Cyber Forensics: A Field Manual for Collecting,

Examining, and Preserving Evidence of Computer

Crimes, Second Edition
by Albert J. Marcella, Jr. and Doug Menendez
Taylor & Francis Group, LLC. (c) 2008. Copying Prohibited.

Reprinted for Dany Romero Sanzonetty, ISACA

danyqromero@hotmail.com

Reprinted with permission as a subscription benefit of Books24x7,

http://www.books24x7.com/

All rights reserved. Reproduction and/or distribution in whole or in part in

electronic,paper or other forms without written permission is prohibited.
 i

Table of Contents
Appendix Z: Confidential Cyber Forensics Questionnaire..........................................................1
Appendix Z: Confidential Cyber Forensics
Questionnaire

YN

1. Does your firm have a cyber forensics response team in place?

2. Has your staff received formal training in cyber forensic investigations?

3. Within the past 12 months, have you met with your legal counsel to discuss internal
methods and procedures your staff should follow for engagements that may lead to
litigation?

4. Do you have written procedures in place for handling digital evidence?

5. Do procedures exist that direct staff on how to conduct a forensic investigation

involving digital media?

6. Does staff know the proper procedure to follow if field audit work results in the
disclosure of inappropriate material on an employee's computer?

7. Are these procedures written and distributed to all field auditors?

8. Does your organization have a policy regarding the disclosure of sensitive internal
information, which may become public, as a result of a legal deposition?

9. Do policies and procedures exist, which address exactly what data your organization
will (or can) release, when such data is requested by a plaintiff's attorney?

10. Are procedures in place to prevent non-relevant data, data unrelated to a cyber
forensic investigation, from being released or disclosed as part of a larger examination
of an employee's suspect activities?

11. Are policies in place within your organization that addresses preservation of data
integrity and the archiving of a terminated employee's workstation (e.g., hard drive), in

Reprinted for isaca537453, ISACA CRC Press, Taylor & Francis Group, LLC (c) 2008, Copying Prohibited
Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes, Second Edition 2

the event that those data may need to be examined after the fact?

12. Is there a retention policy for such preserved and archived data?

13. Would you be able to demonstrate that controls are in place that would prevent any
unauthorized access to these archived data that could result in the manipulation or
destruction of these archived data?

14. What cyber forensics best practices does your firm employ?

15. What is your greatest fear with respect to the emerging importance and impact of cyber
forensics to the corporate enterprise?

Thank you for completing the Cyber Forensics Questionnaire. All results will remain strictly
confidential and only summary data will be utilized for upcoming research publication.

Reprinted for isaca537453, ISACA CRC Press, Taylor & Francis Group, LLC (c) 2008, Copying Prohibited