Corporate Digital Incident Investigation

Jaromír Veber, Lea Nedomová, Petr Doucek


Purpose: Information and communication technology are fundamental part of most business entities. Unfortunately, use of these technologies needs to be secured, and in the case that stipulated and legal regulations are not observed, it is very important to not only recognize but also prove such actions/incidents on time. Therefore, the ability to investigate the events/incidents in organization using traces in the information systems may be key component for regulation enforcement.
Methodology/Approach: We propose a model for digital investigations within the organization, based on ISO standards and existing models for common digital investigations.
Findings: The result of our work is a model that can serve as a guide to draft procedures for digital investigations within the organization. Such a procedure should provide evidence of a quality comparable to forensic evidence.
Research Limitation/Implication: Our model provides an overview of the entire process and recommendations for its implementation; However, it does not provide a list of specific examination methods, because they vary depending on the case.
Originality/Value of paper: Most of the previously presented models for digital investigations were focused on the investigation of the police forensic laboratories. The originality of our model lies in its focus on investigations in the business organization.


digital investigation; business; organization; ISO; process; model

Full Text:



Arasteh, A.R., Debbabi, M., Sakha, A. and Saleh, M., 2007. Analyzing multiple logs for forensic evidence. Digital Investigation, 4, September, pp.82–91.

Beebe, N.L. and Clark, J.G., 2005. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2), pp. 147–167.

Bulbul, H.I., Yavuzcan, H.G. and Ozel, M., 2013. Digital forensics: An Analytical Crime Scene Procedure Model (ACSPM). Forensic science international, 233(1-3), pp.244–256.

Carrier, B. and, Spafford, E.H., 2004. An event-based digital forensic investigation framework, In: Proceedings of the 2004 digital forensic research workshop (DFRWS). Baltimore, Maryland , 11-13August, 2004.

Filkins, B., 2013. The SANS 2013 Help Desk Security and Privacy Survey. SANS Institute.

Forte, D., 2007. Security standardization in incident management: the ITIL approach. Network Security, 2007(1), pp.14–16.

Hykš, O. and Koliš, K., 2014. Development of the Digital Forensic Laboratory Management System Using ISO 9001 and ISO/IEC 17025. In. IDIMT – Interdisciplinary Information Management Talks. Linz: Trauner Verlag, pp.87-94.

Ieong, R.S., 2006. FORZA–Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3, September, pp.29–36.

ISO, 2011a. ISO/IEC 27005:2011, Information technology – Security Techniques – Information security risk management. International Organization for Standardization, Geneva, Switzerland.

ISO, 2011b. ISO/IEC 27035:2011, Information technology – Security techniques – Information security incident management. International Organization for Standardization, Geneva, Switzerland.

ISO, 2015a. ISO/IEC 27043:2015 Information technology – Security techniques – Incident investigation principles and processes. International Organization for Standardization, Geneva, Switzerland.

ISO, 2015b. ISO/IEC 27042:2015 Information technology – Security techniques – Guidelines for the analysis and interpretation of digital evidence. International Organization for Standardization, Geneva, Switzerland.

Leigland, R. and Krings, A.W., 2004. A formalization of digital forensics. International Journal of Digital Evidence, 3(2), pp.1–32.

Mitropoulos, S., Patsos, D. and Douligeris, C., 2006. On Incident Handling and Response: A state-of-the-art approach. Computers and Security, 25(5), pp.351–370.

Srihari, S.N., Leedham, G., 2003. A survey of computer methods in forensic document examination, In: Proceedings of the 11th Conference of the International Graphonomics Society (IGS2003), Scottsdale, Arizona, USA, 2-5 November 2003, pp.278–282.

Susanto, H., Almunawar, M.N. and Tuan, Y.C., 2011. Information security management system standards: A comparative study of the big five. International Journal of Electrical & Computer Sciences, 11(05), pp.23–29.

Svatá, V., 2012. Audit informačního systému. Vyd. 2. Praha: Professional Publishing.

Veber, J. and Klíma, T., 2014. Influence of Standards ISO 27000 Family on Digital Evidence Analysis, In. IDIMT – Interdisciplinary Information Management Talks. Linz: Trauner Verlag, pp.103–114.

Villatte, N., 2015. 2015 Data Breach Investigations Report. Verizon Enterprise Solutions.

Webster, F., 1994. What Information Society? The Information Society, 10(1), pp.1-23.

Zachman, J., 2002. The zachman framework for enterprise architecture. Zachman International.



  • There are currently no refbacks.

Copyright (c) 2016 Jaromír Veber, Lea Nedomová, Petr Doucek

ISSN 1335-1745 (print)
ISSN 1338-984X (online)
CCBY crossref cope
Covered, abstracted, indexed in:
Clarivate Analytics Emerging Sources Citation Index; Scopus; Google Scholar; IDEAS; EconPapers; RePEc; Cabells' Directories; Google Scholar