Strategic business management identifies assets at risk and anticipates the threats to them. Prudent organizations predict the risk and set up processes to mitigate the threat in advance or better manage the consequences after a security breach. An organization's IT team is often engaged in profiling the threat to electronic information and implementing threat minimization and management processes. Their primary role is to restore the functionality of electronic resources and networks after security breaches, including physical and personnel security.
Management and IT personnel are increasingly involved in investigating breaches of security, crime incidents, and personnel misconduct, as presented in the case study in Chapter 9, Validating the Evidence, yet they seldom possess the experience and wherewithal to preserve and recover evidence.
Difficulties confront business managers and non-forensic practitioners, who are often the unwitting custodians of digital evidence...