Abstract
Digital forensics is the application of techniques to recover, reconstruct and analyze data from a computer or a similar system in order to gather digital evidence (e.g. on a suspicious employee or for law enforcement). Guidelines and standards for forensic investigations exist (e.g. NIST SP800-86), but do not cover Enterprise Rights Management (ERM), where data is usually encrypted and therefore inaccessible without knowing the cryptographic key. This paper explores forensic techniques for ERM systems and develops application specific guidelines for forensic investigations targeting Microsoft Active Directory Rights Management Services (RMS) and Adobe LiveCycle Rights Management. Moreover, we illustrate the important role of database forensics for investigations in ERM systems and finally show that with Microsoft's ERM solution no secure, centrally-managed revocation of specific documents in order to prevent digital forensics is feasible.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
