Digitale Forensik in Unternehmen

Die zunehmende und komplexer werdende Vernetzung und die stetige Digitalisierung in Unternehmen werfen oft auch neue Risiken für Angriffe auf die Informationssysteme der Unternehmen auf. Gerade durch das Aufbrechen von Unternehmensnetzen und der immer komplexer werdenden gegenseitigen Integration von Unternehmen, Behörden und Privatpersonen entstehen neue Angriffsvektoren und Risiken. Durch die Digitalisierung wächst zudem die Menge der digitalen Daten, die unter Umständen auch als digitale Spuren zur Aufklärung von Verbrechen verwertet werden müssen, da der Prozentsatz der ausgedruckten oder anderweitig analog vorhandenen Spuren im Vergleich zu den digitalen Spuren beständig schrumpft. Die digitale Forensik als forensische Wissenschaft, die sich mit der Sicherung und Analyse von digitalen Spuren beschäftigt ist aber eine vergleichsweise junge forensische Wissenschaft. Aus diesem Grund untersucht diese Arbeit die grundlegenden Prinzipien und Definitionen der digitalen Forensik und betrachtet anschließend die speziell für digitale forensische Untersuchungen in Unternehmen vorhandenen Problemlösungsstrategien. Auf Basis der Erkenntnisse aus der Betrachtung der vorhandenen Problemlösungsstrategien wird dann eine Methodik für unternehmensforensische Untersuchungen vorgeschlagen. Die Methodik selbst basiert auf dem ebenfalls in dieser Arbeit entwickelten digitalen Spurenverständnis im Kontext der Informations- und Anwendungssysteme von Unternehmen sowie der Definition der Unternehmensforensik, als Teildisziplin der digitalen Forensik. Durch die anschließende Evaluation der Methodik anhand einer Fallstudie sowie in der Praxis wird sowohl ihr Nutzen als auch die Praxistauglichkeit bestätigt. Es zeigen sich aber auch weiterer Forschungsbedarf und neue Problemstellungen für die Unternehmensforensik, die durch zukünftige Arbeiten adressiert werden müssen. Insgesamt kann die Methodik aber den zukünftigen Nutzen und das Potential der Unternehmensforensik aufzeigen

„Weltrecht^2 Entourage Documents (2022)“ - A Standard for a Universal (Technology) Law Lecture in Cyberspace and (Technology) Law (2018)

The present “Entourage Document” is meant to complement the paper “Weltrecht^2 - Multidisciplinary constitutional law scholarship from Germany and the EU” and forms part of the cluster Weltrecht^2. In this Cylaw Report XXXXI are published for the first time and in this format: - the draft of a Teaching Standard (ST): „A Universal STANDARD for a (Technology) Law Lecture“, which seeks to pave the way to a new scientific discipline – CYBERSCIENCE (CySci). This “STANDARD” was first presented at the Internet Work in Progress conferences in 2017 and 2018. In this way, the cyber(law) scientific research system opens up on the level of teaching and learning; - the GLOBALMATRIX; - the Visual Legal Design of Weltrecht^2 (GALAXY metaphor) and - the Weltrecht^2 TAXONOMY as „Entourage Document“ in preparation of the paper to be submitted for the World Congress of Constitutional Law. - In addition, several articles published in the course of the past two decades will, for the first time, be presented in form of a „STEP LADDER“ chronology to exhibit the developing work on CYBERSCIENCE (and in Cyberlaw and AILAW) by an author with the veniae legendi (authority) to teach Public, European and Energy law („Herstory“)

„Weltrecht^2 Entourage Documents“ - A Standard for a Universal (Technology) Law Lecture (2018) [2023/01]

The present “Entourage Document” is meant to complement the paper “Weltrecht^2 - Multidisciplinary constitutional law scholarship from Germany and the EU” and forms part of the cluster Weltrecht^2. In this Cylaw Report XXXXI are published for the first time and in this format: - the draft of a Teaching Standard (ST): „A Universal STANDARD for a (Technology) Law Lecture“, which seeks to pave the way to a new scientific discipline – CYBERSCIENCE (CySci). This “STANDARD” was first presented at the Internet Work in Progress conferences in 2017 and 2018. In this way, the cyber(law) scientific research system opens up on the level of teaching and learning; - the GLOBALMATRIX; - the Visual Legal Design of Weltrecht^2 (GALAXY metaphor) and - the Weltrecht^2 TAXONOMY as „Entourage Document“ in preparation of the paper to be submitted for the World Congress of Constitutional Law. - In addition, several articles published in the course of the past two decades will, for the first time, be presented in form of a „STEP LADDER“ chronology to exhibit the developing work on CYBERSCIENCE (and in Cyberlaw and AILAW) by an author with the veniae legendi (authority) to teach Public, European and Energy law („Herstory“)

Digital Evidence and Forensic Readiness (Dagstuhl Seminar 14092)

The seminar on Digital Evidence and Forensic Readiness provided the space for interdisciplinary discussions on clearly defined critical aspects of engineering issues, evaluation and processes for secure digital evidence and forensic readiness. A large gap exists between the state-of-the-art in IT security and best-practice procedures for digital evidence. Experts from IT and law used this seminar to develop a common view on what exactly can be considered secure and admissible digital evidence. In addition to sessions with all participants, a separation of participants for discussing was arranged. The outcome of these working sessions was used in the general discussion to work on a common understanding of the topic. The results of the seminar will lead to new technological developments as well as to new legal views to this points and to a change of organizational measures using ICT. Finally, various open issues and research topics have been identified. In addition to this report, open research issues will also be published in the form of a manifesto on digital evidence. One possible definition for Secure Digital Evidence was proposed by Rudolph et al. at the Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics 2012. It states that a data record can be considered secure if it was created authentically by a device for which the following holds: - The device is physically protected to ensure at least tamper-evidence. - The data record is securely bound to the identity and status of the device (including running software and configuration) and to all other relevant parameters (such as time, temperature, location, users involved, etc.) - The data record has not been changed after creation. Digital Evidence according to this definition comprises the measured value and additional information on the state of the measurement device. This additional information on the state of the measurement device aims to document the operation environment providing evidence that can help lay the foundation for admissibility. This definition provided one basis of discussion at the seminar and was compared to other approaches to forensic readiness. Additional relevant aspects occur in the forensic readiness of mobile device, cloud computing and services. Such scenarios are already very frequent but will come to full force in the near future. The interdisciplinary Dagstuhl seminar on digital evidence and forensic readiness has provided valuable input to the discussion on the future of various types of evidence and it has build the basis for acceptable and sound rules for the assessment of digital evidences. Furthermore, it has established new links between experts from four continents and thus has set the foundations for new interdisciplinary and international co-operations