High-Level Integrated Vie of Digital Forensics

We are living in a world where there is an increasing need for evidence in organizations. Good digital evidence is becoming a business enabler. Very few organizations have the structures (management and infrastructure) in place to enable them to conduct cost effective, low-impact and efficient digital investigations (Sommer, 2005). Digital Forensics (DF) is a vehicle that organizations use to provide good and trustworthy evidence and processes. The current DF frameworks concentrate on reactive investigations, with limited reference to DF readiness and live investigations. However, organisations use DF for other purposes. The paper proposes that DF consists of three components: Proactive (ProDF), Active (ActDF) and Reactive (ReDF). ProDF concentrates on DF readiness and the proactive, responsible use of DF to demonstrate good governance and enhance governance structures. ActDF consider the gathering of live evidence during an ongoing attack with limited live investigation and ReDF deals with the traditional DF investigation. The paper discusses each component and the relationship between the components.