2 research outputs found
Digital forensics investigation reduction model (DIFReM) framework for Windows 10 OS
The advent of the digital age, globalization and automation has made life easier for people and businesses. However, the ubiquitous use of digital devices and the Internet also heightens the risk and incidents of cybercrimes. Under these circumstances, Digital Forensics has become a critical countermeasure. The ISO/IEC 27001 (Information security standards published jointly by the International Organization for Standardization – ISO and the International Electrotechnical Commission-IEC) provides guidance on identifying, gathering/collecting/acquiring, handling and protecting/preserving Digital Forensic evidence for use in court. The most challenging and important part of Digital Forensic Investigation (DFI) is data examination. Knowing the data created by the Operating System (OS) or user beforehand would ease the process. Unfortunately, most of the time, such details are not available to facilitate investigation. The examination phase is the most challenging for an investigator; in Microsoft Windows OS (Operating System). Investigators have to go through terabytes of system data, most of which are OS and application files irrelevant to the investigation from a suspect’s computer. To address the problem highlighted above, this research proposes a data reduction model (DIFReM) and a tool which will not only help the investigator in identifying modified system files but also has the ability to detect files inserted into system directories and also be able to verify integrity using hashing. In the end, this research will provide the investigator with a more effective and efficient digital forensics tools
ISMS role in the improvement of digital forensics related process in SOC's
Organizations concerned about digital or computer forensics capability which
establishes procedures and records to support a prosecution for computer crimes
could benefit from implementing an ISO 27001: 2013-compliant (ISMS Information
Security Management System). A certified ISMS adds credibility to information
gathered in a digital forensics investigation; certification shows that the
organization has an outsider which verifies that the correct procedures are in
place and being followed. A certified ISMS is a valuable tool either when
prosecuting an intruder or when a customer or other stakeholder seeks damages
against the organization. SOC (Security Operation Center) as an organization or
a security unit which handles a large volume of information requires a
management complement, where ISMS would be a good choice. This idea will help
finding solutions for problems related to digital forensics for non-cloud and
cloud digital forensics, including Problems associated with the absence of
standardization amongst different CSPs (Cloud service providers).Comment: 8 pages, 4 figures, 1 tabl