33 research outputs found
The architecture of a digital forensic readiness management system
A coordinated approach to digital forensic readiness (DFR) in a large organisation requires
the management and monitoring of a wide variety of resources, both human and technical.
The resources involved in DFR in large organisations typically include staff from multiple
departments and business units, as well as network infrastructure and computing platforms.
The state of DFR within large organisations may therefore be adversely affected if
the myriad human and technical resources involved are not managed in an optimal
manner. This paper contributes to DFR by proposing the novel concept of a digital forensic
readiness management system (DFRMS). The purpose of a DFRMS is to assist large organisations
in achieving an optimal level of management for DFR. In addition to this, we offer
an architecture for a DFRMS. This architecture is based on requirements for DFR that we
ascertained from an exhaustive review of the DFR literature. We describe the architecture
in detail and show that it meets the requirements set out in the DFR literature. The merits
and disadvantages of the architecture are also discussed. Finally, we describe and explain
an early prototype of a DFRMS.http://www.elsevier.com/locate/cosehb201
Introduction of concurrent processes into the digital forensic investigation process
Performing a digital forensic investigation requires a formalized process to be followed. It also requires that certain principles are
applied, such as preserving of digital evidence and documenting actions. The need for a harmonized and standardized digital forensic
investigation process has been recognized in the digital forensics community and much scientific work has been undertaken to produce digital
forensic investigation process models, albeit with many disparities within the different models. The problem is that these existing models do
not include any processes dealing explicitly with concurrent digital forensic principles. This leaves room for human error and omissions, as
there is a lack of clear guidelines on the implementation of digital forensic principles. This paper proposes the introduction of concurrent
processes into the digital forensic investigation process model. The authors define concurrent processes as the actions which should be
conducted in parallel with other processes within the digital forensic investigation process, with the aim to fulfill digital forensic investigation
principles. The concept of concurrent processes is a novel contribution that aims to enable more efficient and effective digital forensic
investigations, while reducing the risk of human error and omissions which result in digital evidence being contaminated.http://www.tandfonline.com/loi/tajf202016-07-06hb201
Architecture for the proactive acquisition and analysis of forensic information in cloud systems
Cloud systems have to deal with massive amounts of distributed, volatile data which
makes forensic investigations difficult. Using the NIST reference architecture, a system is
devised to proactively capture forensic data that can be used in an investigation. The system
proposes using nested virtual machines with forensic capabilities.A selection of conference proceedings: Student Symposium in Science, 29–30 October 2015, University of the Free State, South
Africa.http://www.satnt.ac.za/am2017Computer Scienc
Machine-learning forensics : state of the art in the use of machine-learning techniques for digital forensic investigations within smart environments
Recently, a world-wide trend has been observed that there is widespread adoption across all fields to embrace smart environments and automation. Smart environments include a wide variety of Internet-of-Things (IoT) devices, so many challenges face conventional digital forensic investigation (DFI) in such environments. These challenges include data heterogeneity, data distribution, and massive amounts of data, which exceed digital forensic (DF) investigators’ human capabilities to deal with all of these challenges within a short period of time. Furthermore, they significantly slow down or even incapacitate the conventional DFI process. With the increasing frequency of digital crimes, better and more sophisticated DFI procedures are desperately needed, particularly in such environments. Since machine-learning (ML) techniques might be a viable option in smart environments, this paper presents the integration of ML into DF, through reviewing the most recent papers concerned with the applications of ML in DF, specifically within smart environments. It also explores the potential further use of ML techniques in DF in smart environments to reduce the hard work of human beings, as well what to expect from future ML applications to the conventional DFI process.https://www.mdpi.com/journal/applsciComputer Scienc
A comprehensive and harmonized digital forensic investigation process model
Performing a digital forensic investigation (DFI) requires a standardized and formalized process. There is currently neither an international standard nor does a global, harmonized DFI process (DFIP) exist. The authors studied existing state-of-the-art DFIP models and concluded that there are significant disparities pertaining to the number of processes, the scope, the hierarchical levels and concepts applied. This paper proposes a comprehensive model that harmonizes existing models. An effort was made to incorporate all types of processes proposed by the existing models, including those aimed at achieving digital forensic readiness. The authors introduce a novel class of processes called concurrent processes. This is a novel contribution that should, together with the rest of the model, enable more efficient and effective DFI, while ensuring admissibility of digital evidence. Ultimately, the proposed model is intended to be used for different types of DFI and should lead to standardization.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-40292016-11-30hb201
Toward a general ontology for digital forensic disciplines
Ontologies are widely used in different disciplines as a technique for representing and
reasoning about domain knowledge. However, despite the widespread ontology-related research activities
and applications in different disciplines, the development of ontologies and ontology research activities are
still wanting in digital forensic disciplines.
This paper therefore presents the case for establishing an ontology for digital forensic disciplines. Such
an ontology would enable better categorisation of digital forensic disciplines, as well as help with the
development of methodologies that can offer direction in different areas of digital forensics, such as
professional specialisation, certifications, development digital forensic tools, curricula and educational
materials. In addition, the ontology presented in this paper can be used, for example, to better organise
digital forensics domain knowledge and explicitly describe the discipline's semantics in a common way.
Finally, this paper is meant to spark discussions and further research on an internationally agreed
ontological distinction of the digital forensic disciplines. Digital forensic disciplines ontology is a novel
approach towards organising the digital forensics domain knowledge and constitutes the main contribution
of this paper.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-4029hb201
Taxonomy of challenges for digital forensics
Since its inception, over a decade ago, the field of digital forensics has faced numerous
challenges. Despite different researchers and digital forensic practitioners having studied and analysed
various known digital forensic challenges, as of 2013, there still exists a need for a formal classification of
these challenges. This paper, therefore, reviews existing research literature and highlights the various
challenges that digital forensics has faced for the last ten years. In conducting this research study, however,
it was difficult for the authors to review all the existing research literature in the digital forensic domain,
hence, sampling and randomisation techniques were employed to facilitate the review of the gathered
literature. Taxonomy of the various challenges is subsequently proposed in this paper based on our review
of the literature. The taxonomy classifies the large number of digital forensic challenges into four welldefined
and easily understood categories. The proposed taxonomy can be useful, for example, in future
developments of automated digital forensic tools by explicitly describing processes and procedures that
focus on addressing specific challenges identified in this paper. However, it should also be noted that the
purpose of this paper is not to propose any solutions to the individual challenges that digital forensics face,
but to serve as a survey of the state of the art of the research area.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-40292016-07-31hb201
FReadyPass : a digital forensic ready passport to control access to data across jurisdictional boundaries
Cloud computing offers users access to information from anywhere by duplicating and distributing information to multiple data centres around the globe. The distribution of information in such a manner presents a significant challenge if the need arises to locate a specific digital object. Such a need could stem from legislation put in place by governments or organizations concerned with the protection of sensitive information, such as the European Union’s Data Protection Directive, which states that sensitive information should not leave the jurisdiction of the European Union. In this article, the authors look at the requirements for securing sensitive information in the cloud and address many of the challenges associated with cloud forensics. The authors address a critical issue regarding sensitive information and the cloud, that of monitoring and controlling the flow of information across jurisdictional boundaries. The authors propose a model for controlling the access of information across jurisdictional boundaries, as well as for capturing the necessary provenance data to report on the traveling history of a digital object and storing this information in a digital forensic ready manner. Should that object ever be required in a digital forensic investigation, it can easily be located.The University of Pretoria, the South African National Research Foundation (NRF) and GEW Technologies.http://www.tandfonline.com/loi/tajf202019-04-05hj2018Computer Scienc