Digital forensic readiness intelligence crime repository
2021 (English)In: Security and Privacy, ISSN 2475-6725, Vol. 4, no 3, article id e151Article in journal (Refereed) Published
Abstract [en]
It may not always be possible to conduct a digital (forensic) investigation post‐event if there is no process in place to preserve potential digital evidence. This study posits the importance of digital forensic readiness, or forensic‐by‐design, and presents an approach that can be used to construct a Digital Forensic Readiness Intelligence Repository (DFRIR). Based on the concept of knowledge sharing, the authors leverage this premise to suggest an intelligence repository. Such a repository can be used to cross‐reference potential digital evidence (PDE) sources that may help digital investigators during the process. This approach employs a technique of capturing PDE from different sources and creating a DFR repository that can be able to be shared across diverse jurisdictions among digital forensic experts and law enforcement agencies (LEAs), in the form of intelligence. To validate the approach, the study has employed a qualitative approach based on a number of metrics and an analysis of experts' opinion has been incorporated. The DFRIR seeks to maximize the collection of PDE, and reducing the time needed to conduct forensic investigation (e.g., by reducing the time for learning). This study then explains how such an approach can be employed in conjunction with ISO/IEC 27043: 2015.
Place, publisher, year, edition, pages
John Wiley & Sons, 2021. Vol. 4, no 3, article id e151
Keywords [en]
digital forensic, investigations, jurisdiction, readiness intelligence, repository
National Category
Information Systems, Social aspects
Research subject
Information systems
Identifiers
URN: urn:nbn:se:ltu:diva-83107DOI: 10.1002/spy2.151ISI: 000710539400009OAI: oai:DiVA.org:ltu-83107DiVA, id: diva2:1532048
Note
Validerad;2021;Nivå 2;2021-07-01 (beamah)
2021-03-012021-03-012021-12-03Bibliographically approved