(a) The command shall establish a digital forensics laboratory to:
(1) in collaboration with the cybersecurity incident response unit under Section 2063.202, develop procedures to:
- (A) preserve evidence of a cybersecurity incident, including logs and communication;
- (B) document chains of custody; and
- (C) timely notify and maintain contact with the appropriate law enforcement agencies investigating a cybersecurity incident;
- (2) develop and share with relevant state agencies and covered entities, subject to a contractual agreement, cyber threat hunting tools and procedures to assist in identifying indicators of a compromise in the cybersecurity of state information systems and non-state information systems, as appropriate;
- (3) conduct analyses of causes of cybersecurity incidents and of remediation options;
- (4) conduct assessments of the scope of harm caused by cybersecurity incidents, including data loss, compromised systems, and system disruptions;
- (5) provide information and training to state agencies and covered entities on producing reports required by regulatory and auditing bodies;
- (6) in collaboration with the Department of Public Safety, the Texas Military Department, the office of the attorney general, and other state agencies, provide forensic analysis of a cybersecurity incident to support an investigation, attribution process, or other law enforcement or judicial action; and
- (7) undertake any other activities necessary to carry out the duties described by this subsection.
- (b) The chief shall employ a director for the digital forensics laboratory.
Added by Acts 2025, 89th Leg., R.S., Ch. 331 (H.B. 150), Sec. 1, eff. September 1, 2025.