An extended digital forensic readiness and maturity model

Abstract

Digital forensics readiness (DFR) is an important part of the growing forensic domain. Research on DFR has been given little attention, while available DFR models have focused on theoretical investigations with inadequate input from practicing information security experts in the industry. Using feedback from practicing forensic experts in the industry and academia, this research investigates the structure required to implement and manage digital forensic readiness (DFR) within an enterprise. The research extended the DFR Commonalities framework (DFRCF) and utilised the structure to design a digital forensic maturity assessment model (DFMM) that will enable organisations to assess their forensic readiness and security incident responses. A combination of qualitative and research design approaches was utilised to perform a comparative analysis of various DFR frameworks. A top-down design approach was utilised in developing the DFMM model which was validated with forensic practitioners and academics through semi-structured interviews. The structure extracted from DFR frameworks was practical since most participants agreed with the structure of the extended DFRCF and the matrix of the maturity model.Overall, key changes were introduced to enhance both the extended DFRCF and the DFMM. The study was limited to participants who have a forensic footprint and are knowledgeable about DFR. This paper thereby provides practitioners, academics and organisations with access to a non-propriety DFMM maturity model.