Designing and Evaluating an Automatic Forensic Model for Fast Response of Cross-Border E-Commerce Security Incidents

[[abstract]]The rapid development of cross-border e-commerce over the past decade has accelerated the integration of the global economy. At the same time, cross-border e-commerce has increased the prevalence of cybercrime, and the future success of e-commerce depends on enhanced online privacy and security. However, investigating security incidents is time- and cost-intensive as identifying telltale anomalies and the source of attacks requires the use of multiple forensic tools and technologies and security domain knowledge. Prompt responses to cyber-attacks are important to reduce damage and loss and to improve the security of cross-border e-commerce. This article proposes a digital forensic model for first incident responders to identify suspicious system behaviors. A prototype system is developed and evaluated by incident response handlers. The model and system are proven to help reduce time and effort in investigating cyberattacks. The proposed model is expected to enhance security incident handling efficiency for cross-border e-commerce.[[notice]]補正完

An ad hoc detailed review of digital forensic investigation process models

For the past decade, digital forensics has been the subject of scientific study, and as a result it has become an established research and application field. One of the foundational methods in which the researchers in the field have attempted to comprehend the scientific basis of this discipline has been to develop models which reflect their observations. Various process models have been developed describing the steps and processes to follow during a digital forensic investigation. This paper provides a detailed review of 11 published papers representing digital forensic process models. The aim of this review is to gain background knowledge of the existing research on the digital forensic investigation process models and the problems associated with those models

The Comprehensive Digital Forensic Investigation Process Model (CDFIPM) for Digital Forensic Practice

Nowadays, as a result of the ubiquitous nature of information technology, evidence presented in court is less likely to be on paper. Evidence of computer crime also differs from that related to traditional crimes for which there are well established standards and procedures. In order for digital evidence to be admissible, investigators need to demonstrate that they have specialised knowledge and have applied reliable principles and models to acquire it. Careful notice is taken in court of the manner in which the digital investigative process has been carried out. However, despite such requisites, the field of digital forensics still lacks formal process models that courts can employ to determine the reliability of the process followed in a digital investigation. The existing models have often been developed by digital forensic practitioners, based on their own personal experience and on an ad-hoc basis, without attention to the establishment of standardisation within the field. This has prevented the institution of the formal processes that are urgently required. Moreover, as digital forensic investigators often operate within different fields of law enforcement, commerce and incident response, the existing models have often tended to focus on one particular field and have failed to consider all environments. This has hindered the development of a generic model that can be applied in all the different fields of digital forensics. In addition, the existing models often capture only one part of the investigative process as opposed to the entire process. To address these shortcomings, this research makes a novel contribution by proposing a Comprehensive Digital Forensic Investigation Process Model (the CDFIPM), encompassing the entire digital investigative process, which is formal 1 in that it synthesizes, harmonises and extends the existing models, and which is generic in that it can be applied in the three stated fields of digital forensics. The methodology used to carry out this research is the Design Science Research widely adopted in the domain of Information Systems on the basis that it is suitable for the design and development of novel artefacts and the analysis of the performance or use of such artefacts. The Peffers et al’s (2006) Design Science Research Process model is followed during the course of this research as the appropriate selection of the Design Science Research on the basis that it is inclusive of the common elements of the previous Design Science Research studies. Existing models are critically reviewed and assessed against three different assessment criteria including: Beebe and Clark’s four-point requirement, Carrier and Spafford’s fivepoint requirement and the Daubert Test. The result of the model assessment reveals that there does not exist a model that has all the three characteristics of being “comprehensive”, “formal” and “generic”. However, through the model assessment, some models are identified that can contribute to the design and development of the proposed model. Following identification of the prevailing models, their key contributions are determined based on the assessment criteria, and the necessary components for the new model are then identified. A new set of domain-specific components is then developed in addition to the already identified components. Following identification of the necessary components and the newly developed set of domain-specific components, the outcome of the design and development stage is the proposed Comprehensive Digital Forensic Investigation Process Model, the stages of which are represented through the use of the UML Activity Diagrams. Based upon the selected methodology (the DSRP), the CDFIPM is tested through both the Demonstration and Evaluation activities. The Demonstration activity involves applying the model into various cases studies and performing a walkthrough of the model, as well as conducting a forensic laboratory experimentation. The Evaluation stage involves the independent verification and validation of the model by its intended user community, including digital forensic investigators operating within the three fields of relevance for this research, namely law enforcement, commerce and incident response, as well as experts in the domain of digital forensics, legal practitioners, a judge and researchers in both academia and industry. After feeding the results of the Evaluation stage back into the CDFIPM’s design and development stage, the model is amended accordingly