论文信息 - Applying a Digital forensic readiness framework: Three case studies

Applying a Digital forensic readiness framework: Three case studies

A digital forensic investigation primarily attempts to reactively respond to an information security incident. While the predominant goal of an investigation is the maintenance of digital evidence of forensic value, little academic research has been conducted on an organization's proactive forensic capability. This capability is referred to as digital forensic readiness and aims to maximize the forensic credibility of digital evidence, while minimizing its post-incident forensic investigation. In this paper, we classify forensic investigation frameworks to expose gaps in proactive forensics research and we review three prominent information security incidents with regard to proactive forensics planning. The applicability of a proactive forensic plan into each incident is then discussed and put into context.

Chang-Tsun Li | Antonis Mouhtaropoulos | Panagiotis Dimotikalis

[1] Felix C. Freiling,et al. A Common Process Model for Incident Response and Computer Forensics , 2007, IMF.

[2] Barry Irwin,et al. A DIGITAL FORENSIC INVESTIGATIVE MODEL FOR BUSINESS ORGANISATIONS , 2006 .

[3] Eugene H. Spafford,et al. Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[4] Seamus O. Ciardhuáin,et al. An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[5] Nicole Beebe,et al. A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[6] Jan H. P. Eloff,et al. Framework for a Digital Forensic Investigation , 2006, ISSA.

[7] Himanshu Khurana,et al. Palantir: a framework for collaborative incident response and investigation , 2009, IDtrust '09.

[8] Venansius Baryamureeba,et al. The Enhanced Digital Investigation Process Model , 2004 .

[9] Diomidis Spinellis,et al. The Athens Affair , 2007, IEEE Spectrum.

[10] Marcus K. Rogers,et al. Computer Forensics Field Triage Process Model , 2006, J. Digit. Forensics Secur. Law.

[11] Gregg H. Gunsch,et al. An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[12] Lance Spitzner,et al. The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..

[13] Paul Hunton,et al. The stages of cybercrime investigations: Bridging the gap between technology examination and law enforcement investigation , 2011, Comput. Law Secur. Rev..