IT Management.
The key Forensic Laboratory processes will have had their risks assessed in the BIA, as given in Appendix 4, and in the Business Risk Workshops, as defined in Section 13.1.6.
Read full chapter
URL: //www.sciencedirect.com/science/article/pii/B9781597497428000133