Spelling suggestions: "subject:"4digital forensic readiness"" "subject:"deigital forensic readiness""
1 |
On digital forensic readiness for information privacy incidentsReddy, Kamil 26 September 2012 (has links)
The right to information privacy is considered a basic human right in countries that recognise the right to privacy. South Africa, and other countries that recognise this right, offer individuals legal protections for their information privacy. Individuals, organisations and even governments in these countries often have an obligation under such laws to protect information privacy. Large organisations, for example, multinational companies and government departments are of special concern when it comes to protecting information privacy as they often hold substantial amounts of information about many individuals. The protection of information privacy, therefore, has become ever more significant as technological advances enable information privacy to be breached with increasing ease. There is, however, little research on holistic approaches to protecting information privacy in large organisations. Holistic approaches take account of both technical and non-technical factors that affect information privacy. Nontechnical factors may include the management of information privacy protection measures and other factors such as manual business processes and organisational policies. Amongst the protections that can be used by large organisations to protect information privacy is the ability to investigate incidents involving information privacy. Since large organisations typically make extensive use of information technology to store or process information, such investigations are likely to involve digital forensics. Digital forensic investigations require a certain amount of preparedness or readiness for investigations to be executed in an optimal fashion. The available literature on digital forensics and digital forensic readiness (DFR), unfortunately, does not specifically deal with the protection of information privacy, which has requirements over and above typical digital forensic investigations that are more concerned with information security breaches. The aim of this thesis, therefore, is to address the lack of research into DFR with regard to information privacy incidents. It adopts a holistic approach to DFR since many of the necessary measures are non-technical. There is, thus, an increased focus on management as opposed to specific technical issues. In addressing the lack of research into information privacy-specific DFR, the thesis provides large organisations with knowledge to better conduct digital forensic investigations into information privacy incidents. Hence, it allows for increased information privacy protection in large organisations because investigations may reveal the causes of information privacy breaches. Such breaches may then be prevented in future. The ability to conduct effective investigations also has a deterrent effect that may dissuade attempts at breaching information privacy. This thesis addresses the lack of research into information privacy-specific DFR by presenting a framework that allows large organisations to develop a digital forensic readiness capability for information privacy incidents. The framework is an idealistic representation of measures that can be taken to develop such a capability. In reality, large organisations operate within cost constraints. We therefore also contribute by showing how a cost management methodology known as time-driven activity-based costing can be used to determine the cost of DFR measures. Organisations are then able to make cost versus risk decisions when deciding which measures in the framework they wish to implement. Lastly, we introduce the concept of a digital forensics management system. The management of DFR in a large organisation can be a difficult task prone to error as it involves coordinating resources across multiple departments and organisational functions. The concept of the digital forensics management system proposed here allows management to better manage DFR by providing a central system from which information is available and control is possible. We develop an architecture for such a system and validate the architecture through a proof-of-concept prototype. / Thesis (PhD)--University of Pretoria, 2012. / Computer Science / unrestricted
|
2 |
A Chain of findings for digital investigationsDe Souza, Pedro January 2013 (has links)
Digital Forensic investigations play a vital role in our technologically enhanced world, and it may incorporate a number of different types of evidence — ranging from digital to physical. During a Digital Forensics investigation an investigator may formulate a number of hypotheses, and in order to reason objectively about them, an investigator must take into account such evidence in its entirety, relying on multiple sources. When formulating such objective reasoning an investigator must take into account not only inculpatory evidence but also exculpatory evidence and evidence of tampering. In addition, the investigator must factor in the reliability of the evidence used, the potential for error (tool and human based) and they must factor in the certainty with which they can make various claims. By doing so and creating a detailed audit trail of all actions performed by the investigator they can be better prepared against challenges against their work when it is presented. An investigator must also take into account the dynamic aspects of an investigation, such as certain evidence no longer being admissible, and they must continuously factor these aspects into their reasoning, to ensure that their conclusions still hold.
Investigations may draw over a large period of time, and should the relevant information not be captured in detail, it may be lost or forgotten, affecting the reliability of an investigator’s findings and affecting future investigators’ capability to build on and continue an investigator’s work. In this dissertation we investigate whether it is possible to provide a formalised means for capturing and encoding an investigator’s reasoning process, in a detailed and structured manner. By this we mean we would like to capture and encode an investigator’s hypotheses, their arguments, their conclusions and the certainty with which they can make such claims, as well as the various pieces of evidence (digital and physical) that they use as a foundation for their arguments. We also want to capture the steps an investigator took when formulating these arguments and the steps an investigator took in order to get evidence into its intended form. The capturing of such a detailed reasoning process helps to allow for a more thorough reconstruction of an investigator’s finding, further improving the reliability that can be placed in them. By encoding the investigator’s reasoning process, an investigator can more easily receive feedback on the impacts that the various dynamic aspects of an investigation have upon their reasoning. In order to achieve these goals, our dissertation presents a model, called the Chain of Findings, allowing investigators to formulate and capture their reasoning process throughout the investigation, using a combination of goal-driven and data-driven approaches. When formulating their reasoning, the model allows investigators to treat evidence, digital and physical, uniformly as building blocks for their arguments and capture detailed information of how and why they serve their role in an investigator’s reasoning process. In addition, the Chain of Findings offers a number of other uses and benefits including the training of investigators and Digital Forensic Readiness. / Dissertation (MSc)--University of Pretoria, 2013. / gm2014 / Computer Science / unrestricted
|
3 |
Digital forensic readiness for IOT devicesKruger, Jaco-Louis January 2019 (has links)
The Internet of Things (IoT) has evolved to be an important part of modern society. IoT devices can be found in several environments such as smart homes, transportation, the health sector, smart cities and even facilitates automation in organisations. The increasing dependence on IoT devices increases the possibility of security incidents in the physical or cyber environment. Traditional methods of digital forensic (DF) investigations are not always applicable to IoT devices due to their limited data processing resources. A possible solution for conducting forensic investigations on IoT devices is to utilise a proactive approach known as digital forensic readiness (DFR).
This dissertation firstly aims to conduct a thorough review of the available literature in the current body of knowledge to identify a clear process that can be followed to implement DFR tailored for IoT devices. This dissertation then formulates requirements for DFR in IoT based on existing forensic techniques. The requirements for DFR in IoT give rise to the development of a model for DFR in IoT, which is then implemented in a prototype for IoT devices. The prototype is subsequently tested and evaluated on IoT devices that conduct proactive DFR in a simulation of a smart home system. Finally, the dissertation illustrates the feasibility of the DFR processes for IoT and serves as a basis for future research with regards to DFR in IoT. This dissertation will impact future research with regards to developing a standard for DFR in IoT. / Dissertation (MSc)--University of Pretoria, 2019. / Computer Science / MSc / Unrestricted
|
4 |
Proposing a maturity assessment model based on the digital forensic readiness commonalities frameworkClaims, Ivan Prins January 2013 (has links)
Magister Commercii (Information Management) - MCom(IM) / The purpose of the study described in this thesis was to investigate the structure required to implement and manage digital forensic readiness within an enterprise. A comparative analysis of different digital forensic readiness frameworks was performed and, based on the findings of the analysis, the digital forensic readiness commonalities framework (DFRCF) was extended. The resultant structure was used to design a digital forensic readiness maturity assessment model (DFRMAM) that will enable organisations to assess their forensic readiness. In conclusion, both the extended DFRCF and the DFRMAM are shown to be validated by forensic practitioners, using semi-structured interviews. A qualitative research design and methodology was used to perform a comparative analysis of the various digital forensic readiness frameworks, to comprehend the underlying structures. All the participant responses were recorded and transcribed. Analysis of the findings resulting from the study showed that participants mostly agreed with the structure of the extended DFRCF; however, key changes were introduced to the extended DFRCF. The participants also validated the DFRMAM, and the majority of respondents opted for a checklist-type MAM. Digital forensic readiness is a very sensitive topic since organisations fear that their information might be made public and, as a result, increase their exposure to forensic incidents and reputational risk. Because of this, it was difficult to find participants who have a forensic footprint and are willing, able, and knowledgeable about digital forensic readiness. This study will contribute to the body of knowledge by presenting an original, validated DFRCF and DFRMAM. Practitioners and organisations now have access to non-proprietary DFRMAM.
|
5 |
Digital forensic readiness for wireless sensor network environmentsMouton, Francois 24 January 2012 (has links)
The new and upcoming field of wireless sensor networking is unfortunately still lacking in terms of both digital forensics and security. All communications between different nodes (also known as motes) are sent out in a broadcast fashion. These broadcasts make it quite difficult to capture data packets forensically and, at the same time, retain their integrity and authenticity. The study presents several attacks that can be executed successfully on a wireless sensor network, after which the dissertation delves more deeply into the flooding attack as it is one of the most difficult attacks to address in wireless sensor networks. Furthermore, a set of factors is presented to take into account while attempting to achieve digital forensic readiness in wireless sensor networks. The set of factors is subsequently discussed critically and a model is proposed for implementing digital forensic readiness in a wireless sensor network. The proposed model is next transformed into a working prototype that is able to provide digital forensic readiness to a wireless sensor network. The main contribution of this research is the digital forensic readiness prototype that can be used to add a digital forensics layer to any existing wireless sensor network. The prototype ensures the integrity and authenticity of each of the data packets captured from the existing wireless sensor network by using the number of motes in the network that have seen a data packet to determine its integrity and authenticity in the network. The prototype also works on different types of wireless sensor networks that are in the frequency range of the network on which the prototype is implemented, and does not require any modifications to be made to the existing wireless sensor network. Flooding attacks pose a major problem in wireless sensor networks due to the broadcasting of communication between motes in wireless sensor networks. The prototype is able to address this problem by using a solution proposed in this dissertation to determine a sudden influx of data packets within a wireless sensor network. The prototype is able to detect flooding attacks while they are occurring and can therefore address the flooding attack immediately. Finally, this dissertation critically discusses the advantages of having such a digital forensic readiness system in place in a wireless sensor network environment. Copyright / Dissertation (MSc)--University of Pretoria, 2012. / Computer Science / unrestricted
|
6 |
The challenges and opportunities in incident response for companiesVassiliadis, Terry, Hedström, Jenny January 2024 (has links)
This study presents challenges and opportunities in Incident Response as a part of Digital Forensic Readiness. For this study, the authors adopted a qualitative approach to identify and analyse challenges and opportunities for companies in Incident Response, specifically from the perspective of cybersecurity consultants in the Swedish market. Semi-structured interviews were conducted to collect data, and thematic coding was performed to analyse the data from interviews. Identifying and analysing these challenges and opportunities can provide valuable insights for cybersecurity practitioners, policymakers, and the academic community. The result of this study is that companies face challenges regarding Incident Response due to a lack of processes and in-house knowledge. The challenges may vary depending on the size of the company. Opportunities for companies with a successful Incident Response capability showed higher trust from customers, vendors, and partners, as well as brand trust due to the competitive nature of IT. Some of the important key factors contributing to successful Incident Response capability were well-established processes and staff training.
|
Page generated in 0.0639 seconds