The Experts below are selected from a list of 14922 Experts worldwide ranked by ideXlab platform
Hein S. Venter - One of the best experts on this subject based on the ideXlab platform.
-
ISSA - Evaluation and analysis of a software prototype for guidance and implementation of a standardized digital forensic Investigation Process
2015 Information Security for South Africa (ISSA), 2015Co-Authors: Melissa Ingels, Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital forensic Investigation requires a standardized and formalized Process to be followed. The authors have contributed to the creation of an international standard on digital forensic Investigation Process, namely ISO/IEC 27043:2015, which was published in 2015. However, currently, there exists no application that would guide a digital forensic investigator to implement such a standardized Process. The prototype of such an application has been developed by the authors and presented in their previous work. The prototype is in the form of a software application which has two main functionalities. The first functionality is to act as an expert system that can be used for guidance and training of novice investigators. The second functionality is to enable reliable logging of all actions taken within the Investigation Processes, enabling the validation of use of a correct Process. The benefits of such a prototype include possible improvement in efficiency and effectiveness of an Investigation and easier training of novice investigators. The last, and possibly most important benefit, includes that higher admissibility of digital evidence will be possible due to the fact that it will be easier to show that the standardized Process was followed. This paper presents an evaluation of the prototype. Evaluation was performed in order to measure the usability and the quality of the prototype software, as well as the effectiveness of the prototype. The evaluation of the prototype consisted of two main parts. The first part was a software usability evaluation, which was performed using the Software Usability Measurement Inventory (SUMI), a reliable method of measuring software usability and quality. The second part of evaluation was in a form of a questionnaire set up by the authors, with the aim to evaluate whether the prototype meets its goals. The results indicated that the prototype reaches most of its goals, that it does have intended functionalities and that it is realatively easy to learn and use. Areas of improvement and future work were also identified in this work.
-
A Comprehensive and Harmonized Digital Forensic Investigation Process Model
Journal of Forensic Sciences, 2015Co-Authors: Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital forensic Investigation (DFI) requires a standardized and formalized Process. There is currently neither an international standard nor does a global, harmonized DFI Process (DFIP) exist. The authors studied existing state-of-the-art DFIP models and concluded that there are significant disparities pertaining to the number of Processes, the scope, the hierarchical levels, and concepts applied. This paper proposes a comprehensive model that harmonizes existing models. An effort was made to incorporate all types of Processes proposed by the existing models, including those aimed at achieving digital forensic readiness. The authors introduce a novel class of Processes called concurrent Processes. This is a novel contribution that should, together with the rest of the model, enable more efficient and effective DFI, while ensuring admissibility of digital evidence. Ultimately, the proposed model is intended to be used for different types of DFI and should lead to standardization.
-
Introduction of concurrent Processes into the digital forensic Investigation Process
Australian Journal of Forensic Sciences, 2015Co-Authors: Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital forensic Investigation requires a formalised Process to be followed. It also requires that certain principles are applied, such as preserving of digital evidence and documenting actions. The need for a harmonised and standardised digital forensic Investigation Process has been recognised in the digital forensics community and much scientific work has been undertaken to produce digital forensic Investigation Process models, albeit with many disparities within the different models. The problem is that these existing models do not include any Processes dealing explicitly with concurrent digital forensic principles. This leaves room for human error and omissions, as there is a lack of clear guidelines on the implementation of digital forensic principles. This paper proposes the introduction of concurrent Processes into the digital forensic Investigation Process model. The authors define concurrent Processes as the actions that should be conducted in parallel with other Processes within th...
-
Evaluation and analysis of a software prototype for guidance and implementation of a standardized digital forensic Investigation Process
2015 Information Security for South Africa (ISSA), 2015Co-Authors: Melissa Ingels, Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital forensic Investigation requires a standardized and formalized Process to be followed. The authors have contributed to the creation of an international standard on digital forensic Investigation Process, namely ISO/IEC 27043:2015, which was published in 2015. However, currently, there exists no application that would guide a digital forensic investigator to implement such a standardized Process. The prototype of such an application has been developed by the authors and presented in their previous work. The prototype is in the form of a software application which has two main functionalities. The first functionality is to act as an expert system that can be used for guidance and training of novice investigators. The second functionality is to enable reliable logging of all actions taken within the Investigation Processes, enabling the validation of use of a correct Process. The benefits of such a prototype include possible improvement in efficiency and effectiveness of an Investigation and easier training of novice investigators. The last, and possibly most important benefit, includes that higher admissibility of digital evidence will be possible due to the fact that it will be easier to show that the standardized Process was followed. This paper presents an evaluation of the prototype. Evaluation was performed in order to measure the usability and the quality of the prototype software, as well as the effectiveness of the prototype. The evaluation of the prototype consisted of two main parts. The first part was a software usability evaluation, which was performed using the Software Usability Measurement Inventory (SUMI), a reliable method of measuring software usability and quality. The second part of evaluation was in a form of a questionnaire set up by the authors, with the aim to evaluate whether the prototype meets its goals. The results indicated that the prototype reaches most of its goals, that it does have intended functionalities and that it is realatively easy to learn and use. Areas of improvement and future work were also identified in this work.
-
ISSA - Mobile forensics using the harmonised digital forensic Investigation Process
2014 Information Security for South Africa, 2014Co-Authors: Emilio Raymond Mumba, Hein S. VenterAbstract:Mobile technology is among the fastest developing technologies that have changed the way we live our daily lives. Over the past few years, mobile devices have become the most popular form of communication around the world. However, bundled together with the good and advanced capabilities of the mobile technology, mobile devices can also be used to perform various activities that may be of malicious intent or criminal in nature. This makes mobile devices a valuable source of digital evidence. For this reason, the technological evolution of mobile devices has raised the need to develop standardised Investigation Process models and procedures within the field of digital forensics. This need further supports the fact that forensic examiners and investigators face challenges when performing data acquisition in a forensically sound manner from mobile devices. This paper, therefore, aims at testing the harmonised digital forensic Investigation Process through a case study of a mobile forensic Investigation. More specifically, an experiment was conducted that aims at testing the performance of the harmonised digital forensic Investigation Process (HDFIP) as stipulated in the ISO/IEC 27043 draft international standard through the extraction of potential digital evidence from mobile devices.
Daniel P. Bredenkamp - One of the best experts on this subject based on the ideXlab platform.
-
A generic Investigation Process for South African commercial forensic practitioners
Journal of Financial Crime, 2020Co-Authors: Jacobus Gerhardus J. Nortje, Daniel P. BredenkampAbstract:Purpose The purpose of this paper is to critically analyse and discuss the identification of a generic Investigation Process to be followed by the commercial forensic practitioner in South Africa. Design/methodology/approach This paper is a cross-sectional design that commenced with a review of the current available literature, highlighting the different approaches, Processes and best practices used in local and international forensic practices. The methodology includes primary data collected with questionnaires from commercial forensic practitioner (N = 75) Process users. Findings This paper identifies the following five distinct categories in the forensic Investigation Process, with sub-Processes, namely, initiation, planning, execution, reporting and reflection. Research limitations/implications The study focuses only on the South African members of the Institute of Commercial Forensic Practitioners (ICFP) fraternity in South Africa as the ICFP is a leading body that, through membership, offers a recognised professional qualification in commercial forensics. Practical implications An Investigation Process for commercial forensic practitioners in South Africa could be used by the ICFP that would provide a governance structure for the ICFP. Originality/value The originality of this paper lies in setting out of an account of forensic accounting Processes and best practices nationally and internationally. The missing knowledge is that no such research is known to have been conducted in South Africa. Currently, to the authors’ knowledge, no formalised Investigation Process exists. The contribution of the study is that by using an Investigation Process, it may enhance the quality of forensic Investigations and contribute to the successful Investigation and prosecution of commercial crime in South Africa that will be beneficial to all stakeholders.
-
A generic Investigation Process for South African commercial forensic practitioners
Journal of Financial Crime, 2020Co-Authors: Jacobus Gerhardus J. Nortje, Daniel P. BredenkampAbstract:The purpose of this paper is to critically analyse and discuss the identification of a generic Investigation Process to be followed by the commercial forensic practitioner in South Africa.,This paper is a cross-sectional design that commenced with a review of the current available literature, highlighting the different approaches, Processes and best practices used in local and international forensic practices. The methodology includes primary data collected with questionnaires from commercial forensic practitioner (N = 75) Process users.,This paper identifies the following five distinct categories in the forensic Investigation Process, with sub-Processes, namely, initiation, planning, execution, reporting and reflection.,The study focuses only on the South African members of the Institute of Commercial Forensic Practitioners (ICFP) fraternity in South Africa as the ICFP is a leading body that, through membership, offers a recognised professional qualification in commercial forensics.,An Investigation Process for commercial forensic practitioners in South Africa could be used by the ICFP that would provide a governance structure for the ICFP.,The originality of this paper lies in setting out of an account of forensic accounting Processes and best practices nationally and internationally. The missing knowledge is that no such research is known to have been conducted in South Africa. Currently, to the authors’ knowledge, no formalised Investigation Process exists. The contribution of the study is that by using an Investigation Process, it may enhance the quality of forensic Investigations and contribute to the successful Investigation and prosecution of commercial crime in South Africa that will be beneficial to all stakeholders.
Khaled S. Alghathbar - One of the best experts on this subject based on the ideXlab platform.
-
ICITST - Quaternary privacy-levels preservation in computer forensics Investigation Process
2011Co-Authors: Waleed Halboob, Muhammad Abulaish, Khaled S. AlghathbarAbstract:Privacy preservation and computer forensics Investigation are two contradictory information security directions. The privacy preservation principle stress on utmost protection of users privacy as privacy is a right, whereas computer forensics Investigation attempts to unearth user data for possible digital evidences hidden within them. Although, a number of research efforts have been directed towards privacy preservation during forensics Investigation Process and consequently, forensics tools are in existence, most of them employ binary privacy levels, i.e., user privacy is either fully protected or not at all. In this paper, we introduce the concept of quaternary privacy levels and their protection mechanism in computer forensics Investigation Process. The privacy levels are identified on the basis of different entities and their participation roles during a computer forensics Investigation Process and represent different granule of privacy that can be enforced by the court of law depending on the nature of crime to be investigated. We also re-define the forensics Investigation steps to regard different privacy levels for an Investigation Process.
-
Quaternary privacy-levels preservation in computer forensics Investigation Process
2011 International Conference for Internet Technology and Secured Transactions, 2011Co-Authors: Waleed Halboob, Muhammad Abulaish, Khaled S. AlghathbarAbstract:Privacy preservation and computer forensics Investigation are two contradictory information security directions. The privacy preservation principle stress on utmost protection of users privacy as privacy is a right, whereas computer forensics Investigation attempts to unearth user data for possible digital evidences hidden within them. Although, a number of research efforts have been directed towards privacy preservation during forensics Investigation Process and consequently, forensics tools are in existence, most of them employ binary privacy levels, i.e., user privacy is either fully protected or not at all. In this paper, we introduce the concept of quaternary privacy levels and their protection mechanism in computer forensics Investigation Process. The privacy levels are identified on the basis of different entities and their participation roles during a computer forensics Investigation Process and represent different granule of privacy that can be enforced by the court of law depending on the nature of crime to be investigated. We also re-define the forensics Investigation steps to regard different privacy levels for an Investigation Process.
Jacobus Gerhardus J. Nortje - One of the best experts on this subject based on the ideXlab platform.
-
A generic Investigation Process for South African commercial forensic practitioners
Journal of Financial Crime, 2020Co-Authors: Jacobus Gerhardus J. Nortje, Daniel P. BredenkampAbstract:Purpose The purpose of this paper is to critically analyse and discuss the identification of a generic Investigation Process to be followed by the commercial forensic practitioner in South Africa. Design/methodology/approach This paper is a cross-sectional design that commenced with a review of the current available literature, highlighting the different approaches, Processes and best practices used in local and international forensic practices. The methodology includes primary data collected with questionnaires from commercial forensic practitioner (N = 75) Process users. Findings This paper identifies the following five distinct categories in the forensic Investigation Process, with sub-Processes, namely, initiation, planning, execution, reporting and reflection. Research limitations/implications The study focuses only on the South African members of the Institute of Commercial Forensic Practitioners (ICFP) fraternity in South Africa as the ICFP is a leading body that, through membership, offers a recognised professional qualification in commercial forensics. Practical implications An Investigation Process for commercial forensic practitioners in South Africa could be used by the ICFP that would provide a governance structure for the ICFP. Originality/value The originality of this paper lies in setting out of an account of forensic accounting Processes and best practices nationally and internationally. The missing knowledge is that no such research is known to have been conducted in South Africa. Currently, to the authors’ knowledge, no formalised Investigation Process exists. The contribution of the study is that by using an Investigation Process, it may enhance the quality of forensic Investigations and contribute to the successful Investigation and prosecution of commercial crime in South Africa that will be beneficial to all stakeholders.
-
A generic Investigation Process for South African commercial forensic practitioners
Journal of Financial Crime, 2020Co-Authors: Jacobus Gerhardus J. Nortje, Daniel P. BredenkampAbstract:The purpose of this paper is to critically analyse and discuss the identification of a generic Investigation Process to be followed by the commercial forensic practitioner in South Africa.,This paper is a cross-sectional design that commenced with a review of the current available literature, highlighting the different approaches, Processes and best practices used in local and international forensic practices. The methodology includes primary data collected with questionnaires from commercial forensic practitioner (N = 75) Process users.,This paper identifies the following five distinct categories in the forensic Investigation Process, with sub-Processes, namely, initiation, planning, execution, reporting and reflection.,The study focuses only on the South African members of the Institute of Commercial Forensic Practitioners (ICFP) fraternity in South Africa as the ICFP is a leading body that, through membership, offers a recognised professional qualification in commercial forensics.,An Investigation Process for commercial forensic practitioners in South Africa could be used by the ICFP that would provide a governance structure for the ICFP.,The originality of this paper lies in setting out of an account of forensic accounting Processes and best practices nationally and internationally. The missing knowledge is that no such research is known to have been conducted in South Africa. Currently, to the authors’ knowledge, no formalised Investigation Process exists. The contribution of the study is that by using an Investigation Process, it may enhance the quality of forensic Investigations and contribute to the successful Investigation and prosecution of commercial crime in South Africa that will be beneficial to all stakeholders.
Aleksandar Valjarevic - One of the best experts on this subject based on the ideXlab platform.
-
ISO/IEC 27043:2015 — Role and application
2016 24th Telecommunications Forum (TELFOR), 2016Co-Authors: Aleksandar Valjarevic, Ranko PetrovićAbstract:In order for digital evidence from a digital forensic Investigation to be admissible, one needs to follow a formalised and ideally standardised Process. The authors' previous research and initiative within ISO resulted in a new international standard ISO/IEC 27043:2015, titled “Information technology - Security techniques - Incident Investigation principles and Processes” as published in March 2015. The standard governs the digital forensic Investigation Process and covers it from a wide angle, while harmonising existing Process models in this field. In this paper, the authors give an analysis of both the standard itself and of related standards so as to enable the reader to understand the ecosystem of standards relating to the digital forensic Investigation Process and role of ISO/IEC 27043:2015.
-
ISSA - Evaluation and analysis of a software prototype for guidance and implementation of a standardized digital forensic Investigation Process
2015 Information Security for South Africa (ISSA), 2015Co-Authors: Melissa Ingels, Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital forensic Investigation requires a standardized and formalized Process to be followed. The authors have contributed to the creation of an international standard on digital forensic Investigation Process, namely ISO/IEC 27043:2015, which was published in 2015. However, currently, there exists no application that would guide a digital forensic investigator to implement such a standardized Process. The prototype of such an application has been developed by the authors and presented in their previous work. The prototype is in the form of a software application which has two main functionalities. The first functionality is to act as an expert system that can be used for guidance and training of novice investigators. The second functionality is to enable reliable logging of all actions taken within the Investigation Processes, enabling the validation of use of a correct Process. The benefits of such a prototype include possible improvement in efficiency and effectiveness of an Investigation and easier training of novice investigators. The last, and possibly most important benefit, includes that higher admissibility of digital evidence will be possible due to the fact that it will be easier to show that the standardized Process was followed. This paper presents an evaluation of the prototype. Evaluation was performed in order to measure the usability and the quality of the prototype software, as well as the effectiveness of the prototype. The evaluation of the prototype consisted of two main parts. The first part was a software usability evaluation, which was performed using the Software Usability Measurement Inventory (SUMI), a reliable method of measuring software usability and quality. The second part of evaluation was in a form of a questionnaire set up by the authors, with the aim to evaluate whether the prototype meets its goals. The results indicated that the prototype reaches most of its goals, that it does have intended functionalities and that it is realatively easy to learn and use. Areas of improvement and future work were also identified in this work.
-
A Comprehensive and Harmonized Digital Forensic Investigation Process Model
Journal of Forensic Sciences, 2015Co-Authors: Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital forensic Investigation (DFI) requires a standardized and formalized Process. There is currently neither an international standard nor does a global, harmonized DFI Process (DFIP) exist. The authors studied existing state-of-the-art DFIP models and concluded that there are significant disparities pertaining to the number of Processes, the scope, the hierarchical levels, and concepts applied. This paper proposes a comprehensive model that harmonizes existing models. An effort was made to incorporate all types of Processes proposed by the existing models, including those aimed at achieving digital forensic readiness. The authors introduce a novel class of Processes called concurrent Processes. This is a novel contribution that should, together with the rest of the model, enable more efficient and effective DFI, while ensuring admissibility of digital evidence. Ultimately, the proposed model is intended to be used for different types of DFI and should lead to standardization.
-
Introduction of concurrent Processes into the digital forensic Investigation Process
Australian Journal of Forensic Sciences, 2015Co-Authors: Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital forensic Investigation requires a formalised Process to be followed. It also requires that certain principles are applied, such as preserving of digital evidence and documenting actions. The need for a harmonised and standardised digital forensic Investigation Process has been recognised in the digital forensics community and much scientific work has been undertaken to produce digital forensic Investigation Process models, albeit with many disparities within the different models. The problem is that these existing models do not include any Processes dealing explicitly with concurrent digital forensic principles. This leaves room for human error and omissions, as there is a lack of clear guidelines on the implementation of digital forensic principles. This paper proposes the introduction of concurrent Processes into the digital forensic Investigation Process model. The authors define concurrent Processes as the actions that should be conducted in parallel with other Processes within th...
-
Evaluation and analysis of a software prototype for guidance and implementation of a standardized digital forensic Investigation Process
2015 Information Security for South Africa (ISSA), 2015Co-Authors: Melissa Ingels, Aleksandar Valjarevic, Hein S. VenterAbstract:Performing a digital forensic Investigation requires a standardized and formalized Process to be followed. The authors have contributed to the creation of an international standard on digital forensic Investigation Process, namely ISO/IEC 27043:2015, which was published in 2015. However, currently, there exists no application that would guide a digital forensic investigator to implement such a standardized Process. The prototype of such an application has been developed by the authors and presented in their previous work. The prototype is in the form of a software application which has two main functionalities. The first functionality is to act as an expert system that can be used for guidance and training of novice investigators. The second functionality is to enable reliable logging of all actions taken within the Investigation Processes, enabling the validation of use of a correct Process. The benefits of such a prototype include possible improvement in efficiency and effectiveness of an Investigation and easier training of novice investigators. The last, and possibly most important benefit, includes that higher admissibility of digital evidence will be possible due to the fact that it will be easier to show that the standardized Process was followed. This paper presents an evaluation of the prototype. Evaluation was performed in order to measure the usability and the quality of the prototype software, as well as the effectiveness of the prototype. The evaluation of the prototype consisted of two main parts. The first part was a software usability evaluation, which was performed using the Software Usability Measurement Inventory (SUMI), a reliable method of measuring software usability and quality. The second part of evaluation was in a form of a questionnaire set up by the authors, with the aim to evaluate whether the prototype meets its goals. The results indicated that the prototype reaches most of its goals, that it does have intended functionalities and that it is realatively easy to learn and use. Areas of improvement and future work were also identified in this work.
