Using a standard approach to the design of next generation e-Supply Chain Digital Forensic Readiness systems

The internet has had a major impact on how information is shared within supply chains, and in commerce in general. This has resulted in the establishment of information systems such as e-supply chains (eSCs) amongst others which integrate the internet and other information and communications technology (ICT) with traditional business processes for the swift transmission of information between trading partners. Many organisations have reaped the benefits that come from adopting the eSC model, but have also faced the challenges with which it comes. One such major challenge is information security. With the current state of cybercrime, system developers are challenged with the task of developing cutting edge digital forensic readiness (DFR) systems that can keep up with current technological advancements, such as (eSCs). Hence, the problem addressed in this paper is the lack of a well-formulated DFR approach that can assist system developers in the development of e-supply chain digital forensic readiness systems. The main objective of such a system being that it must be able to provide law enforcement/digital forensic investigators (DFI) with forensically sound and readily available potential digital evidence that can expedite and support digital forensics incident response processes. This approach, if implemented can also prepare trading partners for security incidents that might take place, if not prevent them from occurring. Therefore, the work presented in this paper is aimed at providing a procedural approach that is based on digital forensics principles. This paper discusses the limitations of current system monitoring tools in relation to the kind of specialised DFR systems that are needed in the eSC environment and proposes an eSC-DFR process model and architectural design model that can lead to the development of next-generation eSC DFR systems. It is the view of the authors that the conclusions drawn from this paper can spearhead the development of cutting-edge next-generation digital forensic readiness systems, and bring attention to some of the shortcomings of current system monitoring tools.

[1]  Daniel Ayers,et al.  A second generation computer forensic analysis system , 2009, Digit. Investig..

[2]  Elmar J. Sinz,et al.  Web-Application-Server , 2000, Wirtschaftsinf..

[3]  Hein S. Venter,et al.  The architecture of a digital forensic readiness management system , 2013, Comput. Secur..

[4]  Victor R. Kebande,et al.  A Cloud Forensic Readiness Model Using a Botnet as a Service , 2014 .

[5]  Leon A. Kappelman,et al.  A Comprehensive Model for Assessing the Quality and Productivity of the Information Systems Function: Toward a Theory for Information Systems Assessment , 1997 .

[6]  Jason Jordaan,et al.  A Digital Forensic Readiness framework for South African SME's , 2010, 2010 Information Security for South Africa.

[7]  Armando Ferro,et al.  Modelling a Network Traffic Probe Over a Multiprocessor Architecture , 2012 .

[8]  Jyri Rajamäki,et al.  Law Enforcement Authorities' Legal Digital Evidence Gathering: Legal, Integrity and Chain-of-Custody Requirement , 2013, 2013 European Intelligence and Security Informatics Conference.

[9]  Hein S. Venter,et al.  Testing the harmonised digital forensic investigation process model-using an Android mobile phone , 2013, 2013 Information Security for South Africa.

[10]  E. L. Nichols,et al.  Supply Chain Redesign: Transforming Supply Chains into Integrated Value Systems , 2002 .

[11]  Colin Lankshear,et al.  Introduction: digital literacies: concepts, policies and practices , 2008 .

[12]  Hein S. Venter,et al.  Evaluation and analysis of a software prototype for guidance and implementation of a standardized digital forensic investigation process , 2015, 2015 Information Security for South Africa (ISSA).

[13]  N. E. Thomas,et al.  Multi-state and multi-sensor incident detection systems for arterial streets , 1998 .

[14]  Hein S. Venter,et al.  Digital forensic readiness in the cloud , 2013, 2013 Information Security for South Africa.

[15]  Petri T. Helo,et al.  Logistics information systems: An analysis of software solutions for supply chain co-ordination , 2005, Ind. Manag. Data Syst..

[16]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[17]  Bernd Weissmuller Educative Assessment Designing Assessments To Inform And Improve Student Performance , 2016 .

[18]  Deepak Gupta,et al.  The Network Monitoring Tool - PickPacket , 2005, ICITA.

[19]  Bernhard Thalheim,et al.  Architecture-Driven Modelling Methodologies , 2011, EJC.

[20]  Cheng Huiping An Integration Framework of ERM, SCM, CRM , 2009, 2009 International Conference on Management and Service Science.

[21]  Marthie Grobler The Need for Digital Evidence Standardisation , 2012, Int. J. Digit. Crime Forensics.

[22]  Pavol Zavarsky,et al.  A review and comparative evaluation of forensics guidelines of NIST SP 800-101 Rev.1:2014 and ISO/IEC 27037:2012 , 2014, World Congress on Internet Security (WorldCIS-2014).

[23]  Lidija Pulevska-Ivanovska,et al.  Implementation of e-Supply Chain Management , 2013 .

[24]  Rodney McKemmish,et al.  When is Digital Evidence Forensically Sound? , 2008, IFIP Int. Conf. Digital Forensics.

[25]  Douglas C. Schmidt,et al.  Middleware for Distributed Systems Evolving the Common Structure for Network-centric Applications , 2001 .

[26]  S. D. Pathak,et al.  A multi-paradigm simulator for simulating complex adaptive supply chain networks , 2003, Proceedings of the 2003 Winter Simulation Conference, 2003..

[27]  Eoghan Casey Bs Ma Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet , 2000 .

[28]  Miguel Rio,et al.  Challenges in the capture and dissemination of measurements from high-speed networks , 2009, IET Commun..

[29]  D. J. Ryan,et al.  Legal Aspects of Digital Forensics , 2022 .

[30]  Golden G. Richard,et al.  Chapter IV Digital Forensics Tools : The Next Generation , .