A conceptual model for digital forensic readiness

The ever-growing threats of fraud and security incidents present many challenges to law enforcement and organisations across the globe. This has given rise to the need for organisations to build effective incident management strategies, which will enhance the company's reactive capability to security incidents. The aim of this paper is to propose proactive activities an organisation can undertake in order to increase its ability to respond to security incidents and create a digitally forensic ready workplace environment. The study constitutes exploratory research, with the use of a systematic literature review as a basis to identify activities relating to a digitally forensic ready environment.While much has been written about how organisations can prepare to respond to security incidents, findings show an absence of a digital forensic readiness model. This paper concludes by presenting such a conceptual model. This study contributes to the greater body of knowledge on the design and implementation of a digital forensic readiness programme, aimed at maximising the use of digital evidence in an organisation.

[1]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[2]  Jan H. P. Eloff,et al.  New Approaches for Security, Privacy and Trust in Complex Environments: Proceedings of the Ifip Tc 11 22nd International Information Security Conference ... Federation for Information Processing) , 2007 .

[3]  Xiaodong Zhang,et al.  Understanding intrinsic characteristics and system implications of flash memory based solid state drives , 2009, SIGMETRICS '09.

[4]  Erin E. Kenneally,et al.  Risk sensitive digital evidence collection , 2005, Digit. Investig..

[5]  Janet Orlek,et al.  Languages in South Africa , 1993 .

[6]  Roy H. Campbell,et al.  Forenscope: a framework for live forensics , 2010, ACSAC '10.

[7]  Theodore Tryfonas,et al.  Acquiring volatile operating system data tools and techniques , 2008, OPSR.

[8]  Littlejohn Shinder,et al.  Understanding Cybercrime Prevention , 2008 .

[9]  Sebastiaan H. von Solms,et al.  A Control Framework for Digital Forensics , 2006, IFIP Int. Conf. Digital Forensics.

[10]  S. Kabanda,et al.  South African Banks and Their Online Privacy Policy Statements: A Content Analysis , 2010 .

[11]  Kataila M. Ramalibana An investigation into the effectiveness of the staff development policies and programmes of the Unisa library , 2009 .

[12]  Martin Gilje Jaatun,et al.  A framework for incident response management in the petroleum industry , 2009, Int. J. Crit. Infrastructure Prot..

[13]  Peter Cooper,et al.  Towards standards in digital forensics education , 2010, ITiCSE-WGR '10.

[14]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[15]  Trevor Lamis,et al.  A forensic approach to incident response , 2010, InfoSecCD.

[16]  Terrence V. Lillard Digital Forensics for Network, Internet, and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data , 2010 .

[17]  Willis A. Jensen Sample Size Calculations: Practical Methods for Engineers and Scientists , 2012 .

[18]  Atif Ahmad,et al.  Incident Handling: Where the need for planning is often not recognised , 2003, Australian Computer, Network & Information Forensics Conference.

[19]  Jon David Feature: Incident response , 1999 .

[20]  William Bradley Glisson,et al.  Organizational Handling of Digital Evidence , 2010 .

[21]  Richard Boddington,et al.  Solid State Drives: The Beginning of the End for Current Practice in Digital Forensic Recovery? , 2010 .

[22]  H. S. Booker,et al.  Research Methods for the Behavioral Sciences , 2020 .

[23]  V. Webb Language in South Africa: The role of language in national transformation, reconstruction and development , 2002 .

[24]  Deborah A. Frincke,et al.  Specifying digital forensics: A forensics policy approach , 2007 .

[25]  Brian D. Carrier Risks of live digital forensic analysis , 2006, CACM.

[26]  Buks Louwrens,et al.  Digital Forensic Readiness as a Component of Information Security Best Practice , 2007, SEC.

[27]  A. Reyes,et al.  Cyber Crime Investigations: Bridging the Gaps Between Security Professionals, Law Enforcement, and Prosecutors , 2007 .