Question 1
Policy and disaster recovery is very essential for any organization. This is because it helps to create policies that address critical elements and processes that should be considered and implemented before a crisis occurs. When I was hired to perform digital investigations and forensic analysis for this company, I realized that there were no procedures, policies and processes that were in place. This complicated the job I was called to perform as there was no way I was going to work without the above things put into place. My first task in the company was to formulate policy and process documents to provide the structure necessary for my lab environment (Blokdijk, 2008). The first policy that I was going to put in place is the password policy. This is a detailed report that ought to view the password policies in the company. This would entail things such as maximum password age, minimum password age and password length.
The second policy that I needed in order to execute my duties was an account lock out policy. This is a report to view details of the account that includes lockout duration and lock out threshold. The two policies are significantly important in performing digital investigations and forensics as they depict the simple measures that the company has towards securing their data. When I put in place the necessary procedures to place, I will write a detailed report to the management of the company to inform them of my work. This report will not facilitate me to perform my job that I was hired to do, but also it will be of magnificent help to the company at large.
Question 2
Most people pay little or no effort on archiving emails. A lost email is the most common item calling for data, recovery, and also the same is the most common portal for data destruction. Forensic tracing of emails is one of the difficult but yet tedious work. This is because to recover an email one has to check each point through which the email passed with the detective working by step to the originating computer and eventually the criminal. Computer forensic is carried out when a cybercrime has been detected, and, the recovery of the data is obligatory. Computer hacking forensic investigations detects hacking attacks and properly extracting evidence to report crime and conduct audits to prevent future attacks (Vacca, 2005). Most organizations have not realized the importance of putting the necessary procedures that facilitate in computer forensic.
However, disaster recovery plans are also very crucial in that they help in quick and effective process of information. It has been depicted a disaster recovery plan should be established in conjunction the business continuity plan. Technology recovery plans should be put in place to restore the hardware, applications and data in time to meet the needs of the business recovery (Phillips & Enfinger, 2009). It has also been stipulated that in order to have a successful computer forensic both large and small business organizations should create and manage large volumes of electronic data. Without these measures put in place, it has depicted that data recovery would be very impossible in an organization. Also primary measures such as password lock can in a long way help in the management and the recovery of data. Therefore, organizations are encouraged to put in place the simplest measures in order to simplify the work of computer forensic when required.
References
Blokdijk, G. (2008). Disaster recovery 100 success secrets - itbusiness continuity, disaster. S.l.: Emereo Pty Ltd.
Vacca, J. R. (2005). Computer forensics: Computer crime scene investigation. Hingham, Mass: Charles River Media.
Phillips, N., & Enfinger, S. (2009). Guide to computer forensics and investigations. Clifton Park, N.Y: Delmar.
