Abstract
The number of cybercrime involving digital evidence will continue to increase as Internet become more intertwined in society. As criminals deny committing crime, Law Enforcement Agencies (LEAs) are hindered by the limited processing capabilities of human analysis. This paper presents a practical digital forensics framework of exploring ISO/IEC 27043: 2015 activities to lessen the caseload burden. It provides a suggestion for applying the Helix3 function to meet the need of incident investigation processes at scene or lab. While live investigative response at scene puts emphasis on finding actionable intelligence immediately, dead forensic analysis at lab pays great attention to reconstructing the case and conducting cross–examination to find the truth. Both are critical in the investigation response of cyber security incident.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Akhgar, B., Staniforth, A., Bosco, F.: Cyber Crime and Cyber Terrorism Investigator’s Handbook, pp. 88–90. Elsevier Publishing, Amsterdam (2014)
Andress, J., Winterfeld, S., Ablon, L.: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, 2nd edn., pp. 181–192. Elsevier Inc., Amsterdam (2014)
Bashir, M.S., Khan, M.N.A.: Triage in live digital forensic analysis. Int. J. Forensic Comput. Sci. (IJOFCS) 1(1), 35–44 (2013)
Brooks, C.L.: CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide, 1st edn., pp. 13–50. McGraw-Hill Education, New York (2015)
Cantrell, G.: Implementing the automated phases of the partially-automated digital triage process model. Digit. Forensics Secur. Law 7(4), 99–116 (2012)
Casey, E.: Handbook of Digital Forensics and Investigation, pp. 21–208. Elsevier Inc., Amsterdam (2010)
Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet, 3rd edn., pp. 187–306. Elsevier Inc., Amsterdam (2011)
Casey, E.: Differentiating the phases of digital investigations. Digit. Invest. 19, A1–A3 (2016)
Official (ISC)2: CCFP-Certified Cyber Forensics Professional
E-fense. http://www.e-fense.com/. Accessed 16 Dec 2016
Graves, M.W.: Digital Archaeology: The Art and Science of Digital Forensics, pp. 91–110, Addison-Wesley, Boston (2014)
International Organization for Standardization (ISO): ISO/IEC 27037:2012 - Information Technology: Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence. ISO Office (2012)
International Organization for Standardization (ISO): ISO/IEC 27043:2015 Information Technology - Security Techniques - Incident Investigation Principles and Processes. ISO Office (2015)
Johnson, L.: Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response, pp. 97–184. Elsevier Inc., Amsterdam (2013)
Ligh, M.H., Case, A., Levy, J., Walters, A.: The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Wiley Inc., Hoboken (2014)
Mrdovic, S., Huseinovic, A., Zajko, E.: Combining static and live digital forensic analysis in virtual environment. In: 2009 IEEE ICAT XXII International Symposium on Information, Communication and Automation Technologies, pp. 1–6 (2009)
Oriyano, S.P.: CEH v9: Certified Ethical Hacker Version 9 Study Guide, 3rd edn., pp. 1–222. Wiley Inc., Hoboken (2016)
Pearson, S., Watson, R.: Digital Triage Forensics: Processing the Digital Crime Scene. Elsevier Inc., Amsterdam (2010)
Richet, J.L: Cybersecurity Policies and Strategies for Cyberwarfare Prevention, pp. 62–204. IGI Global, Hershey (2015)
Roger, A.E., Achille, M.M.: Multi-perspective cybercrime investigation process modeling. Int. J. Appl. Inf. Syst. (IJAIS) 2(2), 14–20 (2012)
Scientific Working Group on Digital Evidence (SWGDE): SWGDE Best Practices for Computer Forensics, Version: 3.1, pp. 5–7. Scientific Working Group on Digital Evidence, Virginia (2014)
Stephenson, P.: Official (ISC)2® Guide to the Certified Cyber Forensics Professional (CCFP) Common Body of Knowledge (CBK), pp. 293–404. Auerbach Publications, Boca Raton (2014)
Acknowledgment
This research was partially supported by the Ministry of Science and Technology of the Republic of China under the Grants MOST 105-2221-E-015-001.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Hsiao, SC., Kao, DY. (2017). Differentiating the Investigation Response Process of Cyber Security Incident for LEAs. In: Wang, G., Chau, M., Chen, H. (eds) Intelligence and Security Informatics. PAISI 2017. Lecture Notes in Computer Science(), vol 10241. Springer, Cham. https://doi.org/10.1007/978-3-319-57463-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-57463-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-57462-2
Online ISBN: 978-3-319-57463-9
eBook Packages: Computer ScienceComputer Science (R0)