[AISWorld] CFP: Organizational Forensic Readiness: The future of digital evidence, theory and practice

[Glenn S. Dardick]

CALL FOR CHAPTERS

Abstract submission deadline: October 31, 2013



Title: Organizational Forensic Readiness: The future of digital evidence, theory and practice



A book edited by Barbara Endicott-Popovsky, Center for Information Assurance and Cybersecurity, University of Washington; Nicolai Kuntze, Carsten Rudolph Fraunhofer SIT, Darmstadt Germany, Dan Ryan, JD;



Introduction



The concept of forensic readiness for a system describes the capability of the system to efficiently collect credible digital evidence that can then be used in legal proceedings. Efficiency for digital forensics has been described in terms of cost since costs tend to be significant especially for systems that are not forensics ready. Credible digital evidence refers to data that has been collected and preserved through a process that does not invalidate the legitimacy of the data.



Forensic readiness is one of the few proposed forensics characteristics discussed in the forensics literature. Forensic readiness was proposed by Tan in 2001 in order to meet two objectives for systems used in digital investigations: 1) Costs should be minimized for incident responses and 2) An environment's ability to collect digital evidence should be maximized. In his original paper on forensic readiness, Tan described many specific techniques for achieving digital forensic readiness including logging techniques, IDS data usage, forensic acquisition and evidence handling.



A later paper describes how forensic readiness can be built into an enterprise forensics program and outlines ten steps to achieving forensic readiness. The main point is that forensic readiness makes sense from a business perspective and can result in cost savings should there be an investigation. Enterprises should be actively collecting potential evidence such as log files, network traffic records, e-mail and telephone records prior to involvement in an investigation.



Others described different aspects of system forensic readiness including policies for enhancing digital forensics readiness, incorporation into existing response plans and making sure forensic readiness leads to sound investigation. Another perspective discusses ensuring that hardware devices used to capture forensic evidence are reliable enough to enforce forensic readiness. As the wide divergence of these studies illustrate, there is no one methodology or approach to enabling forensic readiness within a system or enterprise.

Although the concept of forensic readiness has been circulating for years, only recently are applications appearing in products. With civil and criminal cases relying heavily on digital evidence, it's time to revisit forensic readiness: what does the term mean today? What progress has been made in defining it? What products and systems incorporate forensic readiness concepts in their design?

Please contribute your ideas. Your work will assist in defining the state of the organizational forensic readiness in theory and practice.



Objective of the book



"Title" aims at shedding light on the concept of organizational forensic readiness and, in particular at:

*         Providing comprehensive knowledge of recent major developments of organizational forensic readiness around the world.

*         Analyzing the importance of forensic readiness efforts for organizational governance.


*         Providing insightful analysis about those factors that are critical when designing, implementing and evaluating organizational forensic readiness mitigations including: organizational and technical processes, efficiency and cost issues, reliable and traceable evidence generation, usability, constructing chains of digital evidence, etc.

*         Discussing how contextual factors affect organizational forensic readiness' success or failure.

*         Exploring the existence of theoretical models of organizational forensic readiness.

*         Proposing strategies to move forward and to address future challenges in an international context.

Recommended topics include but are not limited to the following:


*         Requirements for establishing organizational forensic readiness

*         Architectural models for organizational forensic readiness

*         Reference models that inform the development of organizational forensic readiness

*         Cost/liability analysis approaches to justifying organizational forensic readiness

*         Processes that establish organizational forensic readiness

*         Technologies that support organizational forensic readiness

*         Organizational forensic readiness from policy through procedures, technology, and audit

*         The roles of records management and archival science in organizational forensic readiness

It is the intention of the book to include both empirical and theoretical chapters. Regarding the former, case studies from selected countries will be more than welcome. These cases may refer to examples of successful and less successful organizational forensic readiness efforts.

Submission procedure

Researchers and practitioners are invited to submit on or before October 31, 2013, a 2-3 page chapter proposal clearly explaining the mission and concerns of the proposed chapter. Authors of accepted proposals will be notified by November 30, 2013 about the status of their proposals and sent chapter organizational guidelines. Full chapters are expected to be submitted by March 31, 2014. All submitted chapters will be reviewed on a blind review basis. The book is scheduled to be published by Springer in 2015.

Inquiries and submissions can be forwarded electronically to Dr. Barbara Endicott-Popovsky (Endicott at uw.edu).



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aisnet.org/pipermail/aisworld_lists.aisnet.org/attachments/20130720/3e99ba26/attachment.html>