Guide to integrating forensic techniques into incident response

Kent, Karen; Chevalier, Suzanne; Grance, Tim; Dang, Hung

doi:10.6028/nist.sp.800-86

Cited by 376 publications

(250 citation statements)

References 1 publication

Supporting

Mentioning

231

Contrasting

Unclassified

Order By: Relevance

“…In total, 18 models were evaluated against the criteria identified (Agarwal, Gupta, Gupta, & Gupta, 2011;Baryamureeba & Tushabe, 2004;Beebe & Clark, 2004;Bogan & Dampier, 2005;Carrier & Spafford, 2003;Ciardhuain, 2004;Freiling & Schwittay, 2007;Ieong, 2006;Kent, Chevalier, Grance, & Dang, 2006;Khatir, Hejazi, & Sneiders, 2008;Kohn, Eloff, & Olivier, 2006;Mann, 2004;Reith et al, 2002;Rogers, 2006;Selamat et al, 2008;Stephenson, 2003;Venter, 2006;Wang & Yu, 2007). Each existing model was reviewed to determine which, if any, of the identified assessment criteria had been met by that model.…”

Section: Model Design and Developmentmentioning

confidence: 99%

The Advanced Data Acquisition Model (Adam): A Process Model for Digital Forensic Practice

Adams

Hobbs

Mann

2013

JDFSL

View full text Add to dashboard Cite

As with other types of evidence, the courts make no presumption that digital evidence is reliable without some evidence of empirical testing in relation to the theories and techniques associated with its production. The issue of reliability means that courts pay close attention to the manner in which electronic evidence has been obtained and in particular the process in which the data is captured and stored. Previous process models have tended to focus on one particular area of digital forensic practice, such as law enforcement, and have not incorporated a formal description. We contend that this approach has prevented the establishment of generally-accepted standards and processes that are urgently needed in the domain of digital forensics. This paper presents a generic process model as a step towards developing such a generally-accepted standard for a fundamental digital forensic activity-the acquisition of digital evidence.

show abstract

Section: Model Design and Developmentmentioning

confidence: 99%

The Advanced Data Acquisition Model (Adam): A Process Model for Digital Forensic Practice

Adams

Hobbs

Mann

2013

JDFSL

View full text Add to dashboard Cite

show abstract

“…Some of them are in draft form, and a few of them have been already published. There is also a lack of standardized data sets that are available for research purposes [17].…”

Section: Integrated Management Model Of the Corporate Df Investigationmentioning

confidence: 99%

Integrated management model of the corporate digital forensic investigation

et al. 2016

View full text Add to dashboard Cite

Original scientific paper Metrics of the key performances indicators (KPIs) should be established into corporate digital forensic (DF) investigation process management to encourage performances effectiveness and efficiency improvement. The KPIs should lead to a quantitative assessment of gains in the DF investigation objectives, such as creating proved digital evidence (DE), reducing costs and DF investigation cycle time, etc. The KPIs metrics should address alignment with DF principles and standard operating procedures (SOP), forensic and legal requirements, digital evidence (DE) quality, stakeholder satisfaction and digital evidence legal admissibility. As a tool for quality improvement of the DF investigation processes, the KPIs metrics should be well defined and understood, and introduced by all stakeholders in the DF investigation process. The authors of this article suggested an integrated model of the corporate DF investigation management process. The model includes key activities, resources, performances objectives, risks and the KPIs metric. It is relevant for the development and management of the effective corporate DF investigation processes. Keywords: DF investigation process management; DF process performance; DF KPI metric; DF process management quality; integrated model Integrirani model upravljanja korporativnom digitalnom forenzičkom istragomIzvorni znanstveni članak Metrici indikatora ključnih performansi (KPI) treba uspostaviti u upravljačkom sustavu procesa korporativne digitalne forenzičke (DF) istrage, kako bi se ohrabrilo poboljšanje efektivnosti i efikasnosti performansi procesa. Oni trebaju omogućiti kvantitativnu procjenu dobiti u ciljevima DF istrage, kao što su izgradnja čvrstih digitalnih dokaza (DE), redukcija troškova i ciklusa DF istrage itd. Metrici KPI trebaju uključiti usklađivanje s DF principima i standardima, standardnim operativnim procedurama (SOP), forenzičkim i legalnim zahtjevima, smanjenjem troškova, kvalitetom DE, zadovoljstvom relevantnih sudionika i pravosudnom prihvatljivosti DE. Kao alat za poboljšanje kvaliteta procesa DF istrage, metrici KPI trebaju biti dobro definirani i shvaćena te da ih svi relevantni sudionici uvode u proces DF istrage. Autori ovog rada sugeriraju jedan integrirani model upravljanja procesom korporacijske DF istrage, koji obuhvaća ključne aktivnosti, resurse, ciljeve performansi, rizike i metrike KPI. Model je relevantan za razvoj i upravljanje efektivnim procesima DF istrage.

show abstract

“…The methodology that the researcher used were following the guideline of forensically examining artifacts by the NIST [13]. The methodology was divided into three processes.…”

Section: Related Workmentioning

confidence: 99%

Acquiring Cybercrime Evidence on Mobile Global Positioning System (Gps): Review

Abdullah¹,

Rashid²

2017

Acta electron. Malays.

View full text Add to dashboard Cite

The use of Global Positioning System (GPS) as a device for finding directions is increasing from time to time. Within this growth, developers have taken a new inventiveness to apply this GPS system in a new environment. This new environment is called Internet of Thing (IoT) environment. This environment involves the device that connect to the internet such as smartphones and tablets. With this successful application, the mobile GPS has opened up a new space for forensic experts to get useful evidence in criminal cases. The connection between smartphone and GPS has raised the demand to examine the stored content of the devices. The stored content might include certain information such as home location, entered address or location, journey starts, ends and last GPS, call records and SMS. This critical data can be used in whole range of crime cases especially triage cases, for example, kidnapping cases, hit and run cases and many others.

show abstract

Guide to integrating forensic techniques into incident response

Cited by 376 publications

References 1 publication

The Advanced Data Acquisition Model (Adam): A Process Model for Digital Forensic Practice

The Advanced Data Acquisition Model (Adam): A Process Model for Digital Forensic Practice

Integrated management model of the corporate digital forensic investigation

Acquiring Cybercrime Evidence on Mobile Global Positioning System (Gps): Review

Contact Info

Product

Resources

About