August 1, 2006
Conference Paper

Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations

Abstract

A typical incident response pits technicians against networks that aren't prepared forensically. [1, 2] If practitioners do consider collecting network forensic data, they face a choice between expending extraordinary effort (time and money) collecting forensically sound data, or simply restoring the network as quickly as possible. In this context, the concept of organizational network forensic readiness has emerged. This paper proposes a methodology for "operationalizing" organizational network forensic readiness. The methodology, and the theoretical analysis that led to its development, are offered as a conceptual framework for thinking about more efficient, proactive approaches to digital forensics on networks.

Revised: June 8, 2010 | Published: August 1, 2006

Citation

Endicott-Popovsky B., and D.A. Frincke. 2006. Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations. In Proceedings of the 2006 IEEE Workshop on Information Assurance, 133-139. Piscataway, New Jersey:Institute of Electrical and Electronics Engineers. PNNL-SA-53734. doi:10.1109/IAW.2006.1652087