Selecting a Forensic Investigator: A How-To Guide

BCLP
Contact
LinkedIn
Facebook
X
Send
Embed

Many competent IT departments lack the expertise, hardware, or software to preserve evidence in a forensically sound manner and to thoroughly investigate a security incident. In-house counsel needs to be able to recognize such a deficiency quickly – and before evidence is lost or inadvertently destroyed – and retain external resources to help collect and preserve electronic evidence and investigate the incident.

Although in the midst of an emergency you may feel that you have relatively little leverage to negotiate preferable terms in a service agreement with a forensic investigator, given the sensitivity of the information to which the investigator will have access it is essential to make sure that your service agreement protects your organization. The following provides a snapshot of information concerning forensic investigations.

$4.9 million 

Highest amount spent on a forensic investigation.1

$261,597

Average amount spent on a forensic investigation.2

$41,747

Median amount spent on a forensic investigation.3

$1,250 - $4.9 million

Range of forensic investigation costs4

 What to consider when retaining a forensic investigator:

  1. Does the forensic investigator have sufficient expertise to conduct the investigation?
  2. Does the forensic investigator have sufficient capacity to immediately deploy resources to timely investigate the incident?
  3. Is there a master service agreement already in place?
  4. Does the agreement contain data security provisions that are appropriate for a contractor that is likely to gain access to sensitive personal information?
  5. Does the agreement contain data privacy provisions that are appropriate for a contractor that is likely to gain access to sensitive personal information?
  6. Is the agreement structured to protect attorney-client privilege?
  7. Does the forensic investigator understand what you expect of them to maintain attorney-client privilege?
  8. Does the agreement include sufficient protections in the event that the forensic investigator is itself breached?
  9. If the organization has cyber-insurance, is the forensic investigator a preferred provider and/or approved by the insurer?
  10. Does the forensic investigator represent a business partner that may have an interest in the incident? If so, is there a potential conflict of interest?

1. Statistics based upon cyber liability insurance claims. Net Diligence, Cyber Claims Study 2015, p. 9 (2015), http://www.netdiligence.com/NetDiligence_2015CyberClaimsStudy.pdf.

2. Id. at 13.

3. Id.

4. Id. at 12.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© BCLP | Attorney Advertising

Written by:

BCLP
BCLP
Contact
more
less

BCLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide