Protecting corporate ICT infrastructures by using digital forensics

Digital forensics is usually seen as a specialised domain of information and communication technologies (ICT) that is employed when a serious crime involving ICT is committed. It is by and large seen as a responsibility of the computer crime units of law enforcement agencies to conduct examinations of the ICT resources used in a crime. The staff members of a corporate ICT team are therefore not required to acquire the digital forensics analysis skills and the corresponding investigation tools. This trend is experiencing a significant shift in the recent years as the commercial interests of corporate sector increasingly require the post-incident analysis capabilities to ensure business continuity. This paper highlights the role of digital forensics in the corporate ICT infrastructure. It presents a framework for embedding digital forensics analysis techniques at various stages of corporate ICT lifecycle. A set of best practices for the corporate ICT security policy is also outlined to keep the operational costs of digital forensics at the optimal level.