Investigating the factors that influence digital forensic readiness in a South African organisation

Includes bibliographical references.Computer crimes affect the bottom line of organisations across the globe. The ability of criminals to exploit organisational systems and avoid prosecution is a concern for most organisations. This is due to the increased use of information and communication technology (ICT) by individuals and organisations. The rapid growth of ICT has affected our communication and information exchange. These advances have not only influenced the way we conduct our daily activities, but has also led to new opportunities, risks and challenges for technical and legal structures. Unfortunately, some individuals and groups have decided to use these ICT advances in order to engage in criminal activities, such as cybercrime. The increase of cyber-related crimes puts a lot of pressure on law enforcement agencies and organisations across the globe to produce credible digital forensic evidence

Automating Vendor Fraud Detection in Enterprise Systems

Fraud is a multi-billion dollar industry that continues to grow annually. Many organizations are poorly prepared to prevent and detect fraud. Fraud detection strategies are intended to quickly and efficiently identify fraudulent activities that circumvent preventative measures. In this paper, we adopt a DesignScience methodological framework to develop a model for detection of vendor fraud based on analysis of patterns or signatures identified in enterprise system audit trails. The concept is demonstrated by developing prototype software. Verification of the prototype is achieved by performing a series of experiments. Validation is achieved by independent reviews from auditing practitioners. Key findings of this study are: (a) automating routine data analytics improves auditor productivity and reduces time taken to identify potential fraud; and (b) visualizations assist in promptly identifying potentially fraudulent user activities. The study makes the following contributions: (a) a model for proactive fraud detection; (b) methods for visualizing user activities in transaction data; and (c) a stand-alone Monitoring and Control Layer (MCL) based prototype

Digital Forensic Readiness in Organizations: Issues and Challenges

With the evolution in digital technologies, organizations have been forced to change the way they plan, develop, and enact their information technology strategies. This is because modern digital technologies do not only present new opportunities to business organizations but also a different set of issues and challenges that need to be resolved. With the rising threats of cybercrimes, for example, which have been accelerated by the emergence of new digital technologies, many organizations as well as law enforcement agencies globally are now erecting proactive measures as a way to increase their ability to respond to security incidents as well as create a digital forensic ready environment. It is for this reason that, this paper presents the different issues and challenges surrounding the implementation of digital forensic readiness in organizations. The main areas of concentration will be: the different proactive measures that organizations can embrace as a way to increase the ability to respond to security incidents and create a digital forensic ready environment. However, the paper will also look into the issues and challenges pertaining to data retention and disposition in organizations which may also have some effects on the implementation of digital forensic readiness. This is backed up by the fact that although the need for digital forensics and digital evidence in organizations has been explored, as has been the need for digital forensic readiness within organizations, decision-makers still need to understand what is needed within their organizations to ensure effective implementation of digital forensic readiness

Cloud Forensics Investigations Relationship: A Model And Instrument

Cloud computing is one of the most important advances in computing in recent history. cybercrime has developed side by side and rapidly in recent years. Previous studies had confirmed the existing gap between cloud service providers (CSPs) and law enforcement agencies (LEAs), and LEAs cannot work without the cooperation of CSPs. Their relationship is influenced by legal, organisational and technical dimensions, which affect the investigations. Therefore, it is essential to enhance the cloud forensics relationship between LEAs and CSPs. This research addresses the need for a unified collaborative model to facilitate proper investigations and explore and evaluate existing different models involved in the relationship between Omani LEAs and local CSPs as a participant in investigations. Further, it proposes a validated research instrument that can be cloud forensics survey. It can also be used as an evaluation tool to identify, measure, and manage cloud forensic investigations

Automating Vendor Fraud Detection in Enterprise Systems

Fraud is a multi-billion dollar industry that continues to grow annually. Many organisations are poorly prepared to prevent and detect fraud. Fraud detection strategies are intended to quickly and efficiently identify fraudulent activities that circumvent preventative measures. In this paper we adopt a Design-Science methodological framework to develop a model for detection of vendor fraud based on analysis of patterns or signatures identified in enterprise system audit trails. The concept is demonstrated be developing prototype software. Verification of the prototype is achieved by performing a series of experiments. Validation is achieved by independent reviews from auditing practitioners. Key findings of this study are: i) automating routine data analytics improves auditor productivity and reduces time taken to identify potential fraud, and ii) visualisations assist in promptly identifying potentially fraudulent user activities. The study makes the following contributions: i) a model for proactive fraud detection, ii) methods for visualising user activities in transaction data, iii) a stand-alone MCL-based prototype.</p

A holistic based digital forensic readiness framework for Zenith Bank, Nigeria

The advancement of internet has made many business organizations conduct their operation automatically, in effect its open a possibly dangerous unforeseen information security incidents of both illegal and civil nature. Therefore, if any organization does’t arrange themselves for such instances, it’s likely that vital significant digital evidence will be damage. In other word an organization should has a digital forensic readiness framework (DFR). DFR is the capacity of anyassociation to exploit its prospective to use digital evidence whilst minimizing the cost of investigation. Subsequently, in order to prepare organizations for incident responds, the application of digital forensic readiness policies and procedures is important. Contemporary lack of forensic skills is one of the factors that make organizations reluctant to implement digital forensics. This project propose a holistic-based framework of DFR and investigate how it can be applied to Zenith Bank Plc. This paper surveys existing frameworks to identify the best-suited practical components for Zenith Bank’s operational unit

A Comparative Assessment of Computer Security Incidence Handling

Incidence response and handling has become quite a crucial, indispensible constituent of information technology security management, as it provides an organised way of handling the aftermaths of a security breach. It presents an organisation’s reaction to illegitimate and unacceptable exploits on its assets or infrastructure. The goal must be to successfully neutralise the incident, such that damages are significantly reduced with attendant reduction in recovery time and costs. To achieve this, several approaches and methodologies proposed have been reviewed with a view to identifying essential processes. What is needed is referred to as incident capability mingled with collaborations. This defines a shift from response to management of computer security incidents in anointer relationship manner that foster collaboration through the exchange and sharing of incidence management details among several distinct organizations. Key step-up aspects centre on issues of enforcing and assuring trust and privacy. A viable collaborative incident response approach must be able to proffer both proactive and reactive mechanisms that are management-oriented and incorporating all required techniques and procedures

Mobile bullying : investigating the non-technical factors that influence forensic readiness in township schools in South Africa

The increasing use of mobile devices by high school learners has resulted in increased networking activities for learners who take advantage of opportunities presented by mobile technologies. Mobile technology continues to play a key role in facilitating online interactions amongst South African youth, and some learners use mobile technology to enhance their learning capabilities. However, such electronic operations have also presented new risks particularly in the developing countries where online bullying is on the rise and investigations of such incidents or threats are expensive. Mobile bullying and lack of discipline of bullies, for instance, are major concerns in the society at large. To control these incidents, learners and teachers need to know what to do when incidents arise. The process of digital forensic investigation is typically left for those specialising in the field of digital forensics. Those responsible for learner's safety in schools are often faced with situations where they have to perform basic investigations or preserve evidence for incident escalation to the specialists. However, schools often do not prepare themselves well enough for the challenges relating to mobile bullying. They find themselves not knowing where to start or how to preserve evidence. Digital forensic investigations are even more challenging in school settings because of the dynamic nature of these environments. While studies have been conducted in the developed countries, little is still known about how schools in the developing world, for instance South Africa, may handle mobile bullying. Very little is known about how schools in the developing countries may maximise their potential to use digital evidence while minimising the impact resulting from the incident. There is limited guidance on how to be digital forensic ready in schools where teachers, learners, principals, and other role players are not trained well enough to deal with mobile bullying. The objective of this study was to provide insight into factors that enhance the non-technical forensic readiness program in township schools and the ability of teachers to investigate mobile bullying incidents. The study aimed at employing concepts of forensic readiness to ignite schools' ability to prepare for response to mobile bullying incidents and create a digital forensic ready learning environment. The study was conducted in South Africa, Limpopo and North West provinces. Five schools agreed to participate in this study; eighty-two valid responses were obtained from teachers. The study followed mixed methods approach to the theory