Proposing a maturity assessment model based on the digital forensic readiness commonalities framework

Claims, Ivan Prins

January 2013

Magister Commercii (Information Management) - MCom(IM) / The purpose of the study described in this thesis was to investigate the structure required to implement and manage digital forensic readiness within an enterprise. A comparative analysis of different digital forensic readiness frameworks was performed and, based on the findings of the analysis, the digital forensic readiness commonalities framework (DFRCF) was extended. The resultant structure was used to design a digital forensic readiness maturity assessment model (DFRMAM) that will enable organisations to assess their forensic readiness. In conclusion, both the extended DFRCF and the DFRMAM are shown to be validated by forensic practitioners, using semi-structured interviews. A qualitative research design and methodology was used to perform a comparative analysis of the various digital forensic readiness frameworks, to comprehend the underlying structures. All the participant responses were recorded and transcribed. Analysis of the findings resulting from the study showed that participants mostly agreed with the structure of the extended DFRCF; however, key changes were introduced to the extended DFRCF. The participants also validated the DFRMAM, and the majority of respondents opted for a checklist-type MAM. Digital forensic readiness is a very sensitive topic since organisations fear that their information might be made public and, as a result, increase their exposure to forensic incidents and reputational risk. Because of this, it was difficult to find participants who have a forensic footprint and are willing, able, and knowledgeable about digital forensic readiness. This study will contribute to the body of knowledge by presenting an original, validated DFRCF and DFRMAM. Practitioners and organisations now have access to non-proprietary DFRMAM.

Digital Forensic Readiness (DFR)

Maturity Assessment Model (DFRMAM)

Goals and Objectives of DFR

DFR Model

Design Principles

Digital forensic practitioners

IMPACT OF ANTI-FORENSICS TECHNIQUES ON DIGITAL FORENSICS INVESTIGATION

Etow, Tambue Ramine

January 2020

Computer crimes have become very complex in terms of investigation and prosecution. This is mainly because forensic investigations are based on artifacts left oncomputers and other digital devices. In recent times, perpetrators of computer crimesare getting abreast of the digital forensics dynamics hence, capacitated to use someanti-forensics measures and techniques to obfuscate the investigation processes.Incases where such techniques are employed, it becomes extremely difficult, expensive and time consuming to carry out an effective investigation. This might causea digital forensics expert to abandon the investigation in a pessimistic manner.ThisProject work serves to practically demonstrate how numerous anti-forensics can bedeployed by the criminals to derail the smooth processes of digital forensic investigation with main focus on data hiding and encryption techniques, later a comparativestudy of the effectiveness of some selected digital forensics tools in analyzing andreporting shreds of evidence will be conducted.

Anti-forensic

Anti-forensic Techniques

Digital forensics

Forensic evidence

Digital evidence

computer crimes

forensic practitioners

Lockard’s principle

Computer Sciences

Datavetenskap (datalogi)