Abstract
Securing digital evidence is a key factor that contributes to evidence admissibility during digital forensic investigations, particularly in establishing the chain of custody of digital evidence. However, not enough is done to ensure that the environment and access to the evidence are secure. Attackers can go to extreme lengths to cover up their tracks, which is a serious concern to digital forensics – particularly digital forensic readiness. If an attacker gains access to the location where evidence is stored, they could easily alter the evidence (if not remove it altogether). Even though integrity checks can be performed to ensure that the evidence is sound, the collected evidence may contain sensitive information that an attacker can easily use for other forms of attack. To this end, this paper proposes a model for securely storing digital evidence captured pre- and post-incident to achieve reactive forensics. Various components were considered, such as integrity checks, environment sandboxing, strong encryption, two-factor authentication, as well as unique random file naming. A proof-of-concept tool was developed to realize this model and to prove its validity. A series of tests were conducted to check for system security, performance, and requirements validation, Overall, the results obtained showed that, with minimal effort, securing forensic artefacts is a relatively inexpensive and reliable feat. This paper aims to standardize evidence storage, practice high security standards, as well as remove the need to create new systems that achieve the same purpose.
Highlights
The upsurge in cyber-attacks and data exploitation has made the need for digital investigations paramount [1]–[3].Standardization and adherence to best practices have become essential to ensure the least amount of human error causing inadmissible evidence [4], [5]
Digital forensic readiness (DFR) as defined by Tan [13] is the ability of an organization to maximize its evidence collection mechanisms whilst aiming to reduce the costs involved in collection [13]
The platform was evaluated and shown to render good performance, despite having to go through all the forensic processes defined by the proposed model (SecureRS)
Summary
The upsurge in cyber-attacks and data exploitation has made the need for digital investigations paramount [1]–[3].Standardization and adherence to best practices have become essential to ensure the least amount of human error causing inadmissible evidence [4], [5]. Digital forensic readiness (DFR) as defined by Tan [13] is the ability of an organization to maximize its evidence collection mechanisms whilst aiming to reduce the costs involved in collection [13]. To achieve DFR, potential digital evidence collection needs to take place before an incident can occur. The. ISO/IEC 27043 international standard [14] defines a more robust guideline about the traditional digital investigation processes as well as high-level readiness processes. ISO/IEC 27043 international standard [14] defines a more robust guideline about the traditional digital investigation processes as well as high-level readiness processes This encompasses five processes, namely readiness, initialization, acquisition, investigative, and concurrent processes [14].
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
