Basic Plan

After getting the proper legal authorization for handling the pieces of evidence of a case, we can follow some steps for investigating the security incident, such as a data breach or cyberattack, to preserve evidence, identify the root cause of the incident, and prevent future occurrences.

Here is a general example of a basic digital forensics plan:

• Acquire the evidence: Collect the digital devices

• Establish a chain of custody: Fill out the related form appropriately

• Place the evidence in a secure container: Ensure that the evidence does not get damaged

• Transport of the evidence: To a digital forensics lab for analysis

• Create a forensic copy of the evidence: The forensic copy requires advanced software to avoid modifying the original data

• Start Investigation: Process the copy on the forensics workstation