11 research outputs found
Use of computer forensics in the digital curation of removable media
The purpose of this paper is to encourage the discussion of the potential place and value of digital forensics techniques when dealing with acquisitions on removable media in the field of digital curation. It examines a basic computer forensics process, discusses a typical file system for removable media, and raises questions about necessary processes and incentives for addressing data capture in the field of digital curation
Web development evolution: the business perspective on security
Protection of data, information, and knowledge is a hot topic in today’s business environment. Societal, legislative and consumer pressures are forcing companies to examine business strategies, modify processes and acknowledge security to accept and defend accountability. Research indicates that a significant portion of the financial losses is due to straight forward software design errors. Security should be addressed throughout the application development process via an independent methodology containing customizable components. The methodology is designed to integrate with an organization’s existing software development processes while providing structure to implement secure applications, helping companies mitigate hard and soft costs
Secure web application development and global regulation
The World Wide Web (WWW) has been predominantly responsible for instigating radical paradigm transformations in today’s global information rich civilizations. Many societies have basic operational economical components that depend on Web enabled systems in order to support daily commercial activities. The acceptance of E-commerce as a valid channel for conducting business coupled with societal integration and dependence on Web enabled technology has instigated the development of local, national, and global efforts to regulate criminal activities on the World Wide Web. This paper makes two contributions. The first contribution is the high-level review of the United States and United Kingdom legislation that has developed from the escalation and integration of the World Wide Web into society. The second contribution is the support for the idea that legislative compatibility, in concert with an organization’s policy compatibility, needs to be acknowledged in secure Web application development methodologies
Web engineering security: essential elements
Security is an elusive target in today’s high-speed and extremely complex, Web enabled, information rich business environment. This paper presents the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. These elements are derived from empirical evidence based on a Web survey and supporting literature. This paper makes two contributions. The first contribution is the identification of the Web Engineering specific elements that need to be acknowledged and resolved prior to the assessment of a Web Engineering process from a security perspective. The second contribution is that these elements can be used to help guide Security Improvement Initiatives in Web Engineering
Web development evolution: the assimilation of web engineering security
In today’s e-commerce environment, information is an incredibly valuable asset. Surveys indicate that companies are suffering staggering financial losses due to web security issues. Analyzing the underlying causes of these security breaches shows that a significant proportion of them are caused by straightforward design errors in systems and not by failures in security mechanisms. There is significant research into security mechanisms but there is little research into the integration of these into software design processes, even those processes specifically designed for Web Engineering. Security should be designed into the application development process upfront through an independent flexible methodology that contains customizable components
A comparison of forensic evidence recovery techniques for a windows mobile smart phone
<p>Acquisition, decoding and presentation of information from mobile devices is complex and challenging. Device memory is usually integrated into the device, making isolation prior to recovery difficult. In addition, manufacturers have adopted a variety of file systems and formats complicating decoding and presentation.</p>
<p>A variety of tools and methods have been developed (both commercially and in the open source community) to assist mobile forensics investigators. However, it is unclear to
what extent these tools can present a complete view of the information held on a mobile device, or the extent the results produced by different tools are consistent.</p>
<p>This paper investigates what information held on a Windows Mobile smart phone can be recovered using several different approaches to acquisition and decoding. The paper demonstrates that no one technique recovers all information of potential forensic interest from a Windows Mobile device; and that in some cases the information recovered is
conflicting.</p>
Organizational handling of digital evidence
There are a number of factors that impact a digital forensics investigation. These factors include: the digital media in question, implemented processes and methodologies, the legal aspects, and the individuals involved in the investigation. This paper presents the initial idea that Digital Forensic Practice (DFP) recommendations can potentially improve how organizations handle digital evidence. The recommendations are derived from an in-depth survey conducted with practitioners in both commercial organizations and law enforcement along with supporting literature. The recommendations presented in this paper can be used to assess an organization’s existing digital forensics practices and a guide to Digital Forensics Improvement Initiatives
Initial case study on "The Good, the Bad and the Ugly" aspects of a new MSc program in computer forensics and e-discovery
There are a number of critical factors that will affect the success of new MSc programs in Digital / Computer Forensics and E-Discovery. This paper presents the idea that there are essential, basic criteria that need to be identified, defined and addressed from a student’s perspective when examining an MSc program in Digital / Computer Forensics and E-Discovery. This paper makes two contributions. The criteria presented in this paper can be used to help assess an existing MSc program from a student’s perspective and it can also be used as a guide to the development of new MSc programs
Initial case study on "The Good, the Bad and the Ugly" aspects of a new MSc program in computer forensics and e-discovery
There are a number of critical factors that will affect the success of new MSc programs in Digital / Computer Forensics and E-Discovery. This paper presents the idea that there are essential, basic criteria that need to be identified, defined and addressed from a student’s perspective when examining an MSc program in Digital / Computer Forensics and E-Discovery. This paper makes two contributions. The criteria presented in this paper can be used to help assess an existing MSc program from a student’s perspective and it can also be used as a guide to the development of new MSc programs