Discussion

Components of an Incident Response Plan

An incident response plan plays a vital role in managing an incident by making the correct

decisions to bring the situation under control. To design an incident response plan, an

organization ought to take the following steps:

 Identifying critical infrastructure

 Identifying a single point of failure and addressing them

 Creating a workforce continuity plan

 Creating an incident response plan, and finally

 Training the staff on incidence response

A formal incident response plan constitutes of:

Roles and Responsibilities

 The plan highlights individual roles and responsibilities in the event of the incident. The incident

team members are allocated various duties in ensuring the incident is managed back to normal.

Business Continuity Plan (BCP)

The BCP is a process involving creating a prevention and recovery system from potential threats

to a company (Miller and Engemann, 2019). The process's objective being ensuring that

personnel and the organization's assets are protected and that they recover quickly in the event of

an incident.

Summary of Tools Technologies and Physical Resources

These are tools vital in analyzing, alerting, and remediating threats to an organization. The tools

are feed information by the system logs, endpoints alerts, identity systems, network flows, etc.,
in identifying threats. Further, an incident response plan contains a list of critical network and

data recovery processes and the communication process.  

Chain of Custody in Forensic Investigation

Chain of custody is the process involved in the maintenance, documentation, and handling of

evidence. The process entails keeping a log of details regarding who was involved in collecting,

handling, transferring, analyzing evidence, and in the investigation (Legal Dictionary, 2019).

Chain of custody plays a crucial role in proving the integrity of a piece of evidence at any given

time. The record of the chain of custody must be presented in courts whenever presenting

evidence as an exhibit (NCBI, 2020).

Reference

Legal Dictionary. (2019). Chain of Custody. https://legaldictionary.net/chain-of-custody/.

Miller, H. E., & Engemann, K. J. (2019). Business continuity management in data center

environments. International Journal of Information Technologies and Systems Approach

(IJITSA), 12(1), 52-72.

NCBI. (2020). Chain of

Custody. https://www.ncbi.nlm.nih.gov/books/NBK551677/#:~:text=Importance%20of%20the

%20Chain%20of,during%20the%20trial%20if%20required.

Reply 1

Greetings Ditan, thanks for sharing your thoughts on elements that should be included in

an incident response plan. Please permit me to chip in some contributions, especially regarding

the chain of custody. As you've mentioned in your post, the chain of custody is a record

describing the scene, evidence, and personnel involved. A great chain of custody should undergo

the process of taking notes about the time and date of the incident, item description, item(s)
conditions, recovery location, etc. Further, the custody chain should be marked and packaged

and sealing the evidence to prevent tampering. To acquire a chain of custody accuracy and

completeness, the number of individuals handling the evidence should be limited, the names and

ID numbers and dates on the chain of custody documents should be confirmed, ensure proper

sealing of the evidence and are marked before being submitted, and finally, obtained a secure or

signed receipts on transferring the evidence. This ensures that evidence is protected to make it

admissible in courts (Shah et al., 2017).

Reference

Shah, M. S. M. B., Saleem, S., & Zulqarnain, R. (2017). Protecting digital evidence integrity and

preserving the chain of custody. Journal of Digital Forensics, Security and Law, 12(2), 12.

Reply 2:

Hello Tulasi, it was great reading your post. As you've mentioned, the chain of custody plays a

chief role during evidence presented in court. In the digital arena, digital evidence plays a crucial

role in the investigation of a cyber-crime and is used in linking persons with criminal activities.

Thus, it is of extreme importance to guarantee integrity, authenticity, and auditability of the

digital evidence as it moves in the different hierarchical levels (Refe Lone and Mir, 2018). In a

criminal case, the typical evidence log constitutes of date and time of evidence collection, the

name of the investigator, location of the evidence was collected, the reason for the evidence

collection, relevant serial numbers, description of the evidence, the method used in evidence

collection, etc. For the log to be complete, it should have the signatures of parties involved in

possession of the evidence, date and time of evidence transfer, manner with which the evidence

was transferred, security conditions before the transfer, handling and storage of the evidence, etc.

(Just Criminal Law, 2020)

Reference

Refe Lone, A. H., & Mir, R. N. (2018). Forensic-chain: ethereum blockchain based digital

forensics chain of custody. Sci. Pract. Cyber Secur. J. rence

Just Criminal Law. (2020). CHAIN OF CUSTODY AND WHY IT IS IMPORTANT IN A

CRIMINAL CASE. https://www.justcriminallaw.com/criminal-charges-

questions/2020/08/26/chain-custody-important-criminal-case/