Abstract
Purpose: Information and communication technology are fundamental part of most business entities. Unfortunately, use of these technologies needs to be secured, and in the case that stipulated and legal regulations are not observed, it is very important to not only recognize but also prove such actions/incidents on time. Therefore, the ability to investigate the events/incidents in organization using traces in the information systems may be key component for regulation enforcement.
Methodology/Approach: We propose a model for digital investigations within the organization, based on ISO standards and existing models for common digital investigations.
Findings: The result of our work is a model that can serve as a guide to draft procedures for digital investigations within the organization. Such a procedure should provide evidence of a quality comparable to forensic evidence.
Research Limitation/Implication: Our model provides an overview of the entire process and recommendations for its implementation; However, it does not provide a list of specific examination methods, because they vary depending on the case.
Originality/Value of paper: Most of the previously presented models for digital investigations were focused on the investigation of the police forensic laboratories. The originality of our model lies in its focus on investigations in the business organization.
Full text article
References
Arasteh, A.R., Debbabi, M., Sakha, A. and Saleh, M., 2007. Analyzing multiple logs for forensic evidence. Digital Investigation, 4, September, pp.82–91.
Beebe, N.L. and Clark, J.G., 2005. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation, 2(2), pp. 147–167.
Bulbul, H.I., Yavuzcan, H.G. and Ozel, M., 2013. Digital forensics: An Analytical Crime Scene Procedure Model (ACSPM). Forensic science international, 233(1-3), pp.244–256.
Carrier, B. and, Spafford, E.H., 2004. An event-based digital forensic investigation framework, In: Proceedings of the 2004 digital forensic research workshop (DFRWS). Baltimore, Maryland , 11-13August, 2004.
Filkins, B., 2013. The SANS 2013 Help Desk Security and Privacy Survey. SANS Institute.
Forte, D., 2007. Security standardization in incident management: the ITIL approach. Network Security, 2007(1), pp.14–16.
Hykš, O. and Koliš, K., 2014. Development of the Digital Forensic Laboratory Management System Using ISO 9001 and ISO/IEC 17025. In. IDIMT – Interdisciplinary Information Management Talks. Linz: Trauner Verlag, pp.87-94.
Ieong, R.S., 2006. FORZA–Digital forensics investigation framework that incorporate legal issues. Digital Investigation, 3, September, pp.29–36.
ISO, 2011a. ISO/IEC 27005:2011, Information technology – Security Techniques – Information security risk management. International Organization for Standardization, Geneva, Switzerland.
ISO, 2011b. ISO/IEC 27035:2011, Information technology – Security techniques – Information security incident management. International Organization for Standardization, Geneva, Switzerland.
ISO, 2015a. ISO/IEC 27043:2015 Information technology – Security techniques – Incident investigation principles and processes. International Organization for Standardization, Geneva, Switzerland.
ISO, 2015b. ISO/IEC 27042:2015 Information technology – Security techniques – Guidelines for the analysis and interpretation of digital evidence. International Organization for Standardization, Geneva, Switzerland.
Leigland, R. and Krings, A.W., 2004. A formalization of digital forensics. International Journal of Digital Evidence, 3(2), pp.1–32.
Mitropoulos, S., Patsos, D. and Douligeris, C., 2006. On Incident Handling and Response: A state-of-the-art approach. Computers and Security, 25(5), pp.351–370.
Srihari, S.N., Leedham, G., 2003. A survey of computer methods in forensic document examination, In: Proceedings of the 11th Conference of the International Graphonomics Society (IGS2003), Scottsdale, Arizona, USA, 2-5 November 2003, pp.278–282.
Susanto, H., Almunawar, M.N. and Tuan, Y.C., 2011. Information security management system standards: A comparative study of the big five. International Journal of Electrical & Computer Sciences, 11(05), pp.23–29.
Svatá, V., 2012. Audit informa?ního systému. Vyd. 2. Praha: Professional Publishing.
Veber, J. and Klíma, T., 2014. Influence of Standards ISO 27000 Family on Digital Evidence Analysis, In. IDIMT – Interdisciplinary Information Management Talks. Linz: Trauner Verlag, pp.103–114.
Villatte, N., 2015. 2015 Data Breach Investigations Report. Verizon Enterprise Solutions.
Webster, F., 1994. What Information Society? The Information Society, 10(1), pp.1-23.
Zachman, J., 2002. The zachman framework for enterprise architecture. Zachman International.
Authors
This is an open access journal which means that all content is freely available without charge to the user or his/her institution. Users are allowed to read, download, copy, distribute, print, search, or link to the full texts of the articles in this journal without asking prior permission from the publisher or the author. This is in accordance with the BOAI definition of open access. This journal is licensed under a Creative Commons Attribution 4.0 License - http://creativecommons.org/licenses/by/4.0.
Authors who publish with the Quality Innovation Prosperity agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.