A Multi-component View of Digital Forensics

We are living in a world where there is an increasing need for evidence in organizations. Good digital evidence is becoming a business enabler. Very few organizations have the structures (management and infrastructure) in place to enable them to conduct cost effective, low-impact and fficient digital investigations [1]. Digital Forensics (DF) is a vehicle that organizations use to provide good and trustworthy evidence and processes. The current DF models concentrate on reactive investigations, with limited reference to DF readiness and live investigations. However, organizations use DF for other purposes for example compliance testing. The paper proposes that DF consists of three components: Pro-active (ProDF), Active (ActDF) and Re-active (ReDF). ProDF concentrates on DF readiness and the proactive responsible use of DF to demonstrate good governance and enhance governance structures. ActDF considers the gathering of live evidence during an ongoing attack with a limited live investigation element whilst ReDF deals with the traditional DF investigation. The paper discusses each component and the relationship between the components.

[1]  Peter Sommer Directors and corporate advisors' guide to digital investigations and evidence , 2005 .

[2]  Bruce J. Nikkel Generalizing sources of live network evidence , 2005, Digital Investigation. The International Journal of Digital Forensics and Incident Response.

[3]  Hai Jin,et al.  Honeynet based distributed adaptive network forensics and active real time investigation , 2005, SAC '05.

[4]  Joseph N. Wilson,et al.  Process Forensics: A Pilot Study on the Use of Checkpointing Technology in Computer Forensics , 2004, Int. J. Digit. EVid..

[5]  Venansius Baryamureeba,et al.  The Enhanced Digital Investigation Process Model , 2004 .

[6]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[7]  Eoghan Casey,et al.  Digital Evidence and Computer Crime , 2000 .

[8]  Eoghan Casey,et al.  Digital evidence maps - A sign of the times , 2007, Digit. Investig..

[9]  Nicole Beebe,et al.  A hierarchical, objectives-based framework for the digital investigations process , 2005, Digit. Investig..

[10]  H. C. Leung,et al.  Deriving cse-specific live forensics investigation procedures from FORZA , 2007, SAC '07.

[11]  Barry Irwin,et al.  A DIGITAL FORENSIC INVESTIGATIVE MODEL FOR BUSINESS ORGANISATIONS , 2006 .

[12]  Eoghan Casey,et al.  Tool review - remote forensic preservation and examination tools , 2004, Digit. Investig..

[13]  James A. Hall,et al.  The Sarbanes-Oxley Act: Implications for large-scale IT outsourcing , 2007, Commun. ACM.

[14]  Sebastiaan H. von Solms,et al.  A Control Framework for Digital Forensics , 2006, IFIP Int. Conf. Digital Forensics.

[15]  Sara Hawker,et al.  Compact Oxford English dictionary of current English , 2005 .

[16]  Eugene H. Spafford,et al.  Getting Physical with the Digital Investigation Process , 2003, Int. J. Digit. EVid..

[17]  Seamus O. Ciardhuáin,et al.  An Extended Model of Cybercrime Investigations , 2004, Int. J. Digit. EVid..

[18]  Peter Sommer,et al.  Intrusion detection systems as evidence , 1999, Comput. Networks.

[19]  Brian D. Carrier Risks of live digital forensic analysis , 2006, CACM.

[20]  Joe Grand,et al.  A hardware-based memory acquisition procedure for digital investigations , 2004, Digit. Investig..