Abstract
In the last 10 years, Forensic computing (FC) has emerged in response to the challenges of illegal, criminal and other inappropriate on-line behaviours. As awareness of the need for the accurate and legally admissible collection, collation, analysis and presentation of digital data has grown, so has recognition of the challenges this requirement poses for technical, legal and organisational responses to these on-line behaviours. Despite recognition of the multi-dimensional nature of these behaviours and the challenges faced, agreement on coherent frameworks for understanding and responding to these issues, their impacts and their interrelationships appears to remain a long way off. As a consequence, while significant advances have been made within technical, organisational and legal ‘solution centred paradigms’, the net result appears to be a case of ‘winning the battles but losing the war’ on computer misuse and e-crime. This paper examines this situation and reflects on its implications for academic researchers’ methodological approach to understanding and responding to these challenges. This paper suggests the need to reconceptualise the term ‘solution’ and advocates an additional methodological step, (that it is anticipated will generate data) for the development of a framework to map the value propositions of, and interrelationships between the individual sets of responses within the dynamically evolving FC landscape. By exposing issues, responses and underlying assumptions it is anticipated that this will improve the possibility of calibrated responses that more effectively and coherently balance the interests for security, privacy and legal admissibility.
Similar content being viewed by others
References
Baryamureeba V., Tushabe F. (2004) The Enhanced Digital Investigation Process Model. Makerere University Institute of Computer Science, Uganda
Broucek, V., Frings, S., Turner, P. The Federal Court, the Music Industry and the Universities: Lessons for forensic computing specialists. In: Valli, C., Warren M., (eds). 1st Australian Computer, Network and Information Forensics Conference, Perth, WA, Australia (2003)
Broucek, V., Turner, P. Bridging the divide: rising awareness of forensic issues amongst systems administrators. In: 3rd International System Administration and Networking Conference, Maastricht, The Netherlands (2002)
Broucek, V., Turner, P. Computer incident investigations: e-forensic insights on evidence acquisition. In: Gattiker, U.E. (ed.) EICAR Conference Best Paper Proceedings, EICAR, Luxembourg, Grand Duchy of Luxembourg (2004)
Broucek, V., Turner, P. E-mail and WWW browsers: a forensic computing perspective on the need for improved user education for information systems security management. In: Khosrow-Pour, M. (ed.) 2002 Information Resources Management Association International Conference, pp. 931–932. IDEA Group, Seattle, Washington, USA (2002)
Broucek, V., Turner, P. A forensic computing perspective on the need for improved user education for information systems security management. In: Azari, R., (ed.) Current Security Management Ethical Issues of Information Technology, IGP/INFOSCI/IRM Press, Hershey, PA, USA (2003)
Broucek, V., Turner, P.: Forensic computing: developing a conceptual approach for an emerging academic discipline. In: Armstrong, H. (ed.). 5th Australian Security Research Symposium, pp. 55–68 School of Computer and Information Sciences, Faculty of Communications, Health and Science, Edith Cowan University, Western Australia, Perth, Australia (2001)
Broucek V., Turner P. (2001) forensic computing: developing a conceptual approach in the era of information warfare. J. Inf. Warf. 1, 95–108
Broucek, V., Turner, P. intrusion detection systems: issues and challenges in evidence acquisition. In: CTOSE Conference, Facultés Universitaires Notre-Dame De la Paix, Namur, Belgium (2003)
Broucek, V., Turner, P. intrusion detection: forensic computing insights arising from a case study on SNORT. In: Gattiker, U.E. (ed.) EICAR Conference Best Paper Proceedings, EICAR, Copenhagen, Denmark (2003)
Broucek V., Turner P. (2004) intrusion detection: issues and challenges in evidence acquisition. Int. Rev. Law, Comput. Technol. 18, 149–164
Broucek, V., Turner, P.Riding furiously in all directions implications of uncoordinated technical, organisational and legal responses to illegal or inappropriate on-line behaviours. In: Turner, P., Broucek, V., (eds). EICAR 2005 Conference Best Paper Proceedings, pp. 190–203 EICAR, Saint Julians, Malta, (2005)
Broucek, V., Turner, P. risks and solutions to problems arising from illegal or inappropriate on-line behaviours: two core debates within forensic computing. In: Gattiker, U. E. (ed.) EICAR Conference Best Paper Proceedings, pp. 206–219. EICAR, Berlin, Germany, (2002)
Broucek V., Turner P., Frings S. (2005) Music piracy, universities and the Australian Federal Court: issues for forensic computing specialists. Comput. Security Rep. 21, 30–37
Carrier B.D., Spafford E.H. Getting physical with the digital investigation Process, Int. J. Digit. Evidence 2, (2003)
Ciardhuáin, S.Ó. An extended model of cybercrime investigation. Int. J. Digit. Evidence 3, (2004)
CTOSE: CTOSE Project Final Results (2003)
Denning, D. E. Description of Key Escrow System (1997)
Denning, D. E.; Branstad, D. K. A taxonomy for key escrow encryption systems. Commun. ACM 39, (1996)
Doolin B. (1996) Alternative views of case research in information systems. Aust. J. Inf. Syst. 3, 21–29
Farmer, D., Venema, W. Murder on the Internet Express (1999)
Filiol, E. Personal communication (2006)
Glaser, B. G., Strauss, A. The Discovery of Grounded Theory: Strategies for Qualitative Research. Aldine Pub. Co., Chicago (1967)
Hanks, P. (ed.) The Collins Australian Pocket Dictionary of the English Language, HarperCollins Publishers (1991)
Hannan, M., Frings, S., Broucek, V., Turner, P. Forensic computing theory and practice: towards developing a for a standardised approach to computer misuse. In: Kinght, S.-A. (ed.). 1st Australian Computer, Network and Information Forensics Conference, Perth, WA, Australia (2003)
Hannan, M., Turner, P., Broucek, V. Refining the taxonomy of forensic computing in the era of E-crime: insights from a survey of Australian Forensic Computing Investigation (FCI) Teams. 4th Australian Information Warfare and IT Security Conference, Adelaide, SA, Australia, 151–158 (2003)
Leroux, O., Pérez Asinari, M. V. Collecting and producing electronic evidence in cybercrime cases. In: CTOSE Conference, Facultés Universitaires Notre-Dame De la Paix, Namur, Belgium (2003)
McKemmish, R. What is forensic computing. Trends and issues in crime and criminal justice (1999)
Palmer, G. A Road Map for Digital Forensic Research: Report from the First Digital Forensic Research Workshop (DFRWS), Utica, New York (2001)
Reith, M., Carr, C., Gunsch, G. An examination of digital forensic models; Int. J. Digit. Evidence 1, (2002)
Reno, J. Law enforcement in cyberspace address. In: Denning, D. E., Denning, P. J. (eds). Internet Besieged: Countering Cyberspace Scofflaws, pp. 439–447. ACM Press (1996)
Sato O., Broucek V., Turner P. (2005) Electronic evidence management for computer incident investigations: a prospect of CTOSE. Security Manage. 18, 11–18
Strauss, A., Corbin, J. M. Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications, Thousand Oaks (1998)
Urry, R., Mitchison, N. CTOSE Project. Electronic evidence: gathering, securing, integrating, presenting. In: CTOSE Conference. Facultés Universitaires Notre-Dame De la Paix, Namur, Belgium (2003)
Venema, W., Farmer, D. SATAN (Security Administrator Tool for Analyzing Networks) (1995)
Verreck, P. Case study – vindictive e-mail. Int. J. Forensic Comput. (2000) http://www.forensic-computing.com/ archives/vind.html
Verreck, P. Presenting the evidence. Int. J. Forensic Comput. (2000) http://www.forensic-computing.com/archives/present. html
Zimmerman, P. A note to PGP users (2001)
Zimmerman, P. Testimony of Philip R. Zimmerman to the Subcommittee on Science, Technology, and Space of the US Senate Committee on Commerce, Science, and Transportation (1996)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Broucek, V., Turner, P. Winning the Battles, Losing the War? Rethinking Methodology for Forensic Computing Research. J Comput Virol 2, 3–12 (2006). https://doi.org/10.1007/s11416-006-0018-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-006-0018-9