Design of a Forensic Overlay Model for Application Development

Ke, LinLin

January 2011

Forensics capability is becoming increasingly important for the enterprise/network environment. Therefore, businesses need to find an optimised forensics solution that suits the high level business/forensics requirements. However, most businesses are still staying with the conventional method of digital investigation, which means using forensics tools to retrieve evidential data from the target system. Many businesses lack a comprehensive model to help understand the forensics requirements on different levels. Also, businesses lack a method to integrate and manage forensics knowledge into daily operation. In this research, a forensics overlay is being developed on an existing business framework – SABSA model. The overlay helps different business roles to understand and apply forensics knowledge into their daily tasks. With help of the overlay, businesses are able to reduce the overreliance on the third party forensics tools through developing their own forensically sound applications. To test the theory of forensically sound application development, and evaluate the usability of the overlay, a forensically sound email client is designed and developed accordingly.

SABSA

Forensics Overlay

Forensically Sound Application

Informationssäkerhet i arkitekturbeskrivningar : En studie i hur säkerhetsfunktioner kan beskrivas med hjälp av vyer

Flod, Linus

January 2012

Information security is an essential part of all information systems; especially in large organizations and companies dealing with classified material. Every large information system has an architecture that includes many parts that together form an Enterprise Architecture. The aim of this thesis is to study how to describe several security functions in an Enterprise Architecture and also how to ensure accountability between requirements and the implementation of the security functions. The description is for stakeholders on a conceptual level rather than a technical level. The study has been carried out by comparing the theoretical framework that has been formed by a study of the literature, and the empirical framework that has been formed by a group discussion and interviews with Information Security Consultants from Combitech AB. The process of the study was to obtain a theoretical background about Enterprise Architectures and then generate prototypes that could be tested in the interviews. The tests gave suggestions regarding how to change the prototypes to find the optimal way to describe security functions on a conceptual level. The final result of this study is to use integrated views for each security function. The integrated view should include: an identifier, a brief description of the security function, the requirements and a picture or use case. For the accountability, the requirements are numbered and displayed in the picture, in this way the stakeholder can see how the requirements are fulfilled.

Computer Sciences

Datavetenskap (datalogi)