Update – October, 2021
After nearly 70,000 downloads of my templates, policies, and procedures, I have decided to take the documents offline and refresh them based upon new caselaw, standards, and information.
Many of them have already been updated and are now available as part of an online course I have created on creating a digital forensic capability. This course is available on my company’s website here.
As I complete the remainder of the forms, they will be posted on Natsar.com. I encourage you to create an account on that site and sign up for our email list to be notified as things become available.
For my Master of Science Degree in Information Security and Assurance (MSISA) I wrote my thesis about the overall lack of standards, certifications, and accreditation in the digital forensics discipline (available here). This lack of rigor within our profession may very well jeopardize the credibility of our discipline.
Over the past nearly two decades that I have been involved in the digital forensics field, it has been my experience that many, if not most, digital forensic “labs” lack proper policies and procedures to govern their work. This is not because of any intentional oversight by digital forensic examiners, but generally because the majority of examiners face a daunting backlog of evidence to examine and the thought of taking time away from the work to create policies and procedures becomes a low priority.
Never being fond of bringing up problems without a suggestion or two, I incorporated a set of model policies, procedures, manuals, forms, and templates for digital forensic and incident response practitioners. These documents have been vetted by numerous auditors, have been subpoenaed and introduced in courtrooms, have been practically applied and worked to for years, and have withstood all scrutiny they have been placed under. Some of these documents were used within an ASCLD/LAB accredited laboratory operating to ISO 17025 standards and others have been used within a U.S. Federal Agency in the national security space providing cybersecurity, digital forensics, and incident response for classified and unclassified networks.