Digital Forensics Readiness Assessment Tool

🏢

Organization Profile

Organization Name

Organization Type

Organization Size

Small (1-50 employees) Medium (51-500 employees) Large (501-5000 employees) Enterprise (5000+ employees)

Industry/Sector

🛡️

Evidence Preservation Procedures

Do you have documented evidence preservation procedures?

Yes, comprehensive and regularly updated Yes, but basic and outdated No, we don't have formal procedures

How do you handle digital evidence collection?

Using forensic imaging tools with write blockers Using standard backup tools Manual copying/screenshots We don't have a formal process

Do you maintain hash values for digital evidence?

Always (MD5, SHA-1, SHA-256) Sometimes Never

🔧

Forensic Tools & Technology

Which forensic tools does your organization use? (Select all that apply)

EnCase FTK (Forensic Toolkit) Autopsy X-Ways Forensics Oxygen Forensic Suite Cellebrite None

Do you have write blockers and forensic workstations?

Yes, multiple units Yes, limited units No

Network forensics capabilities

Advanced (packet capture, IDS/IPS, SIEM) Basic (firewall logs, basic monitoring) None

👥

Staff Training & Expertise

How many certified forensic professionals do you have?

What certifications do your staff hold? (Select all that apply)

EnCE (EnCase Certified Examiner) GCFE (GIAC Certified Forensic Examiner) GCFA (GIAC Certified Forensic Analyst) CCE (Certified Computer Examiner) CHFI (Computer Hacking Forensic Investigator) CFCE (Certified Forensic Computer Examiner) None

Frequency of forensic training

Quarterly or more frequent Annual Ad-hoc/When needed Never/Rarely

🔗

Chain of Custody Procedures

Do you maintain formal chain of custody documentation?

Yes, comprehensive digital and physical records Yes, basic documentation Informal tracking only No formal tracking

How is evidence stored?

Secure facility with access controls and monitoring Locked room/cabinet Standard storage area No dedicated storage

Evidence transfer and handling procedures

Fully documented with signatures and timestamps Partially documented No formal procedures

🚨

Incident Response Planning

Do you have a documented incident response plan?

Yes, comprehensive and tested regularly Yes, basic plan Draft/In development No formal plan

Incident response team structure

Dedicated IR team with defined roles Cross-functional team Ad-hoc team formation No defined team

How often do you conduct incident response drills?

Quarterly or more Twice a year Annually Never/Rarely

⚖️

Legal & Compliance Readiness

Which compliance frameworks do you follow? (Select all that apply)

ISO 27001 ISO 27037 (Digital Evidence) NIST Cybersecurity Framework GDPR HIPAA PCI DSS SOX None

Do you have legal counsel familiar with digital forensics?

Yes, internal counsel Yes, external counsel on retainer No specialized legal support

Understanding of e-discovery requirements

High - Well-documented procedures Medium - Basic understanding Low - Limited knowledge

💻

Technical Infrastructure

Logging and monitoring capabilities

Comprehensive (centralized logging, SIEM, retention policy) Moderate (some centralized logs, limited retention) Basic (device-level logs only) Minimal/No logging

Data backup and recovery capabilities

Robust - Multiple backups, tested regularly Adequate - Regular backups Basic - Occasional backups Poor/No formal backup

Cloud forensics readiness

Advanced - Documented procedures for cloud evidence Developing - Some cloud forensics capability None - Not prepared for cloud forensics

📋

Documentation & Record Keeping

Quality of forensic documentation

Excellent - Detailed, standardized, court-ready Good - Consistent but could be improved Fair - Inconsistent documentation Poor - Minimal documentation

Retention policies for forensic data

Comprehensive - Documented and enforced Basic - Some policies in place None - No formal retention policy

📈

Continuous Improvement

Frequency of forensic capability reviews

Quarterly Bi-annually Annually Never/Rarely

Post-incident review process

Formal - Documented lessons learned Informal - Discussed but not documented None - No review process

Additional Comments or Concerns

🔍 Digital Forensics Readiness Assessment Tool