Information systems are the main support for the preservation of the whole business know-how. Every company implements security systems that can meet the threats that may arise, but also the most advanced systems can be breached or compromised. Therefore it becomes very important to get ready to face a computer crash.
The traditional techniques for incident response, based on plans for system restoration, too often are lacking in the event reconstruction phase. A forensic readiness plan can be defined as the implementation of rules and data retention policies whose purpose is to facilitate the work of a forensic analyst, who, in case of accident, has all the necessary information available for a correct reconstruction of facts