Towards a Digital Forensic Readiness Framework for Public Key Infrastructure systems

The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates [18]. PKI systems are today one of the most accepted and used technologies to enable successful implementation of information systems security services such as authentication and confidentiality. Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime [2][3]. A forensic investigation of digital evidence is commonly employed as a post-event response to a serious information security incident. In fact, there are many circumstances where an organization may benefit from an ability to gather and preserve digital evidence before an incident occurs. Digital forensic readiness enables an organization to maximize its potential to use digital evidence whilst minimizing the costs of an investigation [7]. The problem that this paper addresses is that there is no Digital Forensic Readiness Framework for PKI systems, thus not enabling an implementation of Digital Forensic Readiness measures to PKI systems. This paper focuses on defining the basic postulates of a Digital Forensic Readiness Framework for PKI systems. The authors investigate a model that can be proposed to accomplish this and also certain policies, guidelines and procedures which can be followed. When proposing the framework the authors take into account requirements for preserving or improving information security and not to interfere with the existing PKI systems´ business processes.