research-article

Towards forensic-ready software systems

Authors:

Liliana Pasquale,

Claudia Peersman,

Bashar Nuseibeh,

Awais RashidAuthors Info & Claims

ICSE-NIER '18: Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results

Pages 9 - 12

https://doi.org/10.1145/3183399.3183426

Published: 27 May 2018 Publication History

Abstract

As software becomes more ubiquitous, and the risk of cyber-crimes increases, ensuring that software systems are forensic-ready (i.e., capable of supporting potential digital investigations) is critical. However, little or no attention has been given to how well-suited existing software engineering methodologies and practices are for the systematic development of such systems. In this paper, we consider the meaning of forensic readiness of software, define forensic readiness requirements, and highlight some of the open software engineering challenges in the face of forensic readiness. We use a real software system developed to investigate online sharing of child abuse media to illustrate the presented concepts.

References

[1]

1967. Katz v. United States. (1967), 347 pages.

[2]

Rui Abreu, Dave Archer, Erin Chapman, James Cheney, Hoda Eldardiry, and Adrià Gascón. 2016. Provenance Segmentation. In Proc. of the 8th USENIX Workshop on the Theory and Practice of Provenance.

Digital Library

[3]

D. Alrajeh, L. Pasquale, and B. Nuseibeh. 2017. On Evidence Preservation Requirements for Forensic-ready Systems. In Proc. of the 11th Joint Meeting on Foundations of Software Engineering. 559--569.

Digital Library

[4]

A. Avizienis, J. C. Laprie, B. Randell, and C. Landwehr. 2004. Basic concepts and taxonomy of dependable and secure computing. IEEE Transactions on Dependable and Secure Computing 1, 1 (2004), 11--33.

Digital Library

[5]

D. Barske, A. Stander, and J. Jordaan. 2010. A Digital Forensic Readiness framework for South African SME's. In Information Security for South Africa. 1--6.

[6]

Sheung Chi Chan, Ashish Gehani, James Cheney, Ripduman Sohan, and Hassaan Irshad. 2017. Expressiveness Benchmarking for System-Level Provenance. In Proc. of the 9th USENIX Workshop on the Theory and Practice of Provenance.

Digital Library

[7]

Symantec Corporation. 2017. Internet Security Threat Report. https://www.symantec.com/security-center/threat-report. (2017).

[8]

J. Cosic and M. Baca. 2010. Do We Have Full Control Over Integrity in Digital Evidence Life Cycle?. In Proc. of the 32nd International Conference on Information Technology Interfaces. 429--434.

[9]

M. Elyas, S. B. Maynard, A. Ahmad, and A. Lonie. 2014. Towards A Systemic Framework for Digital Forensic Readiness. Journal of Computer Information Systems 54, 3 (2014), 97--105.

[10]

B. Endicott-Popovsky, N. Kuntze, and C. Rudolph. 2015. Forensic readiness: Emerging discipline for creating reliable and secure digital evidence. Journal of Harbin Institute of Technology (New Series) 22 (2015), 1--8. Issue 1.

[11]

B. E. Endicott-Popovsky and D. A. Frincke. 2006. Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations. In Proc. of the IEEE Workshop on Information Assurance. 133--139.

[12]

S. L. Garfinkel. 2006. Forensic Feature Extraction and Cross-Drive Analysis. Digital Investigation 3 (2006), 71--81.

Digital Library

[13]

C. P. Grobler and C. P. Louwrens. {n. d.}. Digital Forensic Readiness as a Component of Information Security Best Practice. 13--24.

[14]

J. Grover. 2013. Android forensics: Automated Data Collection and Reporting from a Mobile Device. Digital Investigation 10 (2013), S12--S20.

Digital Library

[15]

I. Hong, H. Yu, S. Lee, and K. Lee. 2013. A New Triage Model Conforming to the Needs of Selective Search and Seizure of Electronic Evidence. Digital Investigation 10, 2 (2013), 175--192.

Digital Library

[16]

V. R. Kebande and H. S. Venter. 2016. On Digital Forensic Readiness in the Cloud Using a Distributed Agent-Based Solution: Issues and Challenges. Australian Journal of Forensic Sciences (2016), 1--30.

[17]

J. T. King, J. Stallings, M. Riaz, and L. Williams. 2017. To Log, or Not To Log: Using Heuristics to Identify Mandatory Log Events - A Controlled Experiment. Empirical Software Engineering 22, 5 (2017), 2684--2717.

Digital Library

[18]

R. McKemmish. 2008. When is Digital Evidence Forensically Sound? 3--15.

[19]

L. Pasquale, S. Hanvey, M. Mcgloin, and B. Nuseibeh. 2016. Adaptive Evidence Collection in the Cloud Using Attack Scenarios. Computers & Security 59 (2016), 236--254.

Digital Library

[20]

C. Peersman, C. Schulze, A. Rashid, M. Brennan, and C. Fischer. 2016. iCOP: Live Forensics to Reveal Previously Unknown Criminal Media on P2P Networks. Digital Investigation 18 (2016), 50--64.

Digital Library

[21]

MET Police. 2017. Figures released ahead of National Child Sexual Exploitation Awareness Day. (2017). Retrieved 23.10.2017 from http://news.met.police.uk/news/figures

[22]

A. Pooe and L. Labuschagne. 2012. A conceptual model for digital forensic readiness. In Information Security for South Africa. 1--8.

[23]

D. Quick and K. R. Choo. 2016. Big Forensic Data Reduction: Digital Forensic Images and Electronic Evidence. Cluster Computing 19, 2 (2016), 723--740.

Digital Library

[24]

R. Rowlingson. 2004. A Ten Step Process for Forensic Readiness. International Journal of Digital Evidence 2, 3 (2004), 1--28.

[25]

C. Shields, O. Frieder, and M. Maloof. 2011. A System for the Proactive, Continuous, and Efficient Collection of Digital Forensic Evidence. In Digital Investigations, Vol. 8. 3--13.

Digital Library

[26]

J. Stüttgen. 2011. Selective Imaging: Creating Efficient Forensic Images by Selecting Content First. Mannheim University (2011).

[27]

J. Tan. 2001. Forensic Readiness. Cambridge, MA:@ Stake (2001), 1--23.

[28]

P. Turner. 2006. Selective and Intelligent Imaging Using Digital Evidence Bags. Digital Investigation 3 (2006), 59--64.

Digital Library

[29]

M. Yoshizawa, H. Washizaki, Y. Fukazawa, T. Okubo, H. Kaiya, and N. Yoshioka. 2016. Implementation Support of Security Design Patterns Using Test Templates. Information 7, 2 (2016), 34.

[30]

S. A. Zonouz, K. R. Joshi, and W. H. Sanders. 2011. Floguard: Cost-Aware Systemwide Intrusion Defense Via Online Forensics and On-Demand IDS Deployment. In International conference on Computer safety, reliability, and security. Springer, 338--354.

Digital Library

Cited By

Daubner LMaksović SMatulevičius RBuhnova BSedlác̆ek T(2024)Forensic-Ready Analysis Suite: A Tool Support for Forensic-Ready Software Systems DesignResearch Challenges in Information Science10.1007/978-3-031-59468-7_6(47-55)Online publication date: 4-May-2024
https://doi.org/10.1007/978-3-031-59468-7_6
Monteiro DYu YZisman ANuseibeh B(2023)Adaptive Observability for Forensic-Ready Microservice SystemsIEEE Transactions on Services Computing10.1109/TSC.2023.329047416:5(3196-3209)Online publication date: Sep-2023
https://doi.org/10.1109/TSC.2023.3290474
Daubner LMacak MMatulevičius RBuhnova BMaksović SPitner T(2023)Addressing insider attacks via forensic-ready risk managementJournal of Information Security and Applications10.1016/j.jisa.2023.10343373:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103433
Show More Cited By

Recommendations

Verification of forensic readiness in software development: a roadmap
SAC '20: Proceedings of the 35th Annual ACM Symposium on Applied Computing

Nowadays, a growing need for the forensic investigation of cybercrimes emerges. It is because of the rising threat of those crimes in cyberspace. Nevertheless, such investigations are highly time-consuming with delicate supportive processes. The problem ...
Forensic experts' view of forensic‐ready software systems: A qualitative study
Abstract
Software engineers widely acknowledge the inclusion of security requirements in the early stages of the development process. However, the need to prepare the software for the failure of the implemented security controls and subsequent ...

We have organized a series of interviews with digital forensic experts on the notion of an ideal forensic‐ready software system, its properties, and behavior. The paper summarizes and discusses the problems and needs of forensic readiness as well as ...
A master of science curriculum in forensic engineering
FIE '01: Proceedings of the Frontiers in Education Conference, 2001. 31st Annual - Volume 02

Forensic engineering is a highly specialized field of engineering practice requiring engineering expertise and knowledge of legal procedures. Forensic engineering can be defined as the application of the engineering sciences to the investigation of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ICSE-NIER '18: Proceedings of the 40th International Conference on Software Engineering: New Ideas and Emerging Results

May 2018

130 pages

ISBN:9781450356626

DOI:10.1145/3183399

Conference Chairs:
Andrea Zisman
The Open University
,
Sven Apel
University of Passau, Germany

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering
IEEE-CS: Computer Society

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 May 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article

Conference

ICSE '18

Sponsor:

SIGSOFT
IEEE-CS

ICSE '18: 40th International Conference on Software Engineering

May 27 - June 3, 2018

Gothenburg, Sweden

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
276
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Daubner LMaksović SMatulevičius RBuhnova BSedlác̆ek T(2024)Forensic-Ready Analysis Suite: A Tool Support for Forensic-Ready Software Systems DesignResearch Challenges in Information Science10.1007/978-3-031-59468-7_6(47-55)Online publication date: 4-May-2024
https://doi.org/10.1007/978-3-031-59468-7_6
Monteiro DYu YZisman ANuseibeh B(2023)Adaptive Observability for Forensic-Ready Microservice SystemsIEEE Transactions on Services Computing10.1109/TSC.2023.329047416:5(3196-3209)Online publication date: Sep-2023
https://doi.org/10.1109/TSC.2023.3290474
Daubner LMacak MMatulevičius RBuhnova BMaksović SPitner T(2023)Addressing insider attacks via forensic-ready risk managementJournal of Information Security and Applications10.1016/j.jisa.2023.10343373:COnline publication date: 1-Mar-2023
https://dl.acm.org/doi/10.1016/j.jisa.2023.103433
Daubner LMatulevičius RBuhnova BPitner T(2023)BPMN4FRSS: An BPMN Extension to Support Risk-Based Development of Forensic-Ready Software SystemsEvaluation of Novel Approaches to Software Engineering10.1007/978-3-031-36597-3_2(20-43)Online publication date: 8-Jul-2023
https://doi.org/10.1007/978-3-031-36597-3_2
Daubner LMatulevičius RBuhnova BAntol MRůžička MPitner T(2023)A Case Study on the Impact of Forensic-Ready Information Systems on the Security PostureAdvanced Information Systems Engineering10.1007/978-3-031-34560-9_31(522-538)Online publication date: 8-Jun-2023
https://doi.org/10.1007/978-3-031-34560-9_31
Daubner LMatulevičius RBuhnova B(2023)A Model of Qualitative Factors in Forensic-Ready Software SystemsResearch Challenges in Information Science: Information Science and the Connected World10.1007/978-3-031-33080-3_19(308-324)Online publication date: 23-May-2023
https://doi.org/10.1007/978-3-031-33080-3_19
Daubner LBuhnova BPitner T(2023)Forensic experts' view of forensic‐ready software systems: A qualitative studyJournal of Software: Evolution and Process10.1002/smr.2598Online publication date: 12-Jul-2023
https://doi.org/10.1002/smr.2598
Alrimawi FPasquale LMehta DYoshioka NNuseibeh B(2022)Incidents are Meant for Learning, Not Repeating: Sharing Knowledge About Security Incidents in Cyber-Physical SystemsIEEE Transactions on Software Engineering10.1109/TSE.2020.298131048:1(120-134)Online publication date: 1-Jan-2022
https://doi.org/10.1109/TSE.2020.2981310
Ladislaus Msongaleli DPaschal Mgembe I(2022)Three-Tier Database Forensic Model2022 10th International Symposium on Digital Forensics and Security (ISDFS)10.1109/ISDFS55398.2022.9800755(1-3)Online publication date: 6-Jun-2022
https://doi.org/10.1109/ISDFS55398.2022.9800755
Akilal AKechadi M(2022)A Forensic-Ready Intelligent Transportation SystemScience and Technologies for Smart Cities10.1007/978-3-031-06371-8_39(617-630)Online publication date: 17-Jun-2022
https://doi.org/10.1007/978-3-031-06371-8_39
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten