Skip to main content
SpringerLink
Log in
Book cover

Australasian Conference on Information Security and Privacy

ACISP 2016: Information Security and Privacy pp 249–262Cite as

Exploring the Space of Digital Evidence – Position Paper

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9722))

Abstract

Digital evidence is much more than what is acquired during forensic investigations. In particular when building systems that are supposed to provide secure digital evidence it is necessary to clearly define requirements. Various work on forensic evidence provides different sets of such requirements. Also ISO standardization work is concerned with forensic evidence. However, currently there is no full overview of the different relevant areas for digital evidence that can be used for guidance in the requirement phase of system engineering. Furthermore, a rigorous specification of requirements for digital evidence is missing. Formal methods have been applied to security protocols and other types of requirements, but not to describe the various requirements of digital evidence.

One approach towards defining the available space for digital evidence suggests three dimensions. First, and most obviously, is the time when data is collected, processed, retained and correlated for potential forensic use. This dimension includes data collected at run-time, data collected for particular transactions, in case of deviations, for incidents, “post-mortem” forensic investigations, and the digitization of evidence for court procedures. The second dimension describes the goal for which digital evidence is produced. This can be either for showing compliance, i.e. for proving that somebody was not responsible for some incident or for showing malicious events that happened and to find who did what. Finally, the third dimension consists of the actual information to be documented. Examples are the documentation of the normal system behaviour, compliance information, accidents, safety issues, malicious behaviour, identity information and various relevant parameters. A formal framework for security requirements that was developed for security requirements engineering is one promising candidate to derive a precise characterization of requirements for digital evidence in the different areas of the available evidence space.

This paper is a position paper to drive the discussion and development in forensic readiness and security of digital evidence.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. ISO/IEC DIS 27043. Information technology - security techniques - incident investigation principles and processes. Under development

    Google Scholar 

  2. Abadi, M., Tuttle, M.R.: A semantics for a logic of authentication. In: Tenth Annual ACM Symposium on Principles of Distributed Computing, Montreal, Canada, pp. 201–216, August 1991

    Google Scholar 

  3. Akdeniz, Y., Taylor, N., Walker, C.: Regulation of Investigatory Powers Act 2000 (1): Bigbrother. gov. uk: State surveillance in the age of information and rights [2001]. Criminal Law Review, pp. 73–90 (2001)

    Google Scholar 

  4. Auernhammer, H.: Precision farming the environmental challenge. Comput. Electron. Agric. 30(1), 31–43 (2001)

    Article  Google Scholar 

  5. Quick, D., Martini, B., Choo, R.: Cloud Sorage Forensics. Syngress, Waltham (2013)

    Google Scholar 

  6. Do, Q., Martini, B., Choo, K.R.: A forensically sound adversary model for mobile devices. PLoS ONE 10(9), e0138449 (2015)

    Article  Google Scholar 

  7. Elyas, M., Ahmad, A., Maynard, S.B., Lonie, A.: Digital forensic readiness: expert perspectives on a theoretical framework. Comput. Secur. 52, 70–89 (2015)

    Article  Google Scholar 

  8. Endicott-Popovsky, B., Frincke, D., Taylor, C.: A theoretical framework for organizational network forensic readiness. J. Comput. 2(3), 1–11 (2007)

    Article  Google Scholar 

  9. Gleave, S.: The mechanics of lawful interception. Netw. Secur. 2007(5), 8–11 (2007)

    Article  Google Scholar 

  10. Gürgens, S., Ochsenschläger, P., Rudolph, C.: Authenticity and provability - a formal framework. In: Davida, G.I., Frankel, Y., Rees, O. (eds.) InfraSec 2002. LNCS, vol. 2437, pp. 227–245. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Gürgens, S., Ochsenschläger, P., Rudolph, C.: Abstractions preserving parameter confidentiality. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 418–437. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  12. Gürgens, S., Ochsenschläger, P., Rudolph, C.: On a formal framework for security properties. Int. Comput. Stan. Interface J. (CSI) 27(5), 457–466 (2005). Special issue on formal methods, techniques, tools for secure, reliable applications

    Article  Google Scholar 

  13. Kuntze, N., Rudolph, C., Alva, A., Endicott-Popovsky, B., Christiansen, J., Kemmerich, T.: On the creation of reliable digital evidence. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics VIII. IFIP Advances in Information and Communication Technology, vol. 383, pp. 3–17. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  14. Kebande, V.R., Venter, H.S.: Adding event reconstruction to a cloud forensic readiness model. In: Information Security for South Africa (ISSA) 2015, pp. 1–9, August 2015

    Google Scholar 

  15. Rahman, N.H., Glisson, W.B., Yang, Y., Choo, K.R.: Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput. 3(1), 50–59 (2016)

    Article  Google Scholar 

  16. Reddy, K., Venter, H.S., Olivier, M.S.: Using time-driven activity-based costing to manage digital forensic readiness in large organisations. Inf. Syst. Front. 14(5), 1061–1077 (2012)

    Article  Google Scholar 

  17. ETC-STAG. Security techniques advisory group (stag); definition of user requirements for lawful interception of telecommunications: requirements of the law enforcement agencies (1996)

    Google Scholar 

  18. Van Staden, R.F., Venter, H.S.: Using performance monitoring software to implement digital forensics readiness. In: 8th Annual IFIP WG 11.9 International Conference on Digital Forensics (2011)

    Google Scholar 

  19. Wang, N., Zhang, N., Wang, M.: Wireless sensors in agriculture and food industryrecent development and future perspective. Comput. Electron. Agric. 50(1), 1–14 (2006)

    Article  Google Scholar 

  20. Wedel, G., Kessler, V.: Formal semantics for authentication logics. In: Martella, G., Kurth, H., Montolivo, E., Bertino, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 219–241. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  21. Wolf, S.A., Wood, S.D.: Precision farming: environmental legitimation, commodification of information, and industrial coordination1. Rural Sociol. 62(2), 180–206 (1997)

    Article  Google Scholar 

Download references

Acknowledgements

The authors thank all participants of the Dagstuhl Seminar Digital Evidence and Forensic Readiness 2014 for useful feedback to an early version of the digital evidence space developed on a black board at Schloss Dagstuhl, and for intensive and fruitful discussions on the topic.

Author information

Authors and Affiliations

  1. Faculty of Information Technology, Monash University, Clayton, Australia

    Carsten Rudolph

Authors
  1. Carsten Rudolph
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carsten Rudolph .

Editor information

Editors and Affiliations

  1. Monash University, Melbourne, Victoria, Australia

    Joseph K. Liu

  2. Monash University, Melbourne, Victoria, Australia

    Ron Steinfeld

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Rudolph, C. (2016). Exploring the Space of Digital Evidence – Position Paper. In: Liu, J., Steinfeld, R. (eds) Information Security and Privacy. ACISP 2016. Lecture Notes in Computer Science(), vol 9722. Springer, Cham. https://doi.org/10.1007/978-3-319-40253-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-40253-6_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-40252-9

  • Online ISBN: 978-3-319-40253-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation