A Digital Forensic Investigative Model for Business Organisations
نویسنده
چکیده
When a digital incident occurs there are generally three courses of actions that are taken, generally dependant on the type of organisation within which the incident occurs, or which is responding the event. In the case of law enforcement the priority is to secure the crime scene, followed by the identification of evidentiary sources which should be dispatched to a specialist laboratory for analysis. In the case of an incident military (or similar critical infrastructures) infrastructure the primary goal becomes one of risk identification and elimination, followed by recovery and possible offensive measures. Where financial impact is caused by an incident, and revenue earning potential is adversely affected, as in the case of most commercial organisations), root cause analysis, and system remediation is of primary concern, with in-depth analysis of the how and why left until systems have been restored. Traditional investigative models follow the general process of: identify the incident, secure the scene and/or evidence, analyse the evidence, generate a report on the findings and present the outcome. This approach is more suited towards law enforcement than to the business world. The business environment lends itself to an approach similar to that of the military, namely to be able to identify the incident, patch the necessary system(s) and continue earning revenue. The only addition is that the business is more likely to want to press charges in a court of law than launch a counter offensive. In the generic investigative model, there is little leeway for a business’s incident responders to satisfy the need to return the systems to operational status as quickly as possible whilst preserving the necessary evidence and has to be able to mount a successful prosecution. These two goals can be mutually exclusive as a thorough investigation needs time and during this time the business will loose revenue by not having its system live. The model presented in this paper builds on the traditional investigative model as prepared by the Digital Forensic Research Workshop (DFRWS) and provides a mechanism to conduct the two potentially mutually exclusive processes in parallel.
منابع مشابه
The architecture of a digital forensic readiness management system
A coordinated approach to digital forensic readiness (DFR) in a large organisation requires the management and monitoring of a wide variety of resources, both human and technical. The resources involved in DFR in large organisations typically include staff from multiple departments and business units, as well as network infrastructure and computing platforms. The state of DFR within large organ...
متن کاملA conceptual model for digital forensic readiness _2
The ever-growing threats of fraud and security incidents present many challenges to law enforcement and organisations across the globe. This has given rise to the need for organisations to build effective incident management strategies, which will enhance the company’s reactive capability to security incidents. The aim of this paper is to propose proactive activities an organisation can underta...
متن کاملVerification of a Quality Management Theory: Using a Delphi Study
Background A model of quality management called Strategic Collaborative Quality Management (SCQM) model was developed based on the quality management literature review, the findings of a survey on quality management assessment in healthcare organisations, semi-structured interviews with healthcare stakeholders, and a Delphi study on healthcare quality management experts. The purpose of this stu...
متن کاملEvaluation of Digital Forensic Process Models with Respect to Digital Forensics as a Service
Digital forensic science is very much still in its infancy, but is becoming increasingly invaluable to investigators. A popular area for research is seeking a standard methodology to make the digital forensic process accurate, robust, and efficient. The first digital forensic process model proposed contains four steps: Acquisition, Identification, Evaluation and Admission. Since then, numerous ...
متن کاملComputer Forensics Field Triage Process Model
With the proliferation of digital based evidence, the need for the timely identification, analysis and interpretation of digital evidence is becoming more crucial. In many investigations critical information is required while at the scene or within a short period of time measured in hours as opposed to days. The traditional cyber forensics approach of seizing a system(s)/media, transporting it ...
متن کامل