Title :
A Multi-component View of Digital Forensics
Author :
Grobler, C.P. ; Louwrens, C.P. ; von Solms, S.H.
Author_Institution :
Acad. for Inf. Technol., Univ. of Johannesburg, Johannesburg, South Africa
Abstract :
We are living in a world where there is an increasing need for evidence in organizations. Good digital evidence is becoming a business enabler. Very few organizations have the structures (management and infrastructure) in place to enable them to conduct cost effective, low-impact and efficient digital investigations [1]. Digital Forensics (DF) is a vehicle that organizations use to provide good and trustworthy evidence and processes. The current DF models concentrate on reactive investigations, with limited reference to DF readiness and live investigations. However, organizations use DF for other purposes for example compliance testing. The paper proposes that DF consists of three components: Pro-active (ProDF), Active (ActDF) and Re-active (ReDF). ProDF concentrates on DF readiness and the proactive responsible use of DF to demonstrate good governance and enhance governance structures. ActDF considers the gathering of live evidence during an ongoing attack with a limited live investigation element whilst ReDF deals with the traditional DF investigation. The paper discusses each component and the relationship between the components.
Keywords :
computer forensics; active DF model; digital forensics; live evidence gathering; live investigation element; multicomponent view; proactive DF model; reactive DF model; Africa; Availability; Business continuity; Costs; Digital forensics; Information security; Information technology; Technical drawing; Testing; Vehicles; Active Digital Forensics; Digital Forensic readiness; Digital Forensics; Proactive Digital Forensics; Reactive Digital Forensics;
Conference_Titel :
Availability, Reliability, and Security, 2010. ARES '10 International Conference on
Conference_Location :
Krakow
Print_ISBN :
978-1-4244-5879-0
DOI :
10.1109/ARES.2010.61
