论文信息 - A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations

A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations

Most organizations underestimate the demand for digital evidence [1]. Often, when evidence is required to prove fraudulent transactions, not enough or trustworthy evidence is available to link the attacker to the incident. It isessential for organizations to prepare themselves for digital Forensic (DF) investigations and ensure that entireorganizational operating environment is prepared for example for an investigation (criminal or internal) or acompliance tests. The accepted literature on DF readinessconcentrates mainly on evidence identification, handling andstorage, first line incident response and training requirements [2]. It does not consider the proactiveapplication of DF tools to enhance the corporate governancestructures (specifically Information Technology (IT) governance). Pro-active DF (ProDF) as defined in this paperwill enable an organization to take the initiative byimplementing adequate measures to become DF ready,demonstrate due diligence for good corporate Governance,specifically IT Governance and provide a mechanism toassess and improve IT Governance frameworks. The purpose of this paper is to define, identify goals, steps, anddeliverables of ProDF, identify dimensions of DF, and propose a theoretical DF management framework to guidethe implementation of ProDF in an organization.

[1] James R. Sanders,et al. Standards and principles , 1995 .

[2] Nicole Beebe,et al. A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[3] Eugene H. Spafford,et al. Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[4] Robert Rowlingson,et al. A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[5] Ricci S. C. Ieong,et al. FORZA - Digital forensics investigation framework that incorporate legal issues , 2006, Digit. Investig..

[6] Seamus O. Ciardhuáin,et al. An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[7] Peter Sommer,et al. Intrusion detection systems as evidence , 1999, Comput. Networks.

[8] H. C. Leung,et al. Deriving cse-specific live forensics investigation procedures from FORZA , 2007, SAC '07.

[9] Peter Sommer. Directors and corporate advisors' guide to digital investigations and evidence , 2005 .

[10] Sebastiaan H. von Solms,et al. A Control Framework for Digital Forensics , 2006, IFIP Int. Conf. Digital Forensics.

[11] Deborah A. Frincke,et al. Specifying digital forensics: A forensics policy approach , 2007 .

[12] Eoghan Casey,et al. Digital Evidence and Computer Crime , 2000 .

[13] Eoghan Casey,et al. Digital evidence maps - A sign of the times , 2007, Digit. Investig..