Adding digital forensic readiness to electronic communication using a security monitoring tool

Electronic communication is used in our daily lives. One can receive email on a PC, Laptop or mobile phone. SMTP was designed to be an easy and cost-effective implementation. This fact, however, makes SMTP a target to be abused. Unsolicited electronic communication, also known as spam, is just one such example of abuse of email. Tracing the origin of spam by using the information contained in SMTP headers is not possible because SMTP is a clear text protocol and can easily be intercepted and modified. Digital forensic specialists are plagued with sifting through large data sets to find incident information. During the process of introducing digital forensic readiness the amount of information that is gathered is inadvertently increased, to ensure that the information is valid and usable. Drawing from the experience of digital forensic experts to find specific data subsets that prove or disprove that an incident occurred can be used to automate the analysis process. Data analysis tools are created for the purpose of sifting through data, looking for known data patterns, and storing these patterns as a subset of the original data. Monitoring tools have been used successfully to gather information pertaining to the performance of IT systems. Security monitoring tools have been designed to collect security information in order to detect security breaches within the IT system. An extension to the security monitoring tool is proposed to gather security and usage information with regard to electronic communication. The collected information is saved in a database for future analysis.