Digital forensic investigations are, for the most part, still predominantly conducted in response to an incident. With this reactive approach, there is extreme pressure put on the investigation team to gather and process digital evidence before it is no longer available or has been modified. Showing signs of weakness, being reactive to incidents suggests that organizations are not acting on their own initiative to identify problem areas and develop strategies for its suppression.
For investigations to truly become proactive, organizations must closely examine the time, money, and resources invested into their overall investigative capabilities. Digital forensic readiness is a process used by organizations to maximize their electronically stored information (ESI) to reduce the cost of digital forensic investigations. At the starting point, there needs to be a breakdown of risks including both internal events — those that can be controlled and take place within the boundaries of control (e.g. outages, human error) — and external events — those that cannot be controlled and take place outside the boundaries of control (e.g. floods, regulations).
Here are six practical and realistic scenarios that can be used to demonstrate a pro-active initiative to manage business risk.