3,339 research outputs found
PRECEPT: A Framework for Ethical Digital Forensics Investigations.
The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction.
Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain.
This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.
In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.
The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.
Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.
Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other
PRECEPT:a framework for ethical digital forensics investigations
Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
Cybersecurity: Are we Ready in Latin America and the Caribbean?
This study aims to deepen our understanding of the cybersecurity risks, challenges and opportunities in Latin America and the Caribbean. Utilizing surveys and other data provided by experts and officials from 32 OAS Member States, the report examines each country’s cyber maturity in five dimensions: i) Cybersecurity policy and strategy; ii) Cyber culture and society; iii) Cybersecurity education, training and skills; iv) Legal and regulatory frameworks; and v) Standards, organizations, and technologies. It should also be noted that the OAS Cybersecurity Program received generous assistance from Microsoft, which helped identify key areas to be presented in the project’s inception phase. The report’s country-by-country approach should help us to develop a more nuanced understanding of each of our States’ cybersecurity regimes and assist policymakers and technicians to strategically improve existing cybersecurity efforts, and to design and implement new initiatives going forward. It must be acknowledged that these findings merely represent a snapshot in time of an ever changing landscape. Further studies will be necessary to continue to keep abreast of the state of cybersecurity in the Americas and the Caribbean. Nevertheless, we hope that by improving our collective understanding of the cybersecurity challenges and opportunities presently confronting our region, the information and analysis contained in this report will assist stakeholders in all sectors government, private sector, academia, and civil society to better work together to build a more secure, resilient and productive cyberspace in our hemisphere. We look forward to continuing to play a role in this vital mission
Roadmap for NIS education programmes in Europe:education
This document continues work from previous activities by suggesting training materials, scenarios and a way forward for implementing the EC roadmap for NIS education in Europe. In doing so, the Agency has recognised the heterogeneous landscape of Europe in this area
D2WFP: A Novel Protocol for Forensically Identifying, Extracting, and Analysing Deep and Dark Web Browsing Activities
The use of the un-indexed web, commonly known as the deep web and dark web,
to commit or facilitate criminal activity has drastically increased over the
past decade. The dark web is an in-famously dangerous place where all kinds of
criminal activities take place [1-2], despite advances in web forensics
techniques, tools, and methodologies, few studies have formally tackled the
dark and deep web forensics and the technical differences in terms of
investigative techniques and artefacts identification and extraction. This
research proposes a novel and comprehensive protocol to guide and assist
digital forensics professionals in investigating crimes committed on or via the
deep and dark web, The protocol named D2WFP establishes a new sequential
approach for performing investigative activities by observing the order of
volatility and implementing a systemic approach covering all browsing related
hives and artefacts which ultimately resulted into improv-ing the accuracy and
effectiveness. Rigorous quantitative and qualitative research has been
conducted by assessing D2WFP following a scientifically-sound and comprehensive
process in different scenarios and the obtained results show an apparent
increase in the number of artefacts re-covered when adopting D2WFP which
outperform any current industry or opensource browsing forensics tools. The
second contribution of D2WFP is the robust formulation of artefact correlation
and cross-validation within D2WFP which enables digital forensics professionals
to better document and structure their analysis of host-based deep and dark web
browsing artefacts
Practical Cybersecurity Ethics: Mapping CyBOK to Ethical Concerns
Research into the ethics of cybersecurity is an established and growing topic
of investigation, however the translation of this research into practice is
lacking: there exists a small number of professional codes of ethics or codes
of practice in cybersecurity, however these are very broad and do not offer
much insight into the ethical dilemmas that can be faced while performing
specific cybersecurity activities. In order to address this gap, we leverage
ongoing work on the Cyber Security Body of Knowledge (CyBOK) to help elicit and
document the responsibilities and ethics of the profession. Based on a
literature review of the ethics of cybersecurity, we use CyBOK to frame the
exploration of ethical challenges in the cybersecurity profession through a
series of 15 interviews with cybersecurity experts. Our approach is qualitative
and exploratory, aiming to answer the research question "What ethical
challenges, insights, and solutions arise in different areas of
cybersecurity?". Our findings indicate that there are broad ethical challenges
across the whole of cybersecurity, but also that different areas of
cybersecurity can face specific ethical considerations for which more detailed
guidance can help professionals in those areas. In particular, our findings
indicate that security decision-making is expected of all security
professionals, but that this requires them to balance a complex mix of
technical, objective and subjective points of view, and that resolving
conflicts raises challenging ethical dilemmas. We conclude that more work is
needed to explore, map, and integrate ethical considerations into cybersecurity
practice; the urgent need to conduct further research into the ethics of
cybersecurity AI; and highlight the importance of this work for individuals and
professional bodies who seek to develop and mature the cybersecurity profession
in a responsible manner.Comment: 14 pages, 2 figures, New Security Paradigms Workshop 202
ACUTA Journal of Telecommunications in Higher Education
In This Issue
Disasters, Emergencies, and Residence Hall Communications
GWU\u27s Safety Systems Built Around Telecommunications
ln the Face of Disaster
Advertorial: Contact 101 : Strategies for Emergency Notification
University Approaches to Emergencies and Emergency Communication
A Reasoned Response to Crisis
Digital Forensics: What ls lt and Why Should I Care?
Exploits, Guidelines, and Vulnerabilities: Protecting Digital Resources
Classifying Events, lncidents and Disasters
President\u27s Message
From the Executive Director
Here\u27s My Advic
- …