Skip to main content

Advertisement

Log in

Towards a capability maturity model for digital forensic readiness

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

Increasing IT-Security breaches and the extensively growing loss due to fraud related incidents cause the need for being prepared for a digital investigation. A specific capability maturity model can assist organizations to determine their current state according to implement digital forensic readiness measures and get assistance to reach a desired level in having related capabilities implemented. This paper examines how such a model can assist in integrating digital forensic readiness related measures and to reach an appropriate maturity level. Through facilitating core elements of the IT-Governance framework COBIT 5 and the core characteristics of implementing digital forensic readiness a proposal for a specific capability maturity model has been conducted. In five maturity levels (Initial, Managed, Defined, Quantitatively Managed and Optimized) the different stages of implementing digital forensic readiness measures are represented. It can be shown that with the IT-Governance aligned model the implementation of digital forensic readiness can be assisted.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. https://dfr-check.uni-regensburg.de/ (the source code of the assessment tool is available upon request).

References

  1. Ahmad, A., Hadgkiss, J., & Ruighaver, A. B. (2012). Incident response teams—Challenges in supporting the organisational security function. Computers & Security, 31(5), 643–652.

    Article  Google Scholar 

  2. Becker, J., Knackstedt, R., & Pöppelbuß, J. (2009). Entwicklung von Reifegradmodellen für das IT-Management. Wirtschaftsinformatik, 51(3), 249–260. https://doi.org/10.1007/s11576-009-0167-9.

    Article  Google Scholar 

  3. de Bruin, T., Freeze, R., Kaulkarni, U., & Rosemann, M. (2005). Understanding the main phases of developing a maturity assessment model.

  4. Carrier, B., & Spafford, E. H. (2003). Getting physical with the digital investigation process. International Journal of Digital Evidence (IJDE), 2, 1–20.

    Google Scholar 

  5. Casey, E. (2005). Case study: Network intrusion investigation—Lessons in forensic preparation. Digital Investigation, 2(4), 254–260.

    Article  Google Scholar 

  6. Chryssanthou, A., & Katos, V. (2012). Assessing forensic readiness. In Proceedings of the seventh international workshop on digital forensics & incident analysis (WDFIA 2012).

  7. CMMI Product Team. (2010). CMMI® for Development, Version 1.3, Improving processes for developing better products and services. no. CMU/SEI-2010-TR-033. Software Engineering Institute.

  8. Cohen, F. (2010). Toward a science of digital forensic evidence examination. In K. P. Chow & S. Shenoi (Eds.), Advances in Digital Forensics VI. IFIP Advances in Information and Communication Technology (pp. 17–35). Berlin: Springer.

    Google Scholar 

  9. Dewald, A. (2012). Formalisierung digitaler Spuren und ihre Einbettung in die Forensische Informatik. Erlangen: Universität Erlangen-Nürnberg.

    Google Scholar 

  10. Dowdy, J. (2012). The cyber security threat to US growth and prosperity. In N. Burns & J. Price (Eds.), Securing cyberspace: A new domain for national security. Washington, DC: Aspen Strategy Group.

    Google Scholar 

  11. Elyas, M., Ahmad, A., Maynard, S. B., & Lonie, A. (2015). Digital forensic readiness. Expert perspectives on a theoretical framework. Computers & Security, 52, 70–89. https://doi.org/10.1016/j.cose.2015.04.003.

    Article  Google Scholar 

  12. Grobler, T., Louwrens, C. P., & von Solms, S. H. (2010). A framework to guide the implementation of proactive digital forensics in organisations. In ARES 2010, Fifth international conference on availability, reliability and security, 1518 February 2010, Krakow, Poland (pp. 677–682). IEEE Computer Society.

  13. Inman, K., & Rudin, N. (2000). Principles and practice of criminalistics: The profession of forensic science. Protocols in forensic science. Boca Raton: CRC Press.

    Book  Google Scholar 

  14. ISACA. (2012). COBIT 5. A business framework for the governance and management of enterprise IT. Rolling Meadows, IL: ISACA.

    Google Scholar 

  15. Ivtchenko, D., & Sachowski, J. (Eds.). (2016). Implementing digital forensic readiness. From reactive to proactive process. Cambridge, MA: Syngress.

    Google Scholar 

  16. Jacobs, S. (2017). Reifegradmodelle (August 2017). Retrieved August 21, 2017 from http://www.enzyklopaedie-der-wirtschaftsinformatik.de/lexikon/is-management/Systementwicklung/reifegradmodelle.

  17. Karie, N., & Karume, S. (2017). Digital forensic readiness in organizations: Issues and challenges. JDFSL. https://doi.org/10.15394/jdfsl.2017.1436.

    Article  Google Scholar 

  18. Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to integrating forensic techniques into incident response. NIST SP 800-86.

  19. Kerrigan, M. (2013). A capability maturity model for digital investigations. Digital Investigation, 10(1), 19–33. https://doi.org/10.1016/j.diin.2013.02.005.

    Article  Google Scholar 

  20. Kessem, L., Kuhn, J., & Mueller, L. (2015). The Dyre Wolf Attacks on Corporate Banking Accounts. Retrieved August 7, 2017, from https://portal.sec.ibm.com/mss/html/en_US/support_resources/pdf/Dyre_Wolf_MSS_Threat_Report.pdf.

  21. Kitten, T. (2015). FBI alert: Business Email Scam Losses Exceed 1.2 Billion. Retrieved August 7, 2017, from http://www.bankinfosecurity.com/fbi-alert-business-email-scam-losses-exceed-12-billion-a-8506.

  22. Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT. Mirai and other botnets. Computer, 50(7), 80–84. https://doi.org/10.1109/MC.2017.201.

    Article  Google Scholar 

  23. Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data breach. Business Horizons, 59(3), 257–266.

    Article  Google Scholar 

  24. Meier, S., & Pernul, G. (2014). Einsatz von digitaler Forensik in Unternehmen und Organisationen. In Sicherheit 2014: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 7. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 19.-21. März 2014, Wien, Österreich (pp. 103–114). LNI, 228. GI.

  25. Mouhtaropoulos, A., Grobler, M., & Li, C.-T. (2011). Digital forensic readiness: An insight into governmental and academic initiatives. In Proceedings of the 2011 European intelligence and security informatics conference. EISIC’11 (pp. 191–196). IEEE Computer Society.

  26. Palmer, G. (2001). A road map for digital forensic research. In First digital forensic research workshop (DFRWS).

  27. Pangalos, G., & Katos, V. (2010). Information assurance and forensic readiness. In A. B. Sideridis & C. Z. Patrikakis (Eds.), Next generation society: Technological and legal issues. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (pp. 181–188). Berlin: Springer.

    Google Scholar 

  28. Reddy, K., & Venter, H. S. (2013). The architecture of a digital forensic readiness management system. Computers & Security, 32, 73–89. https://doi.org/10.1016/j.cose.2012.09.008.

    Article  Google Scholar 

  29. Reyes, A., & Wiles, J. (2007). Developing an enterprise digital investigative/electronic discovery capability. In The Best Damn Cybercrime (2007) (pp. 83–114).

  30. Rowlingson, R. (2004). A ten step process for forensic readiness. International Journal of Digital Evidence (IJDE), 2, 3.

    Google Scholar 

  31. Shedden, P., Ahmad, A., & Ruighaver, A. B. (2010). Organisational learning and incident response: Promoting effective learning through the incident response process.

  32. Shu, X., Tian, K., Ciambrone, A. et al. (2017). Breaking the target: An analysis of target data breach and lessons learned. arXiv preprint arXiv:1701.04940.

  33. Stanwick, P. A., & Stanwick, S. D. (2014). A security breach at target: A different type of bulls eye. International Journal of Business and Social Science, 5, 12.

    Google Scholar 

  34. Tan, J. (2001). Forensic readiness.

  35. Yasinsac, A., & Manzano, Y. (2001). Policies to enhance computer and network forensics. In Proceedings of the 2001 IEEE workshop on information assurance and security.

Download references

Acknowledgements

This article is an extended version of a paper presented at COMPSE 2018 (held at the Furama Hotel, Bangkok, Thailand, March 2018) which was kindly invited for a consideration in this journal. This work is partly performed under the BMBF-DINGfest project which is supported under contract by the German Federal Ministry of Education and Research (16KIS0501K).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ludwig Englbrecht.

Appendix 1: Indicators for determining the capability level of an enabler

Appendix 1: Indicators for determining the capability level of an enabler

See Tables 4, 5, 6, 7, 8, 9, 10 and 11.

Table 4 Indicators for the enabler principles, policies and frameworks
Table 5 Indicators for the enabler processes
Table 6 Indicators for the enabler organizational structures
Table 7 Indicators for the enabler information
Table 8 Indicators for the enabler culture, ethics and behavior
Table 9 Indicators for the enabler people, skills and competences
Table 10 Indicators for the enabler services, infrastructure and applications
Table 11 Required capability levels per enabler for a specific maturity level

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Englbrecht, L., Meier, S. & Pernul, G. Towards a capability maturity model for digital forensic readiness. Wireless Netw 26, 4895–4907 (2020). https://doi.org/10.1007/s11276-018-01920-5

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-018-01920-5

Keywords

Navigation