Towards Forensic-Ready Software Systems

As software becomes more ubiquitous, and the risk of cyber-crimes increases, ensuring that software systems are forensic-ready (i.e., capable of supporting potential digital investigations) is critical. However, little or no attention has been given to how well-suited existing software engineering methodologies and practices are for the systematic development of such systems. In this paper, we consider the meaning of forensic readiness of software, define forensic readiness requirements, and highlight some of the open software engineering challenges in the face of forensic readiness. We use a real software system developed to investigate online sharing of child abuse media to illustrate the presented concepts.

[1]  Sangjin Lee,et al.  A new triage model conforming to the needs of selective search and seizure of electronic evidence , 2013, Digit. Investig..

[2]  Laurie A. Williams,et al.  To log, or not to log: using heuristics to identify mandatory log events – a controlled experiment , 2017, Empirical Software Engineering.

[3]  B.E. Endicott-Popovsky,et al.  Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations , 2006, 2006 IEEE Information Assurance Workshop.

[4]  Buks Louwrens,et al.  Digital Forensic Readiness as a Component of Information Security Best Practice , 2007, SEC.

[5]  Carl E. Landwehr,et al.  Basic concepts and taxonomy of dependable and secure computing , 2004, IEEE Transactions on Dependable and Secure Computing.

[6]  Simson L. Garfinkel,et al.  Forensic feature extraction and cross-drive analysis , 2006, Digit. Investig..

[7]  Bashar Nuseibeh,et al.  Adaptive evidence collection in the cloud using attack scenarios , 2016, Comput. Secur..

[8]  Jasmin Cosic,et al.  Do we have full control over integrity in digital evidence life cycle? , 2010, Proceedings of the ITI 2010, 32nd International Conference on Information Technology Interfaces.

[9]  Hein S. Venter,et al.  On digital forensic readiness in the cloud using a distributed agent-based solution: issues and challenges , 2018 .

[10]  Tony Mauro,et al.  Katz v. United States , 2006 .

[11]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[12]  William H. Sanders,et al.  FloGuard: Cost-Aware Systemwide Intrusion Defense via Online Forensics and On-Demand IDS Deployment , 2011, SAFECOMP.

[13]  Katz v. United States , 2010 .

[14]  Bashar Nuseibeh,et al.  On evidence preservation requirements for forensic-ready systems , 2017, ESEC/SIGSOFT FSE.

[15]  James Cheney,et al.  Expressiveness Benchmarking for System-Level Provenance , 2017, TaPP.

[16]  Hironori Washizaki,et al.  Implementation Support of Security Design Patterns Using Test Templates , 2016, Inf..

[17]  Rodney McKemmish,et al.  When is Digital Evidence Forensically Sound? , 2008, IFIP Int. Conf. Digital Forensics.

[18]  Les Labuschagne,et al.  A conceptual model for digital forensic readiness , 2012, 2012 Information Security for South Africa.

[19]  Carsten,et al.  Forensic readiness: emerging discipline for creating reliable and secure digital evidence , 2015 .

[20]  Ophir Frieder,et al.  A system for the proactive, continuous, and efficient collection of digital forensic evidence , 2011, Digit. Investig..

[21]  Awais Rashid,et al.  iCOP: Live forensics to reveal previously unknown criminal media on P2P networks , 2016, Digit. Investig..

[22]  Andrew Lonie,et al.  Towards A Systemic Framework for Digital Forensic Readiness , 2014, J. Comput. Inf. Syst..

[23]  Philip Turner,et al.  Selective and intelligent imaging using digital evidence bags , 2006, Digit. Investig..

[24]  The MITRE Corporation,et al.  Android forensics : Automated data collection and reporting from a mobile device , 2022 .

[25]  Jason Jordaan,et al.  A Digital Forensic Readiness framework for South African SME's , 2010, 2010 Information Security for South Africa.

[26]  James Cheney,et al.  Provenance Segmentation , 2016, TaPP.

[27]  Kim-Kwang Raymond Choo,et al.  Big forensic data reduction: digital forensic images and electronic evidence , 2016, Cluster Computing.