Psychosocial Forensics

Psychosocial Forensics

Exploring a number of novel approaches to operational forensics, by Barry Hood.

This article takes as its subject that of Operational Forensics, rather than just Computer or Digital Forensics. Whereas the latter is concerned with the gathering of evidence for prosecution or disciplinary action, the former is more concerned with gathering evidence for the purpose of correction and improvement. That is to investigate an incident with the following in mind:

• To find evidence of root causes rather than proximate causes

• To extend the investigation beyond the normal contexts to any additional ones relevant to improvement

• To approach matters holistically and systematically with the intent of providing effective and efficacious solutions to prevention in the future By effective we mean that the solution is addressing the correct problem – doing the right thing (pursuing the root cause for example). By efficacious we mean that the solution is correctly implemented – doing it right.

In addition Operational Forensics is often done in real or near real time. The longer an incident goes unexplained and uncorrected, the more opportunity there is for further incidents of that form.

In order to carry out the sort of investigation required for operational forensics the process has to cover more than just Physical and Digital Forensics. It needs to cover all of the security areas. This leads to the following forensic areas being indentified…what are they? See issue 4 for the answers, subscribe today!

The full article appears in Issue 4 of Digital Forensics Magazine, published 1st Aug 2010. You must log in with a valid subscription to read on...