Abstract
Increasing IT-Security breaches and the extensively growing loss due to fraud related incidents cause the need for being prepared for a digital investigation. A specific capability maturity model can assist organizations to determine their current state according to implement digital forensic readiness measures and get assistance to reach a desired level in having related capabilities implemented. This paper examines how such a model can assist in integrating digital forensic readiness related measures and to reach an appropriate maturity level. Through facilitating core elements of the IT-Governance framework COBIT 5 and the core characteristics of implementing digital forensic readiness a proposal for a specific capability maturity model has been conducted. In five maturity levels (Initial, Managed, Defined, Quantitatively Managed and Optimized) the different stages of implementing digital forensic readiness measures are represented. It can be shown that with the IT-Governance aligned model the implementation of digital forensic readiness can be assisted.
Similar content being viewed by others
Notes
https://dfr-check.uni-regensburg.de/ (the source code of the assessment tool is available upon request).
References
Ahmad, A., Hadgkiss, J., & Ruighaver, A. B. (2012). Incident response teams—Challenges in supporting the organisational security function. Computers & Security, 31(5), 643–652.
Becker, J., Knackstedt, R., & Pöppelbuß, J. (2009). Entwicklung von Reifegradmodellen für das IT-Management. Wirtschaftsinformatik, 51(3), 249–260. https://doi.org/10.1007/s11576-009-0167-9.
de Bruin, T., Freeze, R., Kaulkarni, U., & Rosemann, M. (2005). Understanding the main phases of developing a maturity assessment model.
Carrier, B., & Spafford, E. H. (2003). Getting physical with the digital investigation process. International Journal of Digital Evidence (IJDE), 2, 1–20.
Casey, E. (2005). Case study: Network intrusion investigation—Lessons in forensic preparation. Digital Investigation, 2(4), 254–260.
Chryssanthou, A., & Katos, V. (2012). Assessing forensic readiness. In Proceedings of the seventh international workshop on digital forensics & incident analysis (WDFIA 2012).
CMMI Product Team. (2010). CMMI® for Development, Version 1.3, Improving processes for developing better products and services. no. CMU/SEI-2010-TR-033. Software Engineering Institute.
Cohen, F. (2010). Toward a science of digital forensic evidence examination. In K. P. Chow & S. Shenoi (Eds.), Advances in Digital Forensics VI. IFIP Advances in Information and Communication Technology (pp. 17–35). Berlin: Springer.
Dewald, A. (2012). Formalisierung digitaler Spuren und ihre Einbettung in die Forensische Informatik. Erlangen: Universität Erlangen-Nürnberg.
Dowdy, J. (2012). The cyber security threat to US growth and prosperity. In N. Burns & J. Price (Eds.), Securing cyberspace: A new domain for national security. Washington, DC: Aspen Strategy Group.
Elyas, M., Ahmad, A., Maynard, S. B., & Lonie, A. (2015). Digital forensic readiness. Expert perspectives on a theoretical framework. Computers & Security, 52, 70–89. https://doi.org/10.1016/j.cose.2015.04.003.
Grobler, T., Louwrens, C. P., & von Solms, S. H. (2010). A framework to guide the implementation of proactive digital forensics in organisations. In ARES 2010, Fifth international conference on availability, reliability and security, 15–18 February 2010, Krakow, Poland (pp. 677–682). IEEE Computer Society.
Inman, K., & Rudin, N. (2000). Principles and practice of criminalistics: The profession of forensic science. Protocols in forensic science. Boca Raton: CRC Press.
ISACA. (2012). COBIT 5. A business framework for the governance and management of enterprise IT. Rolling Meadows, IL: ISACA.
Ivtchenko, D., & Sachowski, J. (Eds.). (2016). Implementing digital forensic readiness. From reactive to proactive process. Cambridge, MA: Syngress.
Jacobs, S. (2017). Reifegradmodelle (August 2017). Retrieved August 21, 2017 from http://www.enzyklopaedie-der-wirtschaftsinformatik.de/lexikon/is-management/Systementwicklung/reifegradmodelle.
Karie, N., & Karume, S. (2017). Digital forensic readiness in organizations: Issues and challenges. JDFSL. https://doi.org/10.15394/jdfsl.2017.1436.
Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to integrating forensic techniques into incident response. NIST SP 800-86.
Kerrigan, M. (2013). A capability maturity model for digital investigations. Digital Investigation, 10(1), 19–33. https://doi.org/10.1016/j.diin.2013.02.005.
Kessem, L., Kuhn, J., & Mueller, L. (2015). The Dyre Wolf Attacks on Corporate Banking Accounts. Retrieved August 7, 2017, from https://portal.sec.ibm.com/mss/html/en_US/support_resources/pdf/Dyre_Wolf_MSS_Threat_Report.pdf.
Kitten, T. (2015). FBI alert: Business Email Scam Losses Exceed 1.2 Billion. Retrieved August 7, 2017, from http://www.bankinfosecurity.com/fbi-alert-business-email-scam-losses-exceed-12-billion-a-8506.
Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT. Mirai and other botnets. Computer, 50(7), 80–84. https://doi.org/10.1109/MC.2017.201.
Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data breach. Business Horizons, 59(3), 257–266.
Meier, S., & Pernul, G. (2014). Einsatz von digitaler Forensik in Unternehmen und Organisationen. In Sicherheit 2014: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 7. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 19.-21. März 2014, Wien, Österreich (pp. 103–114). LNI, 228. GI.
Mouhtaropoulos, A., Grobler, M., & Li, C.-T. (2011). Digital forensic readiness: An insight into governmental and academic initiatives. In Proceedings of the 2011 European intelligence and security informatics conference. EISIC’11 (pp. 191–196). IEEE Computer Society.
Palmer, G. (2001). A road map for digital forensic research. In First digital forensic research workshop (DFRWS).
Pangalos, G., & Katos, V. (2010). Information assurance and forensic readiness. In A. B. Sideridis & C. Z. Patrikakis (Eds.), Next generation society: Technological and legal issues. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (pp. 181–188). Berlin: Springer.
Reddy, K., & Venter, H. S. (2013). The architecture of a digital forensic readiness management system. Computers & Security, 32, 73–89. https://doi.org/10.1016/j.cose.2012.09.008.
Reyes, A., & Wiles, J. (2007). Developing an enterprise digital investigative/electronic discovery capability. In The Best Damn Cybercrime (2007) (pp. 83–114).
Rowlingson, R. (2004). A ten step process for forensic readiness. International Journal of Digital Evidence (IJDE), 2, 3.
Shedden, P., Ahmad, A., & Ruighaver, A. B. (2010). Organisational learning and incident response: Promoting effective learning through the incident response process.
Shu, X., Tian, K., Ciambrone, A. et al. (2017). Breaking the target: An analysis of target data breach and lessons learned. arXiv preprint arXiv:1701.04940.
Stanwick, P. A., & Stanwick, S. D. (2014). A security breach at target: A different type of bulls eye. International Journal of Business and Social Science, 5, 12.
Tan, J. (2001). Forensic readiness.
Yasinsac, A., & Manzano, Y. (2001). Policies to enhance computer and network forensics. In Proceedings of the 2001 IEEE workshop on information assurance and security.
Acknowledgements
This article is an extended version of a paper presented at COMPSE 2018 (held at the Furama Hotel, Bangkok, Thailand, March 2018) which was kindly invited for a consideration in this journal. This work is partly performed under the BMBF-DINGfest project which is supported under contract by the German Federal Ministry of Education and Research (16KIS0501K).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Englbrecht, L., Meier, S. & Pernul, G. Towards a capability maturity model for digital forensic readiness. Wireless Netw 26, 4895–4907 (2020). https://doi.org/10.1007/s11276-018-01920-5
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11276-018-01920-5