A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations

Most organizations underestimate the demand for digital evidence [1]. Often, when evidence is required to prove fraudulent transactions, not enough or trustworthy evidence is available to link the attacker to the incident. It is essential for organizations to prepare themselves for digital Forensic (DF) investigations and ensure that entire organizational operating environment is prepared for example for an investigation (criminal or internal) or acompliance tests. The accepted literature on DF readiness concentrates mainly on evidence identification, handling and storage, first line incident response and training requirements [2]. It does not consider the proactive application of DF tools to enhance the corporate governance structures (specifically Information Technology (IT) governance). Pro-active DF (ProDF) as defined in this paper will enable an organization to take the initiative by implementing adequate measures to become DF ready,demonstrate due diligence for good corporate Governance, specifically IT Governance and provide a mechanism to assess and improve IT Governance frameworks. The purpose of this paper is to define, identify goals, steps, and deliverables of ProDF, identify dimensions of DF, and propose a theoretical DF management framework to guidethe implementation of ProDF in an organization.