For my Master of Science Degree in Information Security and Assurance (MSISA) I wrote my thesis about the overall lack of standards, certifications, and accreditation in the digital forensics discipline (available here). This lack of rigor within our profession may very well jeopardize the credibility of our discipline.
Over the past decade that I have been involved in the digital forensics field, it has been my experience that many, if not most, digital forensic “labs” lack proper policies and procedures to govern their work. This is not because of any intentional oversight by digital forensic examiners, but generally because the majority of examiners face a daunting backlog of evidence to examine and the thought of taking time away from the work to create policies and procedures becomes a low priority.
Never being fond of bringing up problems without a suggestion or two, I incorporated a set of model policies, procedures, manuals, forms, and templates for digital forensic and incident response practitioners. These documents have been vetted by numerous auditors, have been subpoenaed and introduced in courtrooms, have been practically applied and worked to for years, and have withstood all scrutiny they have been placed under. Some of these documents were used within an ASCLD/LAB accredited laboratory operating to ISO 17025 standards and others have been used within a U.S. Federal Agency in the national security space providing cybersecurity, digital forensics, and incident response for classified and unclassified networks.
Feel free to download these forms, modify them to fit your particular needs, and use them. If you find them helpful or you have some comments or questions, I encourage you to post them below.
Please note – unfortunately there have been several instances were individuals have downloaded these documents and then posted them on their own websites and indicating that the content was their own. Please do not republish these, but instead, link to my page if you want others to have the information. Thank you
Policies, Procedures, Technical Manuals, and Quality Assurance Manuals
- Video Forensics Training Manual
- Video Forensics Technical Manual
- Mobile Device Forensics Training Manual
- Mobile Device Forensics Technical Manual
- Digital Forensics / Incident Response Administrative Manual
- Digital Forensic Lab Quality Assurance Manual
- Computer Forensics Training Manual
- CIRT Forensic Validation Manual
- CIRT Forensic Technical Manual
Forms and Templates
- Post Mortem Windows Forensic Checklist
- Policy Manual Acknowledgement Form
- Incoming Evidence Form
- Expert Testimony Evaluation Form
- Evidence Disposition Form
- Evidence Chain of Custody Letter
- Evidence Chain of Custody Form
- Digital Forensic Report Template
- Contraband Acknowledgement Form
- Consent to Sanitize Digital Media Form