# Digital Forensic Readiness Assessment ## forensics.breached.company | CISO Marketplace > A free, interactive digital forensics readiness assessment tool for security teams and CISOs. Evaluate your organization's ability to collect, preserve, and analyze digital evidence during security incidents and legal proceedings. Based on NIST SP 800-86, ISO/IEC 27037, and 2025/2026 DFIR industry standards. --- ## What This Tool Does This tool provides a structured 32-question assessment across 8 critical dimensions of digital forensic readiness. Organizations answer questions on a 0–3 scale (No Capability → Optimized) and receive: - A real-time maturity score (0–96 points) with percentage and maturity level (Initial / Developing / Defined / Managed / Optimized) - Per-category scores across all 8 forensic domains - Tailored improvement recommendations based on current score - Access to a curated 2025/2026 forensic tools guide - Step-by-step DIY forensics procedures - Best practices based on latest research --- ## Assessment Categories (8 Dimensions) 1. **Evidence Collection Capability** — Documented procedures, volatile memory collection, cloud evidence collection, Faraday bag availability 2. **Chain of Custody Procedures** — Documentation practices, hash verification (SHA-256/512), write blocker usage, integrity proof 3. **Forensic Tool Availability** — Imaging tools (FTK Imager, Magnet ACQUIRE), memory forensics tools (Volatility 3), analysis platforms (EnCase, Nuix), update validation 4. **Log Retention & Preservation** — Retention periods, tamper-evident storage, SIEM export capability, volatile data collection 5. **Forensic Imaging & Acquisition** — Forensically sound images, storage capacity, live acquisition, encryption 6. **Legal Hold & E-Discovery** — Legal hold procedures, email/document preservation, subpoena response, metadata preservation 7. **Incident Response Integration** — DFIR integration in IR plan, team training and certifications, automated collection triggers, external forensic retainers 8. **Expert Witness & Legal Support** — Certified expert access, court-admissible procedures, professional certifications (GCFA, GCFE, EnCE), court-ready report capability --- ## Maturity Levels | Level | Score Range | Description | |-------|-------------|-------------| | Initial | 0–24% | Ad-hoc forensic capabilities with minimal documentation | | Developing | 25–49% | Basic forensic procedures in place but inconsistently applied | | Defined | 50–69% | Documented and standardized forensic processes | | Managed | 70–89% | Measured and controlled forensic readiness program | | Optimized | 90–100% | Continuously improving forensic capabilities with automation | --- ## Key Forensic Tools Featured (2025/2026) - **Volatility 3** (Open Source) — Memory forensics framework for Windows, Linux, Mac, Android - **FTK Imager** (Free/Commercial) — Industry-standard forensic imaging, E01/AFF/DD formats - **Magnet ACQUIRE** (Commercial) — Cross-platform acquisition including cloud evidence - **Belkasoft X** (Commercial) — AI-powered DFIR platform - **SIFT Workstation** (Open Source) — SANS 100+ tool forensic Linux distribution - **Cellebrite Digital Collector** (Commercial) — Enterprise live and dead-box imaging - **WinPmem / AVML** (Open Source) — Memory acquisition for Windows/Linux - **Autopsy** (Open Source) — Digital forensics platform with timeline analysis - **GRR Rapid Response** (Open Source) — Google's remote forensics framework - **Velociraptor** (Open Source) — Endpoint visibility with VQL query language --- ## Standards & Frameworks Referenced - NIST SP 800-86 (Guide to Integrating Forensic Techniques into Incident Response) - ISO/IEC 27037 (Guidelines for identification, collection, acquisition, and preservation of digital evidence) - SANS DFIR curriculum and certifications (GCFA, GCFE, GREM) - Cellebrite digital evidence best practices - Cloud-native forensics (AWS, Azure, GCP evidence collection patterns) --- ## Best Practices Covered - Blockchain chain of custody for immutable evidence tracking - Cloud-native forensics (VM snapshots, hibernation memory capture, container checkpointing via Kubelet API) - AI/ML-powered forensic analysis and artifact extraction - Continuous telemetry collection via EDR/XDR - Zero-trust evidence handling (AES-256+, role-based access, MFA) - Automated legal hold across email, documents, cloud storage --- ## Related CISO Marketplace Tools - [Incident Response Tools](https://incidentresponse.tools/) — IR toolkit and resources - [IR Maturity Assessment](https://ir.breached.company/) — Evaluate IR program maturity - [IR Cost Calculator](https://ircost.breached.company/) — Estimate IR engagement costs and budget - [Backup & Recovery Resilience](https://backups.breached.company/) — Assess backup readiness - [Data Breach Cost Calculator](https://databreachcostcalculator.com/) — Estimate breach financial impact - [Fine My Data](https://finemydata.com/) — Calculate GDPR/CCPA regulatory fines - [Cyber Insurance Calculator](https://cyberinsurancecalc.com/) — Determine appropriate coverage - [Ransomware Maturity](https://ransomwarematurity.com/) — Ransomware readiness assessment - [CISO Marketplace](https://cisomarketplace.services/) — Complete hub for CISO tools and resources --- ## Technical Details - **Type:** Single-page React application (Vite build) - **Hosting:** Cloudflare Pages - **Domain:** forensics.breached.company - **Free to use:** No registration, no data collection on answers (client-side only) - **Last updated:** May 2026 --- *Part of the CISO Marketplace ecosystem. Built to help security professionals self-assess and improve their digital forensics posture without expensive consultants.*