Skip to the main content.

1 min read

The Eight Step to Forensic Readiness: Incident Response Training & Awareness

Featured Image

The end goal of this step is to ensure that internal training & awareness programs take place within your organization since your employees may be involved in the process of handling security incidents. 

Incident response training

Training will also ensure that your employees are ready to take on roles related to the handling and preservation of evidence. Learn how to create proactive training sessions for your staff so that all those involved understand their role in the digital evidence process and the legal sensitivities of evidence.

According to IJDE, the following groups will require more specialized awareness training:

  • The investigating team

  • Corporate HR department

  • Corporate PR department (to manage any public information about the incident)

  • Owners of business processes or data

  • Line management

  • Corporate security

  • System administrators

  • IT management

  • Legal advisers

  • Senior Management (potentially up to board level) 



Enterprise Forensics Guide

Download our Enterprise Forensics Guide and learn more how you can elevate your incident response processes.



If an incident occurs, a multi-disciplinary team will be gathered from the above-listed groups. Therefore, it is more than beneficial to keep employees educated and aware on incident response management and digital evidence handling.

Due to the sensitivity of the event and tasks themselves, it is good to have an incident response plan with listed tasks and responsibilities for each employee. This will require extensive support and training to understand the decision points, to make the right decisions, and to avoid tainting evidence or prejudicing a case. Role-play training is ideally suited to this scenario. 

Therefore, as a wide range of employees may be a part of the incident response handling it is essential to ensure appropriate training to prepare staff for the various roles they may play before, during, and after an incident. It is also necessary to ensure that staff is competent to perform any roles related to the handling and preservation of evidence. 

In the next step, we will learn more about incident response documents and reporting. Go to the blog to learn about the previous steps to forensic readiness.

macos forensics

Binalyze AIR Product Release 2.7.0

We are excited to announce the release and general availability of Binalyze AIR 2.7.0

Read More

Why It Is Time To Rethink How You Are Using Digital Forensics

Digital Forensics is a vital part of a mature cybersecurity stack but the field of digital forensics is more than 40 years old, and so are the...

Read More

Join us at the virtual roundtable carried out by GLACY+ Project in cooperation with APWG.EU

We are living in an era, where the volume and sophistication of cyberattacks have increased as a result of overflowing data and increased attack...

Read More