Corporate Digital Incident Investigation

Jaromír Veber, Lea Nedomová, Petr Doucek


Purpose: Information and communication technology are fundamental part of most business entities. Unfortunately, use of these technologies needs to be secured, and in the case that stipulated and legal regulations are not observed, it is very important to not only recognize but also prove such actions/incidents on time. Therefore, the ability to investigate the events/incidents in organization using traces in the information systems may be key component for regulation enforcement.
Methodology/Approach: We propose a model for digital investigations within the organization, based on ISO standards and existing models for common digital investigations.
Findings: The result of our work is a model that can serve as a guide to draft procedures for digital investigations within the organization. Such a procedure should provide evidence of a quality comparable to forensic evidence.
Research Limitation/Implication: Our model provides an overview of the entire process and recommendations for its implementation; However, it does not provide a list of specific examination methods, because they vary depending on the case.
Originality/Value of paper: Most of the previously presented models for digital investigations were focused on the investigation of the police forensic laboratories. The originality of our model lies in its focus on investigations in the business organization.


Arasteh, A.R., Debbabi, M., Sakha, A. and Saleh, M., 2007. Analyzing multiple logs for forensic evidence. Digital Investigation, 4, September, pp.82–91.

Beebe, N.L. and Clark, J.G., 2005. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2), pp. 147–167.

Bulbul, H.I., Yavuzcan, H.G. and Ozel, M., 2013. Digital forensics: An Analytical Crime Scene Procedure Model (ACSPM). Forensic science international, 233(1-3), pp.244–256.

Carrier, B. and, Spafford, E.H., 2004. An event-based digital forensic investigation framework, In: Proceedings of the 2004 digital forensic research workshop (DFRWS). Baltimore, Maryland , 11-13August, 2004.

Filkins, B., 2013. The SANS 2013 Help Desk Security and Privacy Survey. SANS Institute.

Forte, D., 2007. Security standardization in incident management: the ITIL approach. Network Security, 2007(1), pp.14–16.

Hykš, O. and Koliš, K., 2014. Development of the Digital Forensic Laboratory Management System Using ISO 9001 and ISO/IEC 17025. In. IDIMT – Interdisciplinary Information Management Talks. Linz: Trauner Verlag, pp.87-94.

Ieong, R.S., 2006. FORZA–Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3, September, pp.29–36.

ISO, 2011a. ISO/IEC 27005:2011, Information technology – Security Techniques – Information security risk management. International Organization for Standardization, Geneva, Switzerland.

ISO, 2011b. ISO/IEC 27035:2011, Information technology – Security techniques – Information security incident management. International Organization for Standardization, Geneva, Switzerland.

ISO, 2015a. ISO/IEC 27043:2015 Information technology – Security techniques – Incident investigation principles and processes. International Organization for Standardization, Geneva, Switzerland.

ISO, 2015b. ISO/IEC 27042:2015 Information technology – Security techniques – Guidelines for the analysis and interpretation of digital evidence. International Organization for Standardization, Geneva, Switzerland.

Leigland, R. and Krings, A.W., 2004. A formalization of digital forensics. International Journal of Digital Evidence, 3(2), pp.1–32.
Mitropoulos, S., Patsos, D. and Douligeris, C., 2006. On Incident Handling and Response: A state-of-the-art approach. Computers and Security, 25(5), pp.351–370.

Srihari, S.N., Leedham, G., 2003. A survey of computer methods in forensic document examination, In: Proceedings of the 11th Conference of the International Graphonomics Society (IGS2003), Scottsdale, Arizona, USA, 2-5 November 2003, pp.278–282.

Susanto, H., Almunawar, M.N. and Tuan, Y.C., 2011. Information security management system standards: A comparative study of the big five. International Journal of Electrical & Computer Sciences, 11(05), pp.23–29.

Svatá, V., 2012. Audit informa?ního systému. Vyd. 2. Praha: Professional Publishing.

Veber, J. and Klíma, T., 2014. Influence of Standards ISO 27000 Family on Digital Evidence Analysis, In. IDIMT – Interdisciplinary Information Management Talks. Linz: Trauner Verlag, pp.103–114.
Villatte, N., 2015. 2015 Data Breach Investigations Report. Verizon Enterprise Solutions.

Webster, F., 1994. What Information Society? The Information Society, 10(1), pp.1-23.

Zachman, J., 2002. The zachman framework for enterprise architecture. Zachman International.


Jaromír Veber
Lea Nedomová
Petr Doucek (Primary Contact)
Author Biographies

Jaromír Veber, University of Economics, Prague, Czech Republic

Department of System Analysis at the Faculty of Informatics and Statistics

Lea Nedomová, University of Economics, Prague

Department of System Analysis at the Faculty of Informatics and Statistics

Petr Doucek, University of Economics, Prague

Department of System Analysis at the Faculty of Informatics and Statistics
Veber, J., Nedomová, L., & Doucek, P. (2016). Corporate Digital Incident Investigation. Quality Innovation Prosperity, 20(1), 57–71.
Copyright and license info is not available

Article Details

What Determines Firm’s Innovation? The Case of Catching-up CEE Countries

Michael Vávra, Gregor Vohralík, Viktor Prokop, Jan Stejskal
Abstract View : 132
Download :66

Study on Likelihood-Ratio-Based Multivariate EWMA Control Chart Using Lasso

Takumi Saruhashi, Masato Ohkubo, Yasushi Nagata
Abstract View : 143
Download :63

How the Knowledge of the Major Researchers Is Forging the Business Strategy Paths: Trends and Forecasts from the State of the Art

Luís César Ferreira Motta Barbosa, Maria Augusta Siqueira Mathias, Gilberto Manuel Santos, Otávio...
Abstract View : 398
Download :224