Digital Forensic Readiness: An Examination of Law Enforcement Agencies in the State of Maryland

Digital forensic readiness within the law enforcement community, especially at the local level, has gone mostly unexplored. As a result, a current lack of data exists that examines the digital forensic readiness of individual agencies, the possibility of proximity relationships, and correlations between readiness and backlogs. This quantitative, crosssectional research study sought to explore these issues by focusing on the state of Maryland. The study resulted in the creation of a digital forensic readiness scoring model that was then used to assign digital forensic readiness scores to thirty (30) of the one-hundred-forty-one (141) law enforcement agencies throughout Maryland. It was found that an agency’s proximity to a major resource center (hub) did not positively or negatively influence readiness. It was also found that agencies with higher digital forensic readiness scores may be more likely to exhibit backlogs as a result of external agency dependencies. It should be noted, however, that digital forensic readiness scores should not be viewed as a reliable predictive indicator for the existence of backlogs. These findings establish a baseline for the state of Maryland that can be used to monitor, sustain, or improve levels of digital forensic readiness within the state or in a broader national context; it has the potential of enhancing public safety and the field at large

Mobile health applications digital evidence taxonomy with knowledge sharing approach for digital forensics readiness

M-health is the current application that capable to monitor and detect human biological change and used the Internet as a platform to transfer and receive the data from the cloud providers. However, the advancement of Internet of Things (IoT) technology poses a great challenge for digital forensic experts in order to preserve, acquire and analyse digital evidence. Digital evidence taxonomy is one technique in digital forensics that facilitates digital forensics readiness and integration with knowledge sharing approach is necessary to allow digital forensics experts to share their knowledge. Therefore, this research was carried out that consists three phases, namely (1) initial phase, (2) intermediate phase and (3) final phase. In the initial phase, a systematic literature review was conducted to identify any potential gaps from the existing studies. Subsequently, digital evidence taxonomy in the IoT forensics layers was adopted, which consisted of three artefact categories to represent the IoT forensics layers. In the intermediate phase, 34 top rating m-health apps were used as a case study to validate the digital evidence taxonomy. From the analysis of the result, various types of information for forensic investigation were acquired, such as type of outdoor activity, activity timestamp, client IP address and date accessed. In the final phase, the M-Health Digital Evidence Taxonomy System (MDETS) was developed as a proof of concept to demonstrate the integration of digital evidence taxonomy with the knowledge-sharing approach to facilitate digital forensic readiness. Interviews were used as the instrument tool to evaluate knowledge sharing in terms of people, process and technology elements in enabling digital forensic readiness. The results from the interviews support that knowledge sharing facilitates digital forensic readiness in terms of people, process and technology elements. As a conclusion, the integration of digital evidence taxonomy with the knowledge-sharing approach gives the opportunity for the digital forensic community to enhance the existing approach or procedure to increase the findings of a digital forensic investigation and make digital forensic readiness more proactive within the organisation

Digital Forensic Readiness in Organizations: Issues and Challenges

With the evolution in digital technologies, organizations have been forced to change the way they plan, develop, and enact their information technology strategies. This is because modern digital technologies do not only present new opportunities to business organizations but also a different set of issues and challenges that need to be resolved. With the rising threats of cybercrimes, for example, which have been accelerated by the emergence of new digital technologies, many organizations as well as law enforcement agencies globally are now erecting proactive measures as a way to increase their ability to respond to security incidents as well as create a digital forensic ready environment. It is for this reason that, this paper presents the different issues and challenges surrounding the implementation of digital forensic readiness in organizations. The main areas of concentration will be: the different proactive measures that organizations can embrace as a way to increase the ability to respond to security incidents and create a digital forensic ready environment. However, the paper will also look into the issues and challenges pertaining to data retention and disposition in organizations which may also have some effects on the implementation of digital forensic readiness. This is backed up by the fact that although the need for digital forensics and digital evidence in organizations has been explored, as has been the need for digital forensic readiness within organizations, decision-makers still need to understand what is needed within their organizations to ensure effective implementation of digital forensic readiness

Digital forensic readiness intelligence crime repository

It may not always be possible to conduct a digital (forensic) investigation post-event if there is no process in place to preserve potential digital evidence. This study posits the importance of digital forensic readiness, or forensic-by-design, and presents an approach that can be used to construct a Digital Forensic Readiness Intelligence Repository (DFRIR). Based on the concept of knowledge sharing, the authors leverage this premise to suggest an intelligence repository. Such a repository can be used to cross-reference potential digital evidence (PDE) sources that may help digital investigators during the process. This approach employs a technique of capturing PDE from different sources and creating a DFR repository that can be able to be shared across diverse jurisdictions among digital forensic experts and law enforcement agencies (LEAs), in the form of intelligence. To validate the approach, the study has employed a qualitative approach based on a number of metrics and an analysis of experts\u27 opinion has been incorporated. The DFRIR seeks to maximize the collection of PDE, and reducing the time needed to conduct forensic investigation (e.g., by reducing the time for learning). This study then explains how such an approach can be employed in conjunction with ISO/IEC 27043: 2015

Proposing a maturity assessment model based on the digital forensic readiness commonalities framework

Magister Commercii (Information Management) - MCom(IM)The purpose of the study described in this thesis was to investigate the structure required to implement and manage digital forensic readiness within an enterprise. A comparative analysis of different digital forensic readiness frameworks was performed and, based on the findings of the analysis, the digital forensic readiness commonalities framework (DFRCF) was extended. The resultant structure was used to design a digital forensic readiness maturity assessment model (DFRMAM) that will enable organisations to assess their forensic readiness. In conclusion, both the extended DFRCF and the DFRMAM are shown to be validated by forensic practitioners, using semi-structured interviews. A qualitative research design and methodology was used to perform a comparative analysis of the various digital forensic readiness frameworks, to comprehend the underlying structures. All the participant responses were recorded and transcribed. Analysis of the findings resulting from the study showed that participants mostly agreed with the structure of the extended DFRCF; however, key changes were introduced to the extended DFRCF. The participants also validated the DFRMAM, and the majority of respondents opted for a checklist-type MAM. Digital forensic readiness is a very sensitive topic since organisations fear that their information might be made public and, as a result, increase their exposure to forensic incidents and reputational risk. Because of this, it was difficult to find participants who have a forensic footprint and are willing, able, and knowledgeable about digital forensic readiness. This study will contribute to the body of knowledge by presenting an original, validated DFRCF and DFRMAM. Practitioners and organisations now have access to non-proprietary DFRMAM

Mobile health applications digital evidence taxonomy with knowledge sharing approach for digital forensics readiness

M-health is the current application that capable to monitor and detect human biological change and used the Internet as a platform to transfer and receive the data from the cloud providers. However, the advancement of Internet of Things (IoT) technology poses a great challenge for digital forensic experts in order to preserve, acquire and analyse digital evidence. Digital evidence taxonomy is one technique in digital forensics that facilitates digital forensics readiness and integration with knowledge sharing approach is necessary to allow digital forensics experts to share their knowledge. Therefore, this research was carried out that consists three phases, namely (1) initial phase, (2) intermediate phase and (3) final phase. In the initial phase, a systematic literature review was conducted to identify any potential gaps from the existing studies. Subsequently, digital evidence taxonomy in the IoT forensics layers was adopted, which consisted of three artefact categories to represent the IoT forensics layers. In the intermediate phase, 34 top rating m-health apps were used as a case study to validate the digital evidence taxonomy. From the analysis of the result, various types of information for forensic investigation were acquired, such as type of outdoor activity, activity timestamp, client IP address and date accessed. In the final phase, the M-Health Digital Evidence Taxonomy System (MDETS) was developed as a proof of concept to demonstrate the integration of digital evidence taxonomy with the knowledge-sharing approach to facilitate digital forensic readiness. Interviews were used as the instrument tool to evaluate knowledge sharing in terms of people, process and technology elements in enabling digital forensic readiness. The results from the interviews support that knowledge sharing facilitates digital forensic readiness in terms of people, process and technology elements. As a conclusion, the integration of digital evidence taxonomy with the knowledge-sharing approach gives the opportunity for the digital forensic community to enhance the existing approach or procedure to increase the findings of a digital forensic investigation and make digital forensic readiness more proactive within the organisation

Secure Storage Model for Digital Forensic Readiness

Securing digital evidence is a key factor that contributes to evidence admissibility during digital forensic investigations, particularly in establishing the chain of custody of digital evidence. However, not enough is done to ensure that the environment and access to the evidence are secure. Attackers can go to extreme lengths to cover up their tracks, which is a serious concern to digital forensics – particularly digital forensic readiness. If an attacker gains access to the location where evidence is stored, they could easily alter the evidence (if not remove it altogether). Even though integrity checks can be performed to ensure that the evidence is sound, the collected evidence may contain sensitive information that an attacker can easily use for other forms of attack. To this end, this paper proposes a model for securely storing digital evidence captured pre- and post-incident to achieve reactive forensics. Various components were considered, such as integrity checks, environment sandboxing, strong encryption, two-factor authentication, as well as unique random file naming. A proof-of-concept tool was developed to realize this model and to prove its validity. A series of tests were conducted to check for system security, performance, and requirements validation, Overall, the results obtained showed that, with minimal effort, securing forensic artefacts is a relatively inexpensive and reliable feat. This paper aims to standardize evidence storage, practice high security standards, as well as remove the need to create new systems that achieve the same purpose

Are You Ready? A Proposed Framework For The Assessment Of Digital Forensic Readiness

This dissertation develops a framework to assess Digital Forensic Readiness (DFR) in organizations. DFR is the state of preparedness to obtain, understand, and present digital evidence when needed. This research collects indicators of digital forensic readiness from a systematic literature review. More than one thousand indicators were found and semantically analyzed to identify the dimensions to where they belong. These dimensions were subjected to a q-sort test and validated using association rules, producing a preliminary framework of DFR for practitioners. By classifying these indicators into dimensions, it was possible to distill them into 71 variables further classified into either extant or perceptual variables. Factor analysis was used to identify latent factors within the two groups of variables. A statistically-based framework to assess DFR is presented, wherein the extant indicators are used as a proxy of the real DFR status and the perceptual factors as the perception of this status

A holistic based digital forensic readiness framework for Zenith Bank, Nigeria

The advancement of internet has made many business organizations conduct their operation automatically, in effect its open a possibly dangerous unforeseen information security incidents of both illegal and civil nature. Therefore, if any organization does’t arrange themselves for such instances, it’s likely that vital significant digital evidence will be damage. In other word an organization should has a digital forensic readiness framework (DFR). DFR is the capacity of anyassociation to exploit its prospective to use digital evidence whilst minimizing the cost of investigation. Subsequently, in order to prepare organizations for incident responds, the application of digital forensic readiness policies and procedures is important. Contemporary lack of forensic skills is one of the factors that make organizations reluctant to implement digital forensics. This project propose a holistic-based framework of DFR and investigate how it can be applied to Zenith Bank Plc. This paper surveys existing frameworks to identify the best-suited practical components for Zenith Bank’s operational unit

Digital Forensic Readiness in Megacities

As megacities emerge in splendor, so also do threats to security and sustainability of these cities. Earlier research found out that the leading threat amongst several security and safety threats in megacities are organized crimes. Since technology is involved in all facets of megacities, including the threats therein, this paper seeks to stimulate scientific curiosity in finding out effective and sustainable ways of harnessing technology in readiness, to protect these cities from threats rather than reactively responding to them. Using Lagos State, an emerging mega city as a case study, we seek how to systematically execute this concern which should be built from the scratch into megacities systems.A Megacity Digital Forensic Readiness Model (MEDFORM) is proposed in this paper