Cyber terrorism is usually politically motivated and entails the use of computer and other information technology hence causing widespread fear in the society or disruption. The paper describes the forensic plan, how the team will approach the incidents review and finally the collection requirement so as to ensure the team is operating legally.
Forensic plan for cyber terrorism
Incident and investigation reviews
Determination of the Intent and scope of Investigation
This investigation will begin with initial contact. The investigators will be first contacted in relation to a possible investigation. If the clients are well organized they should have their own team of incident response plan. The investigators from this team will be able to utilize the information provided by the rapid response team. The information that is provided by rapid response team of the clients will be used as the POC, incident assessment and also incident investigation report (Volonino, 2003). These reports will be useful in that they may be the source of information that the investigators may require to conduct their investigation.
Although there is information from Rapid response team of the client, the team of investigators will always be willing and ready to conduct their own information. The readiness and willingness of the team of investigators will help them to collect sufficient information that will be useful and hence direct the investigators to the preliminary discussion meeting of the investigation (Janczewski, 2008). The PID shall be obtained where the clients may provide any useful ideas that can be used for the investigation and also give the information on the computers which should be investigated. This list may be in future expanded by the investigators as they continue to obtain additional information.
The team of investigators should conduct some calculation and provide their initial estimation of the resources they require to complete the investigation. The estimation should be the cost involved, equipments, personnel and finally the time they will take to complete the information. In the PID, the legal investigation should be decided (Janczewski, 2008).
Determination of legal restriction
The team of investigators should advice the clients the needed to contact the best legal counsel concerning the event of cyber terrorism and their desire to conduct a forensic investigation. A team of investigators will also ensure that Human Relation department is present In the PID so as to discuss employee privacy issues (Volonino, 2003).
Determination of limits of the investigators’ authorities
The team of investigators should ensure that the client is aware of the investigation and the activities that they do during the investigation. A team of investigators will ensure that they are very clear with their client on their limits of their authority. If the client has any restriction, it should be well understood by the investigators and well documented during the PID.
Determination of the escalation procedure
The team of the investigators will discuss with their clients how they will notify them of any operational problems that may arise due to the investigation. The team will also discuss with the client on how additional resources will be obtain from the representatives of the clients.
The determination of Liaison and the reporting requirement
The team of the investigators will make sure that the client provides liaison that will be used for the coordination of status report and the others actions of the investigations (Janczewski, 2005). This liaison should be able to coordinate with law enforcement authority and the client’s legal counsel. The team of the investigators should ensure that they discuss the time in which the status reports should be made, the format of the report and to the person to whom it will be presented.
Documents Known facts and initial incident timeline
Most of this information may be provided by Rapid Response team of the client. The team of investigators in their first meeting will be able to create the incident POC and contact information list. The list will be prepared and presented in the PDI meeting. The client should be directed to create a summary of the incidents that are known facts and the timelines of the event's incidence which should be presented at the PDI meeting (Janczewski, 2005).
Determination of fact of incident
The PID will be based on where the majority of the known information of the incidents as the investigators’ team will present. The information of the incident maybe represented as the result from the internal rapid. The team of investigators should be very ready to do interviews on the attendance during the PDI. The information that the team of investigator will obtain in the interview while in attendance of PDI will be useful in that it will be used to establish the basic reference point of the investigation (Janczewski, 2008). Regardless where the information is obtained the investigators should be required to revalidate important facts that will constitute the report.
Janczewski, L., & Colarik, A. M. (Eds.). (2008). Cyber warfare and cyber terrorism. IGI Global.
Volonino, L., & Robinson, S. R. (2003). Principles and practice of information security. Prentice.
Janczewski, L., & Colarik, A. M. (2005). Managerial guide for handling cyber-terrorism and information warfare. IGI Global.