Calm before the storm: the challenges of cloud computing in digital forensics

Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed

Research and Applications of the Processes of Performance Appraisal: A Bibliography of Recent Literature, 1981-1989

[Excerpt] There have been several recent reviews of different subtopics within the general performance appraisal literature. The reader of these reviews will find, however, that the accompanying citations may be of limited utility for one or more reasons. For example, the reference sections of these reviews are usually composed of citations which support a specific theory or practical approach to the evaluation of human performance. Consequently, the citation lists for these reviews are, as they must be, highly selective and do not include works that may have only a peripheral relationship to a given reviewer\u27s target concerns. Another problem is that the citations are out of date. That is, review articles frequently contain many citations that are fifteen or more years old. The generation of new studies and knowledge in this field occurs very rapidly. This creates a need for additional reference information solely devoted to identifying the wealth of new research, ideas, and writing that is changing the field

Overcoming restrictive technologies in police call centres: A human agency perspective

Call centres in the police force are restrictive information systems which tend to present call operators with constraints that they need to overcome using their experience in order to offer better services to the public. This paper is looking at how elements of human agency come in to play and help users’ enactment against restrictive technologies. Information systems research on human agency has been mainly focused on the examination of whether agency lies within human or machines or both while in this paper we take a different approach and we clearly describe how human agency is enacted in practice. We use empirical data from contact centres and operational rooms of five UK police forces. After extensive observations we present how police call handlers manipulate digital information efficiently through human agency. The theoretical framework is based on the three elements of agency theory (iteration, projectivity and practical evaluation) The research findings assert that call handlers overcome the restrictions of the system by forming human-digital networks and using mental structures from their past experience in order to cope with the task at hand. The paper concludes by drawing implications for theory and practice and suggests future research directions

Knowing A Few Rules Doesn’t Mean You Can Play the Game : The Limits of “Best Practice” in Enterprise Systems.

We examine the common claim that "best practices" are encompassed and represented in Enterprise Systems (ES). We suggest that an ES can at best only represent the ostensive and not the performative elements of work tasks. Thus, representation of best practice in an ES does not take practical action into account. This has two important implications. First, ostensive abstractions of best practice in an ES are a sparse and superficial representation of a "good" business process, at a specific moment in time. Second, the practical understanding required for performance is often ignored in the ostensive representation of best practice in the implementation of an ES. This constrains user and business adaptability. Inflexible coding of ostensive business tasks furthermore leads to rigidity where flexibility should be sought, to keep on top of the competition. Implications and directions for further research are discussed

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Impact of the HeartMath Self-Management Skills Program on Physiological and Psychological Stress in Police Officers

This study explored the impact on a group of police officers from Santa Clara County, California of the HeartMath stress and emotional self-management training, which provides practical techniques designed to reduce stress in the moment, improve physiological and emotional balance, increase mental clarity and enhance performance and quality of life.This study provides evidence that practical stress and emotional self-management techniques can reduce damaging physiological and psychological responses to both acute and chronic stress in police, and positively impact a variety of major life areas in a relatively short period of time. In particular, results show that application of these interventions can produce notable improvements in communication difficulties at work and in strained family relationships, two areas that are well recognized to be major sources of stress for police

Risk media and the end of anonymity

Whereas threats from twentieth century 'broadcast era' media were characterised in terms of ideology and ‘effects', today the greatest risks posed by media are informational. This paper argues that digital participation as the condition for the maintenance of today's self identity and basic sociality has shaped a new principal media risk of the loss of anonymity. I identify three interrelated key features of this new risk. Firstly, basic communicational acts are archival. Secondly, there is a diminishment of the predictable 'decay time' of media. And, thirdly, both of these shape a new individual and organizational vulnerability of 'emergence' – the haunting by our digital trails. This article places these media risks in the context of the shifting nature and function of memory and the potential uses and abuses of digital pasts

Usable Security: Why Do We Need It? How Do We Get It?

Security experts frequently refer to people as “the weakest link in the chain” of system security. Famed hacker Kevin Mitnick revealed that he hardly ever cracked a password, because it “was easier to dupe people into revealing it” by employing a range of social engineering techniques. Often, such failures are attributed to users’ carelessness and ignorance. However, more enlightened researchers have pointed out that current security tools are simply too complex for many users, and they have made efforts to improve user interfaces to security tools. In this chapter, we aim to broaden the current perspective, focusing on the usability of security tools (or products) and the process of designing secure systems for the real-world context (the panorama) in which they have to operate. Here we demonstrate how current human factors knowledge and user-centered design principles can help security designers produce security solutions that are effective in practice