Applying a Digital forensic readiness framework: Three case studies

Author

Mouhtaropoulos, Antonis ; Dimotikalis, Panagiotis ; Chang-Tsun Li

Author_Institution

Dept. of Comput. Sci., Univ. of Warwick, Coventry, UK

fYear

2013

fDate

12-14 Nov. 2013

Firstpage

217

Lastpage

223

Abstract

A digital forensic investigation primarily attempts to reactively respond to an information security incident. While the predominant goal of an investigation is the maintenance of digital evidence of forensic value, little academic research has been conducted on an organization´s proactive forensic capability. This capability is referred to as digital forensic readiness and aims to maximize the forensic credibility of digital evidence, while minimizing its post-incident forensic investigation. In this paper, we classify forensic investigation frameworks to expose gaps in proactive forensics research and we review three prominent information security incidents with regard to proactive forensics planning. The applicability of a proactive forensic plan into each incident is then discussed and put into context.

Keywords

digital forensics; digital evidence; digital forensic investigation; digital forensic readiness framework; forensic credibility; forensic value; information security incidents; post-incident forensic investigation; proactive forensic capability; proactive forensics planning; proactive forensics research; Computers; Digital forensics; Organizations; Security; Software; Training; digital evidence; digital forensic investigation; digital forensic readiness; proactive forensics;

fLanguage

English

Publisher

ieee

Conference_Titel

Technologies for Homeland Security (HST), 2013 IEEE International Conference on

Conference_Location

Waltham, MA

Print_ISBN

978-1-4799-3963-3

Type

conf

DOI

10.1109/THS.2013.6699003

Filename

6699003