12 research outputs found
The architecture of a digital forensic readiness management system
A coordinated approach to digital forensic readiness (DFR) in a large organisation requires
the management and monitoring of a wide variety of resources, both human and technical.
The resources involved in DFR in large organisations typically include staff from multiple
departments and business units, as well as network infrastructure and computing platforms.
The state of DFR within large organisations may therefore be adversely affected if
the myriad human and technical resources involved are not managed in an optimal
manner. This paper contributes to DFR by proposing the novel concept of a digital forensic
readiness management system (DFRMS). The purpose of a DFRMS is to assist large organisations
in achieving an optimal level of management for DFR. In addition to this, we offer
an architecture for a DFRMS. This architecture is based on requirements for DFR that we
ascertained from an exhaustive review of the DFR literature. We describe the architecture
in detail and show that it meets the requirements set out in the DFR literature. The merits
and disadvantages of the architecture are also discussed. Finally, we describe and explain
an early prototype of a DFRMS.http://www.elsevier.com/locate/cosehb201
Medical Cyber-Physical Systems Development: A Forensics-Driven Approach
The synthesis of technology and the medical industry has partly contributed
to the increasing interest in Medical Cyber-Physical Systems (MCPS). While
these systems provide benefits to patients and professionals, they also
introduce new attack vectors for malicious actors (e.g. financially-and/or
criminally-motivated actors). A successful breach involving a MCPS can impact
patient data and system availability. The complexity and operating requirements
of a MCPS complicates digital investigations. Coupling this information with
the potentially vast amounts of information that a MCPS produces and/or has
access to is generating discussions on, not only, how to compromise these
systems but, more importantly, how to investigate these systems. The paper
proposes the integration of forensics principles and concepts into the design
and development of a MCPS to strengthen an organization's investigative
posture. The framework sets the foundation for future research in the
refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd
International Workshop on Security, Privacy, and Trustworthiness in Medical
Cyber-Physical Systems (MedSPT 2017
Functional Requirements for Adding Digital Forensic Readiness as a Security Component in IoT Environments
For every contact made on a digital device, a trace is left behind; this means that every digital device contains some form of electronic evidence that may be associated to the behaviour of the users in a given environment. This evidence can be used to prove or disprove facts if a cyber-incident is detected. However, the world has seen a shift on how devices communicate and connect as a result of increased devices and connectivity, which has led to the creation of “smart environments” where the Internet of Things (IoT) plays a key role. Still, we can harness this proliferation of digital devices and smart environments to Digital Forensic (DF) technology which might help to solve the puzzle of how proactive strategies can help to minimise the time and cost needed to conduct a digital investigation. This article introduces the Functional Requirements (FRs) and processes needed when Digital Forensic Readiness (DFR) process is employed as a security component in the IoT-based environment. The paper serves as a continuation of the initially proposed architecture for adding DFR as a security component to IoT environment. The aspects and claims presented in this paper can be used as basic building blocks for implementing DFR technologies that guarantee security in the IoT-based environment. It is worth noting again that the processes that have been defined in this paper comply with the ISO/IEC 27043: 2015 International Standard
Digital forensic readiness intelligence crime repository
It may not always be possible to conduct a digital (forensic) investigation post-event if there is no process in place to preserve potential digital evidence. This study posits the importance of digital forensic readiness, or forensic-by-design, and presents an approach that can be used to construct a Digital Forensic Readiness Intelligence Repository (DFRIR). Based on the concept of knowledge sharing, the authors leverage this premise to suggest an intelligence repository. Such a repository can be used to cross-reference potential digital evidence (PDE) sources that may help digital investigators during the process. This approach employs a technique of capturing PDE from different sources and creating a DFR repository that can be able to be shared across diverse jurisdictions among digital forensic experts and law enforcement agencies (LEAs), in the form of intelligence. To validate the approach, the study has employed a qualitative approach based on a number of metrics and an analysis of experts\u27 opinion has been incorporated. The DFRIR seeks to maximize the collection of PDE, and reducing the time needed to conduct forensic investigation (e.g., by reducing the time for learning). This study then explains how such an approach can be employed in conjunction with ISO/IEC 27043: 2015
Using Project Management Knowledge and Practice to Address Digital Forensic Investigation Challenges
The management of digital forensics investigations represents a unique challenge. The field is relatively new, and combines the technical challenges of Information Systems with the legal challenges of forensics investigations. The challenges for the Digital Forensics Investigators and the organizations they support are many. This research effort examines the characteristics and challenges of Digital Forensics Investigations and compares them with the features and knowledge areas of project management. The goal was to determine if project management knowledge, as defined in a common body of knowledge, would be helpful in addressing digital forensics investigation challenges identified in the literature. The results indicate that there are parallels between the two areas
Functional requirements for adding digital forensic readiness as a security component in IoT environments
For every contact made on a digital device, a trace is left behind; this means that every digital device contains some form of
electronic evidence that may be associated to the behaviour of the users in a given environment. This evidence can be used to prove or
disprove facts if a cyber-incident is detected. However, the world has seen a shift on how devices communicate and connect as a result
of increased devices and connectivity, which has led to the creation of “smart environments” where the Internet of Things (IoT) plays
a key role. Still, we can harness this proliferation of digital devices and smart environments to Digital Forensic (DF) technology which
might help to solve the puzzle of how proactive strategies can help to minimise the time and cost needed to conduct a digital
investigation. This article introduces the Functional Requirements (FRs) and processes needed when Digital Forensic Readiness
(DFR) process is employed as a security component in the IoT-based environment. The paper serves as a continuation of the initially
proposed architecture for adding DFR as a security component to IoT environment. The aspects and claims presented in this paper
can be used as basic building blocks for implementing DFR technologies that guarantee security in the IoT-based environment. It is
worth noting again that the processes that have been defined in this paper comply with the ISO/IEC 27043: 2015 International
Standard.http://ijaseit.insightsociety.orgam2018Computer Scienc
Actionable Threat Intelligence for Digital Forensics Readiness
The purpose of this paper is to formulate a novel model for enhancing the effectiveness of existing Digital Forensic Readiness (DFR) schemes by leveraging the benefits of cyber threat information sharing. This paper employs a quantitative methodology to identify the most popular Threat Intelligence elements and introduces a formalized procedure to correlate these elements with potential digital evidence resulting in the quick and accurate identification of patterns of malware activities. While threat intelligence exchange steadily becomes a common practice for the prevention or detection of security incidents, the proposed approach highlights its usefulness for the digital forensics domain. The proposed model can help organizations to improve their digital forensic readiness posture and thus minimize the time and cost of cybercrime incident
Digital forensics adoption model for Malaysian Law Enforcement Agencies (MLEAs)
The increasing number of digital forensics (DF) cases has resulted in the surge of cybercrimes leading to the need for DF to be used in Malaysian Law Enforcement Agencies (MLEAs). This is to enable the agencies to conduct an efficient digital investigation. In spite of the notable benefits of DF, adoption of this innovation by MLEAs is not widely accepted. Currently, there are limited studies conducted on DF adoption in the context of law enforcement agencies. Hence, in addressing the issue, this study investigated potential factors influencing DF adoption by MLEAs. This study proposed and developed a research model based on the combined Technology Organization and Environment (TOE) framework and Institutional Theory and Human Organization Technology (HOT)-fit model that uses quantitative approach. The research model was developed based on an extensive review of the literature. Twelve hypotheses were developed for the quantitative approach to test the model. A survey method using paper based questionnaire was employed. Based on purposive sampling, questionnaires were distributed to 180 decision makers of the MLEAs and the data were analysed using the Structural Equation Modelling (SEM) with Partial Least Squares (PLS) technique. The findings were used to develop a Digital Forensic Adoption Model that facilitates the understanding of factors affecting DF adoption by MLEAs. The results indicated that Relative Advantage (B=0.210,t=3.526,p0.05). The study has theoretical contributions and practical implications whereby the Digital Forensics Adoption Model serves as a tool for MLEAs to gain insight into the process of DF adoption in their working practice
Novel digital forensic readiness technique in the cloud environment
This paper examines the design and implementation of a feasible
technique for performing Digital Forensic Readiness (DFR) in cloud
computing environments. The approach employs a modified
obfuscated Non-Malicious Botnet (NMB) whose functionality
operates as a distributed forensic Agent-Based Solution (ABS) in a
cloud environment with capabilities of performing forensic logging
for DFR purposes. Under basic Service Level Agreements (SLAs), this
proactive technique allows any organization to perform DFR in the
cloud without interfering with operations and functionalities of the
existing cloud architecture or infrastructure and the collected file
metadata. Based on the evaluation discussed, the effectiveness of
our approach is presented as the easiest way of conducting DFR
in the cloud environment as stipulated in the ISO/IEC 27043: 2015
international standard, which is a standard of information technology,
security techniques and incident investigation principles and
processes. Through this technique, digital forensic analysts are able
to maximize the potential use of digital evidence while minimizing
the cost of conducting DFR. As a result of this process, the time
and cost needed to conduct a Digital Forensic Investigation (DFI) is
saved. As a consequence, the technique helps the law enforcement,
forensic analysts and Digital Forensic Investigators (DFIs) during
post-event response and in a court of law to develop a hypothesis
in order to prove or disprove a fact during an investigative process,
if there is an occurrence of a security incident. Experimental results
of the developed prototype are described which conclude that the
technique is effective in improving the planning and preparation of
pre-incident detection during digital crime investigations. In spite of
that, a comparison with other existing forensic readiness models has
been conducted to show the effectiveness of the previously proposed
Cloud Forensic Readiness as a Service (CFRaaS) model.The work was supported by National Research Foundation (Grant No. UID85794).The National Research Foundation (Grant No. UID85794)http://www.tandfonline.com/loi/tajf202018-01-31hb2017Computer Scienc
Are You Ready? A Proposed Framework For The Assessment Of Digital Forensic Readiness
This dissertation develops a framework to assess Digital Forensic Readiness (DFR) in organizations. DFR is the state of preparedness to obtain, understand, and present digital evidence when needed. This research collects indicators of digital forensic readiness from a systematic literature review. More than one thousand indicators were found and semantically analyzed to identify the dimensions to where they belong. These dimensions were subjected to a q-sort test and validated using association rules, producing a preliminary framework of DFR for practitioners. By classifying these indicators into dimensions, it was possible to distill them into 71 variables further classified into either extant or perceptual variables. Factor analysis was used to identify latent factors within the two groups of variables. A statistically-based framework to assess DFR is presented, wherein the extant indicators are used as a proxy of the real DFR status and the perceptual factors as the perception of this status