TY - GEN
T1 - A multi-component view of digital forensics
AU - Grobler, C. P.
AU - Louwrens, C. P.
AU - Von Solms, S. H.
PY - 2010
Y1 - 2010
N2 - We are living in a world where there is an increasing need for evidence in organizations. Good digital evidence is becoming a business enabler. Very few organizations have the structures (management and infrastructure) in place to enable them to conduct cost effective, low-impact and efficient digital investigations [1]. Digital Forensics (DF) is a vehicle that organizations use to provide good and trustworthy evidence and processes. The current DF models concentrate on reactive investigations, with limited reference to DF readiness and live investigations. However, organizations use DF for other purposes for example compliance testing. The paper proposes that DF consists of three components: Pro-active (ProDF), Active (ActDF) and Re-active (ReDF). ProDF concentrates on DF readiness and the proactive responsible use of DF to demonstrate good governance and enhance governance structures. ActDF considers the gathering of live evidence during an ongoing attack with a limited live investigation element whilst ReDF deals with the traditional DF investigation. The paper discusses each component and the relationship between the components.
AB - We are living in a world where there is an increasing need for evidence in organizations. Good digital evidence is becoming a business enabler. Very few organizations have the structures (management and infrastructure) in place to enable them to conduct cost effective, low-impact and efficient digital investigations [1]. Digital Forensics (DF) is a vehicle that organizations use to provide good and trustworthy evidence and processes. The current DF models concentrate on reactive investigations, with limited reference to DF readiness and live investigations. However, organizations use DF for other purposes for example compliance testing. The paper proposes that DF consists of three components: Pro-active (ProDF), Active (ActDF) and Re-active (ReDF). ProDF concentrates on DF readiness and the proactive responsible use of DF to demonstrate good governance and enhance governance structures. ActDF considers the gathering of live evidence during an ongoing attack with a limited live investigation element whilst ReDF deals with the traditional DF investigation. The paper discusses each component and the relationship between the components.
KW - Active Digital Forensics
KW - Digital Forensic readiness
KW - Digital Forensics
KW - Information security governance
KW - Live investigations
KW - Proactive digital Forensics
KW - Reactive Digital Forensics
UR - http://www.scopus.com/inward/record.url?scp=77952339533&partnerID=8YFLogxK
U2 - 10.1109/ARES.2010.61
DO - 10.1109/ARES.2010.61
M3 - Conference contribution
AN - SCOPUS:77952339533
SN - 9780769539652
T3 - ARES 2010 - 5th International Conference on Availability, Reliability, and Security
SP - 647
EP - 652
BT - ARES 2010 - 5th International Conference on Availability, Reliability, and Security
T2 - 5th International Conference on Availability, Reliability, and Security, ARES 2010
Y2 - 15 February 2010 through 18 February 2010
ER -