Our inimitable friend Craig Ball has once again published a remarkable blog post which should be required reading for digital forensic examiners and their clients. Drafting Digital Forensic Examination Protocols is a tremendous contribution of Craig's vast experience with such protocols.
As always, it is engagingly written. There is a treasure trove of "exemplar language" from which to draw up protocols.
This is a somewhat lengthy read, but worth every minute of your time. As I was reading it, I shook my head in disbelief as Craig covered many of the questions we are most commonly asked by clients and by CLE attendees.
To give you just a snippet of the post's wisdom, I offer up Craig's conclusion:
"Crafting a forensic examination protocol demands more than finding a good form to filch. It requires a clear sense of about what you seek to accomplish through an examination and the ability to express those goals with enough technical specificity to guide a diligent examiner to the artifacts that will answer your questions. There's often a tension between one side's wish to rein the examiner in and the others' to turn the examiner loose. A good protocol balances the two and affords the examiner just enough discretion to follow the electronic evidence and let it tell its tale."
I could not have said it better. Bravo Craig!
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology