Skip to main content
SpringerLink
Log in

Differentiating the Investigation Response Process of Cyber Security Incident for LEAs

  • Conference paper
  • First Online:
Intelligence and Security Informatics (PAISI 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10241))

Included in the following conference series:

  • 744 Accesses

Abstract

The number of cybercrime involving digital evidence will continue to increase as Internet become more intertwined in society. As criminals deny committing crime, Law Enforcement Agencies (LEAs) are hindered by the limited processing capabilities of human analysis. This paper presents a practical digital forensics framework of exploring ISO/IEC 27043: 2015 activities to lessen the caseload burden. It provides a suggestion for applying the Helix3 function to meet the need of incident investigation processes at scene or lab. While live investigative response at scene puts emphasis on finding actionable intelligence immediately, dead forensic analysis at lab pays great attention to reconstructing the case and conducting cross–examination to find the truth. Both are critical in the investigation response of cyber security incident.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Akhgar, B., Staniforth, A., Bosco, F.: Cyber Crime and Cyber Terrorism Investigator’s Handbook, pp. 88–90. Elsevier Publishing, Amsterdam (2014)

    Google Scholar 

  2. Andress, J., Winterfeld, S., Ablon, L.: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, 2nd edn., pp. 181–192. Elsevier Inc., Amsterdam (2014)

    Google Scholar 

  3. Bashir, M.S., Khan, M.N.A.: Triage in live digital forensic analysis. Int. J. Forensic Comput. Sci. (IJOFCS) 1(1), 35–44 (2013)

    Article  Google Scholar 

  4. Brooks, C.L.: CHFI Computer Hacking Forensic Investigator Certification All-in-One Exam Guide, 1st edn., pp. 13–50. McGraw-Hill Education, New York (2015)

    Google Scholar 

  5. Cantrell, G.: Implementing the automated phases of the partially-automated digital triage process model. Digit. Forensics Secur. Law 7(4), 99–116 (2012)

    Google Scholar 

  6. Casey, E.: Handbook of Digital Forensics and Investigation, pp. 21–208. Elsevier Inc., Amsterdam (2010)

    Google Scholar 

  7. Casey, E.: Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet, 3rd edn., pp. 187–306. Elsevier Inc., Amsterdam (2011)

    Google Scholar 

  8. Casey, E.: Differentiating the phases of digital investigations. Digit. Invest. 19, A1–A3 (2016)

    Article  Google Scholar 

  9. Official (ISC)2: CCFP-Certified Cyber Forensics Professional

    Google Scholar 

  10. E-fense. http://www.e-fense.com/. Accessed 16 Dec 2016

  11. Graves, M.W.: Digital Archaeology: The Art and Science of Digital Forensics, pp. 91–110, Addison-Wesley, Boston (2014)

    Google Scholar 

  12. International Organization for Standardization (ISO): ISO/IEC 27037:2012 - Information Technology: Guidelines for Identification, Collection, Acquisition and Preservation of Digital Evidence. ISO Office (2012)

    Google Scholar 

  13. International Organization for Standardization (ISO): ISO/IEC 27043:2015 Information Technology - Security Techniques - Incident Investigation Principles and Processes. ISO Office (2015)

    Google Scholar 

  14. Johnson, L.: Computer Incident Response and Forensics Team Management: Conducting a Successful Incident Response, pp. 97–184. Elsevier Inc., Amsterdam (2013)

    Google Scholar 

  15. Ligh, M.H., Case, A., Levy, J., Walters, A.: The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Wiley Inc., Hoboken (2014)

    Google Scholar 

  16. Mrdovic, S., Huseinovic, A., Zajko, E.: Combining static and live digital forensic analysis in virtual environment. In: 2009 IEEE ICAT XXII International Symposium on Information, Communication and Automation Technologies, pp. 1–6 (2009)

    Google Scholar 

  17. Oriyano, S.P.: CEH v9: Certified Ethical Hacker Version 9 Study Guide, 3rd edn., pp. 1–222. Wiley Inc., Hoboken (2016)

    Google Scholar 

  18. Pearson, S., Watson, R.: Digital Triage Forensics: Processing the Digital Crime Scene. Elsevier Inc., Amsterdam (2010)

    Google Scholar 

  19. Richet, J.L: Cybersecurity Policies and Strategies for Cyberwarfare Prevention, pp. 62–204. IGI Global, Hershey (2015)

    Google Scholar 

  20. Roger, A.E., Achille, M.M.: Multi-perspective cybercrime investigation process modeling. Int. J. Appl. Inf. Syst. (IJAIS) 2(2), 14–20 (2012)

    Google Scholar 

  21. Scientific Working Group on Digital Evidence (SWGDE): SWGDE Best Practices for Computer Forensics, Version: 3.1, pp. 5–7. Scientific Working Group on Digital Evidence, Virginia (2014)

    Google Scholar 

  22. Stephenson, P.: Official (ISC)2® Guide to the Certified Cyber Forensics Professional (CCFP) Common Body of Knowledge (CBK), pp. 293–404. Auerbach Publications, Boca Raton (2014)

    Google Scholar 

Download references

Acknowledgment

This research was partially supported by the Ministry of Science and Technology of the Republic of China under the Grants MOST 105-2221-E-015-001.

Author information

Authors and Affiliations

  1. New Taipei City Police Department, Haishan Precinct, New Taipei City, 220, Taiwan

    Shou-Ching Hsiao

  2. Department of Information Management, Central Police University, Taoyuan City, 333, Taiwan

    Da-Yu Kao

Authors
  1. Shou-Ching Hsiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Da-Yu Kao
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Da-Yu Kao .

Editor information

Editors and Affiliations

  1. Virginia Tech , Blacksburg, Virginia, USA

    G. Alan Wang

  2. The University of Hong Kong, Hong Kong, China

    Michael Chau

  3. The University of Arizona, Tucson, Arizona, USA

    Hsinchun Chen

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Hsiao, SC., Kao, DY. (2017). Differentiating the Investigation Response Process of Cyber Security Incident for LEAs. In: Wang, G., Chau, M., Chen, H. (eds) Intelligence and Security Informatics. PAISI 2017. Lecture Notes in Computer Science(), vol 10241. Springer, Cham. https://doi.org/10.1007/978-3-319-57463-9_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-57463-9_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-57462-2

  • Online ISBN: 978-3-319-57463-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation