Skip to content
Log in

Forensic readiness

Definition

The organisational state in which people, processes, and technology are prepared to collect and preserve digital evidence with minimum disruption to business operations. Defined by Tan (2001) and referenced in ISO/IEC 27037 and the UK ACPO Good Practice Guide.

Related terms

Breach notification
The legal obligation to inform regulators and affected individuals when personal data is compromised in a security incident. Timelines and thresholds differ...
Chain of custody
The documented chronological record of who collected, handled, transferred, and examined a piece of evidence. For digital evidence, chain of custody includes...
Dwell time
The period between an attacker gaining initial access and their detection. Reducing dwell time is a primary goal of threat hunting. The...
Incident response (IR)
The organised methodology for handling and managing the aftermath of a security breach or cyberattack. IR encompasses preparation, detection, containment, eradication, recovery,...
ISO/IEC 27037
An international standard providing guidelines for the identification, collection, acquisition, and preservation of digital evidence. Published by ISO in 2012. Used by...
Jump bag
A pre-packed kit containing the hardware and media required for immediate on-site forensic response: write-blockers, imaging drives, bootable USB, cables, evidence labels,...
Order of volatility
The sequence in which digital evidence should be collected, ranked from most to least transient. Defined in RFC 3227. CPU registers and...
Pre-positioned agent
Lightweight endpoint software deployed across the organisation before any incident occurs. When an incident is declared, the IR team tasks agents remotely...
Proportionality
The legal principle, central to European human rights law and to many constitutional systems, that any interference with a fundamental right must...
Write blocker
A hardware or software device interposed between a digital storage medium and the forensic workstation that prevents any write commands from reaching...

Explained in these topics

  • Forensic Readiness and Response ToolkitsThe organisational state in which people, processes, and technology are prepared to collect and preserve digital evidence with minimum disruption to business o...
  • Incident Response Goals and PrinciplesThe pre-incident state of having the logging, tooling, procedures, and trained personnel in place so that when an incident occurs, evidence collection starts i...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account