A typical incident response pits technicians against networks that aren't prepared forensically. [1, 2] If practitioners do consider collecting network forensic data, they face a choice between expending extraordinary effort (time and money) collecting forensically sound data, or simply restoring the network as quickly as possible. In this context, the concept of organizational network forensic readiness has emerged. This paper proposes a methodology for "operationalizing" organizational network forensic readiness. The methodology, and the theoretical analysis that led to its development, are offered as a conceptual framework for thinking about more efficient, proactive approaches to digital forensics on networks.
Revised: June 8, 2010 |
Published: August 1, 2006
Citation
Endicott-Popovsky B., and D.A. Frincke. 2006.Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations. In Proceedings of the 2006 IEEE Workshop on Information Assurance, 133-139. Piscataway, New Jersey:Institute of Electrical and Electronics Engineers.PNNL-SA-53734.doi:10.1109/IAW.2006.1652087