The architecture of a digital forensic readiness management system

A coordinated approach to digital forensic readiness (DFR) in a large organisation requires the management and monitoring of a wide variety of resources, both human and technical. The resources involved in DFR in large organisations typically include staff from multiple departments and business units, as well as network infrastructure and computing platforms. The state of DFR within large organisations may therefore be adversely affected if the myriad human and technical resources involved are not managed in an optimal manner. This paper contributes to DFR by proposing the novel concept of a digital forensic readiness management system (DFRMS). The purpose of a DFRMS is to assist large organisations in achieving an optimal level of management for DFR. In addition to this, we offer an architecture for a DFRMS. This architecture is based on requirements for DFR that we ascertained from an exhaustive review of the DFR literature. We describe the architecture in detail and show that it meets the requirements set out in the DFR literature. The merits and disadvantages of the architecture are also discussed. Finally, we describe and explain an early prototype of a DFRMS.http://www.elsevier.com/locate/cosehb201

Introduction of concurrent processes into the digital forensic investigation process

Performing a digital forensic investigation requires a formalized process to be followed. It also requires that certain principles are applied, such as preserving of digital evidence and documenting actions. The need for a harmonized and standardized digital forensic investigation process has been recognized in the digital forensics community and much scientific work has been undertaken to produce digital forensic investigation process models, albeit with many disparities within the different models. The problem is that these existing models do not include any processes dealing explicitly with concurrent digital forensic principles. This leaves room for human error and omissions, as there is a lack of clear guidelines on the implementation of digital forensic principles. This paper proposes the introduction of concurrent processes into the digital forensic investigation process model. The authors define concurrent processes as the actions which should be conducted in parallel with other processes within the digital forensic investigation process, with the aim to fulfill digital forensic investigation principles. The concept of concurrent processes is a novel contribution that aims to enable more efficient and effective digital forensic investigations, while reducing the risk of human error and omissions which result in digital evidence being contaminated.http://www.tandfonline.com/loi/tajf202016-07-06hb201

Architecture for the proactive acquisition and analysis of forensic information in cloud systems

Cloud systems have to deal with massive amounts of distributed, volatile data which makes forensic investigations difficult. Using the NIST reference architecture, a system is devised to proactively capture forensic data that can be used in an investigation. The system proposes using nested virtual machines with forensic capabilities.A selection of conference proceedings: Student Symposium in Science, 29–30 October 2015, University of the Free State, South Africa.http://www.satnt.ac.za/am2017Computer Scienc

Machine-learning forensics : state of the art in the use of machine-learning techniques for digital forensic investigations within smart environments

Recently, a world-wide trend has been observed that there is widespread adoption across all fields to embrace smart environments and automation. Smart environments include a wide variety of Internet-of-Things (IoT) devices, so many challenges face conventional digital forensic investigation (DFI) in such environments. These challenges include data heterogeneity, data distribution, and massive amounts of data, which exceed digital forensic (DF) investigators’ human capabilities to deal with all of these challenges within a short period of time. Furthermore, they significantly slow down or even incapacitate the conventional DFI process. With the increasing frequency of digital crimes, better and more sophisticated DFI procedures are desperately needed, particularly in such environments. Since machine-learning (ML) techniques might be a viable option in smart environments, this paper presents the integration of ML into DF, through reviewing the most recent papers concerned with the applications of ML in DF, specifically within smart environments. It also explores the potential further use of ML techniques in DF in smart environments to reduce the hard work of human beings, as well what to expect from future ML applications to the conventional DFI process.https://www.mdpi.com/journal/applsciComputer Scienc

A comprehensive and harmonized digital forensic investigation process model

Performing a digital forensic investigation (DFI) requires a standardized and formalized process. There is currently neither an international standard nor does a global, harmonized DFI process (DFIP) exist. The authors studied existing state-of-the-art DFIP models and concluded that there are significant disparities pertaining to the number of processes, the scope, the hierarchical levels and concepts applied. This paper proposes a comprehensive model that harmonizes existing models. An effort was made to incorporate all types of processes proposed by the existing models, including those aimed at achieving digital forensic readiness. The authors introduce a novel class of processes called concurrent processes. This is a novel contribution that should, together with the rest of the model, enable more efficient and effective DFI, while ensuring admissibility of digital evidence. Ultimately, the proposed model is intended to be used for different types of DFI and should lead to standardization.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-40292016-11-30hb201

Toward a general ontology for digital forensic disciplines

Ontologies are widely used in different disciplines as a technique for representing and reasoning about domain knowledge. However, despite the widespread ontology-related research activities and applications in different disciplines, the development of ontologies and ontology research activities are still wanting in digital forensic disciplines. This paper therefore presents the case for establishing an ontology for digital forensic disciplines. Such an ontology would enable better categorisation of digital forensic disciplines, as well as help with the development of methodologies that can offer direction in different areas of digital forensics, such as professional specialisation, certifications, development digital forensic tools, curricula and educational materials. In addition, the ontology presented in this paper can be used, for example, to better organise digital forensics domain knowledge and explicitly describe the discipline's semantics in a common way. Finally, this paper is meant to spark discussions and further research on an internationally agreed ontological distinction of the digital forensic disciplines. Digital forensic disciplines ontology is a novel approach towards organising the digital forensics domain knowledge and constitutes the main contribution of this paper.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-4029hb201

Taxonomy of challenges for digital forensics

Since its inception, over a decade ago, the field of digital forensics has faced numerous challenges. Despite different researchers and digital forensic practitioners having studied and analysed various known digital forensic challenges, as of 2013, there still exists a need for a formal classification of these challenges. This paper, therefore, reviews existing research literature and highlights the various challenges that digital forensics has faced for the last ten years. In conducting this research study, however, it was difficult for the authors to review all the existing research literature in the digital forensic domain, hence, sampling and randomisation techniques were employed to facilitate the review of the gathered literature. Taxonomy of the various challenges is subsequently proposed in this paper based on our review of the literature. The taxonomy classifies the large number of digital forensic challenges into four welldefined and easily understood categories. The proposed taxonomy can be useful, for example, in future developments of automated digital forensic tools by explicitly describing processes and procedures that focus on addressing specific challenges identified in this paper. However, it should also be noted that the purpose of this paper is not to propose any solutions to the individual challenges that digital forensics face, but to serve as a survey of the state of the art of the research area.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-40292016-07-31hb201

FReadyPass : a digital forensic ready passport to control access to data across jurisdictional boundaries

Cloud computing offers users access to information from anywhere by duplicating and distributing information to multiple data centres around the globe. The distribution of information in such a manner presents a significant challenge if the need arises to locate a specific digital object. Such a need could stem from legislation put in place by governments or organizations concerned with the protection of sensitive information, such as the European Union’s Data Protection Directive, which states that sensitive information should not leave the jurisdiction of the European Union. In this article, the authors look at the requirements for securing sensitive information in the cloud and address many of the challenges associated with cloud forensics. The authors address a critical issue regarding sensitive information and the cloud, that of monitoring and controlling the flow of information across jurisdictional boundaries. The authors propose a model for controlling the access of information across jurisdictional boundaries, as well as for capturing the necessary provenance data to report on the traveling history of a digital object and storing this information in a digital forensic ready manner. Should that object ever be required in a digital forensic investigation, it can easily be located.The University of Pretoria, the South African National Research Foundation (NRF) and GEW Technologies.http://www.tandfonline.com/loi/tajf202019-04-05hj2018Computer Scienc