Winning the Battles, Losing the War? Rethinking Methodology for Forensic Computing Research

In the last 10 years, Forensic computing (FC) has emerged in response to the challenges of illegal, criminal and other inappropriate on-line behaviours. As awareness of the need for the accurate and legally admissible collection, collation, analysis and presentation of digital data has grown, so has recognition of the challenges this requirement poses for technical, legal and organisational responses to these on-line behaviours. Despite recognition of the multi-dimensional nature of these behaviours and the challenges faced, agreement on coherent frameworks for understanding and responding to these issues, their impacts and their interrelationships appears to remain a long way off. As a consequence, while significant advances have been made within technical, organisational and legal ‘solution centred paradigms’, the net result appears to be a case of ‘winning the battles but losing the war’ on computer misuse and e-crime. This paper examines this situation and reflects on its implications for academic researchers’ methodological approach to understanding and responding to these challenges. This paper suggests the need to reconceptualise the term ‘solution’ and advocates an additional methodological step, (that it is anticipated will generate data) for the development of a framework to map the value propositions of, and interrelationships between the individual sets of responses within the dynamically evolving FC landscape. By exposing issues, responses and underlying assumptions it is anticipated that this will improve the possibility of calibrated responses that more effectively and coherently balance the interests for security, privacy and legal admissibility.

[1]  Paul Turner,et al.  Refining the Taxonomy of Forensic Computing in the era of E Crime: Insights from a survey of Australian Forensic Computing investigation (FCI) teams , 2003 .

[2]  Paul Turner,et al.  Forensic Computing Theory & Practice: Towards developing a methodology for a standardised approach to Computer misuse , 2003, Australian Computer, Network & Information Forensics Conference.

[3]  Broucek,et al.  Forensic Computing Developing a Conceptual Approach in the Era of Information Warfare , 2001 .

[4]  P. Hanks,et al.  Collins dictionary of the English language , 1979 .

[5]  Paul Turner,et al.  Intrusion detection: issues and challenges in evidence acquisition , 2004 .

[6]  J. Gerring A case study , 2011, Technology and Society.

[7]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[8]  Paul Turner,et al.  A forensic computing perspective on the need for improved user education for information systems security management , 2002 .

[9]  Rasool Azari,et al.  Current Security Management & Ethical Issues of Information Technology , 2003 .

[10]  V. Broucek,et al.  Bridging the Divide : Rising Awareness of Forensic Issues amongst Systems Administrators , 2002 .

[11]  Gregg H. Gunsch,et al.  An Examination of Digital Forensic Models , 2002, Int. J. Digit. EVid..

[12]  Dorothy E. Denning,et al.  A taxonomy for key escrow encryption systems , 1996, CACM.

[13]  Janet Reno Law enforcement in cyberspace address , 1997 .

[14]  V. Rich Personal communication , 1989, Nature.

[15]  Bill Doolin,et al.  Alternative Views of Case Research in Information Systems , 1996, Australas. J. Inf. Syst..

[16]  Broucek,et al.  Developing a Conceptual Approach for an Emerging Academic Discipline , 2001 .

[17]  Paul Turner,et al.  Intrusion detection: Forensic computing insights arising from a case study on SNORT , 2003 .

[18]  N. Hoffart Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory , 2000 .

[19]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[20]  Paul Turner,et al.  Computer Incident Investigations: e-forensic Insights on Evidence Acquisition , 2004 .

[21]  A. Strauss,et al.  The discovery of grounded theory: strategies for qualitative research aldine de gruyter , 1968 .

[22]  Paul Turner,et al.  'Riding furiously in all directions' - implications of uncoordinated technical, organisational and legal responses to illegal or inappropriate on-line behaviours , 2005 .

[23]  Paul Turner,et al.  The Federal Court, the Music Industry and the Universities , 2003, Australian Computer, Network & Information Forensics Conference.

[24]  Paul Turner,et al.  Music piracy, universities and the Australian Federal Court: Issues for forensic computing specialists , 2005, Comput. Law Secur. Rev..

[25]  Paul Turner,et al.  Electronic Evidence Management for Computer Incident Investigations - A Prospect of CTOSE , 2005 .

[26]  C. Brodsky The Discovery of Grounded Theory: Strategies for Qualitative Research , 1968 .

[27]  M. P. F. C. A. J. Sammes BSc,et al.  Forensic Computing , 2000, Practitioner Series.

[28]  Paul Turner,et al.  Risks and Solutions to Problems Arising from Illegal or Inappropriate On-line Behaviours: Two Core Debates Within Forensic Computing , 2002 .

[29]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..