FORZA Digital Forensics Investigation Framework that Incorporate Legal

  • Slides: 11
Download presentation
FORZA – Digital Forensics Investigation Framework that Incorporate Legal Issues Eric Ly

FORZA – Digital Forensics Investigation Framework that Incorporate Legal Issues Eric Ly

Digital Forensics? What is it? - It is a process, not an elephant, and

Digital Forensics? What is it? - It is a process, not an elephant, and it is not just one single process, but a group of tasks and processes in an investigation.

Fundamental Principles -IT Security - Confidentiality - Integrity - Availability -Digital Forensic - Reconnaissance

Fundamental Principles -IT Security - Confidentiality - Integrity - Availability -Digital Forensic - Reconnaissance - Reliability - Relevancy

RRR Reconnaissance - Collect, recover, decode, discover, extract, analyze and convert data that is

RRR Reconnaissance - Collect, recover, decode, discover, extract, analyze and convert data that is kept on different storage media to readable evidence. Reliability - If the integrity of the evidence and the person relationship with the evidence is accepted as digital forensics, then it can be reliable in court. Relevancy - Even if evidence is admissible, relevancy of the evidence with the case affects the weight and usefulness of the evidence. Use a legal practitioner to advise what should be collected, to reduce time and cost in investigation.

FORZA Framework • Eight Roles o Case leader o System/business owner o Legal advisor

FORZA Framework • Eight Roles o Case leader o System/business owner o Legal advisor o Security/system architect/auditor o Digital forensics specialist o Digital forensics investigator/system administrator/operator o Digital forensics analyst o Legal prosecutor

FORZA Framework cont.

FORZA Framework cont.

FORZA Framework cont. • • • To bind roles, responsibilities and procedures together, a

FORZA Framework cont. • • • To bind roles, responsibilities and procedures together, a technologyindependent digital forensics investigation framework would be required. Created by Zachman: FORensics ZAchman framework (FORZA) Each role or layers in this framework are interconnected to each other through sets of six categories of questions: o What o Why o How o Who o Where o When

Role example: Legal Advisor • • • Legal objectives (Why) o What is the

Role example: Legal Advisor • • • Legal objectives (Why) o What is the purpose of the dispute? Legal background and preliminary issues (What) o What data should be collected? Legal procedures for further investigation (How) o Is any warrant, search warrant required? Legal geography (Where) o Is that within jurisdiction of the country? Legal entities and participants (Who) o Who is/are the claimant/respondent? Legal timeframe (When) o What is the time limit of the case?

End • • Web hacking case Questions?

End • • Web hacking case Questions?

Reference Ieong, Ricci S. C. "FORZA – Digital Forensics Investigation Framework That Incorporate Legal

Reference Ieong, Ricci S. C. "FORZA – Digital Forensics Investigation Framework That Incorporate Legal Issues. " Digital Investigation 3 (2006): 29 -36. Web. 31 Oct. 2013. <http: //dfrws. org/2006/proceedings/4 -Ieong. pdf>.