Abstract
Forensic investigations on networks are not scalable in terms of time and money [1]. Those investigations that do occur consume months of attention from the very experts who should be investing in more productive activities, like designing and improving network performance [1]. Given these circumstances, organizations often must select which cases to pursue, ignoring many that could be prosecuted, if time allowed. Recognizing the exponential growth in the number of crimes that employ computers and networks that become subject to digital evidence procedures, researchers and practitioners, alike, have called for embedding forensics—essentially integrating the cognitive skills of a detective into the network [2, 3, 4]. The premise is that the level of effort required to document incidents can thus be reduced, significantly. This paper introduces what technical factors might reflect those detecting skills, leading to solutions that could offset the inefficiencies of current practice.
Chapter PDF
Similar content being viewed by others
References
Endicott-Popovsky, B.E., Ryan, D., Frincke, D.: The New Zealand Hacker Case: A Post Mortem. In: Proceedings Safety and Security in a Networked World: Balancing Cyber-Rights & Responsibilities, Oxford Internet Institute, Oxford, England (September 2005), Retrieved from the World Wide Web: http://www.oii.ox.ac.uk/research/cybersafety/?view=papers
Tan, J.: Forensic Readiness, @Stake, Cambridge, MA (2001)
Dittrich, D., Endicott-Popovsky, B.E.: INFO498 Introduction to Computer Security Incident Response, University of Washington, Seattle, WA (Fall, 2003)
Rowlinson, R.: Ten Steps to Forensic Readiness. International Journal of Digital Evidence 23(3) (Winter 2004)
Endicott-Popovsky, B.E., Chee, B., Frincke, D.: Role of Calibration as Part of Establishing Foundation for Expert Testimony. In: Proceedings 3rd Annual IFIP WG 11. Orlando, FL (January 2007)
Lawson, M, Lawson R.: Expert Witness Testimony. Global CompuSearch, LLC, Spokane, WA (2000-2003)
CSI/FBI: CSI/FBI Computer Crime and Security Survey, Computer Security Institute, San Francisco, CA (2005)
Bailey, K.: Trouble in Cyberspace: Why this Conference is Important, NWSec, Seattle, WA (February 2007), Retrieved from the World Wide Web http://students.washington.edu/greyhat/mainsec.html
Gates, P.: Seminar in Data Security, Seattle, WA (March 2005)
NIST: Computer Forensics Tool Testing (CFTT) Project, Retrieved from the World Wide Web: http://www.cftt.nist.gov/
Endicott-Popovsky, B.E., Frincke, D.: Adding the Fourth ’R’: A Systems Approach to Solving the Hacker’s Arms Race. In: Hawaii International Conference on System Sciences (HICSS) 39 Symposium: Skilled Human-intelligent Agent Performance: Measurement, Application and Symbiosis, Kauai, HI, (January 2006). Retrieved from the World Wide Web: http://www.itl.nist.gov/iaui/vvrg/hicss39/4_r_s_rev_3_HICSS_2006.doc
Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivable Network Systems: An Emerging Discipline. CMU/SEI 97-TR-013, Software Engineering Institute, Carnegie-Mellon University, Pittsburgh, PA (May 1999)
Mocas, S.: Building Theoretical Underpinnings for Digital Forensics Research. Compsec Online: Digital Investigations 1(1) (2003)
Endicott-Popovsky, B., Frincke, D.: Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations. In: Proceedings Seventh IEEE Systems, Man and Cybernetics Information Assurance Workshop, pp.133–139. United States Military Academy, West Point, NY (June 2006)
Grance, T., Hash, J., Stevens, M.: Security Considerations in the Information System Development Life Cycle. U.S. Department of Commerce, NIST Special Publication, pp. 800–864 (2004)
Bailey, K., Winn, J.: Personal Interviews (March 2006)
Yasinsac, A., Manzano, Y.: Policies to Enhance Computer and Network Forensics. In: Proceedings 2001 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, NY (June 2001)
Wolfe-Wilson, J., Wolfe, H.B.: Management Strategies for Implementing Forensic Security Measures (electronic version). Information Security Technical Report 8(2), 55–64 (2003)
Carrier, B., Spafford, E.: Getting Physical with the Digital Investigation Process [electronic version]. International Journal of Digital Evidence 2(2) (Fall 2003)
Endicott-Popovsky, B.E., Fluckiger, J.D., Frincke, D.A.: Establishing Tap Reliability in Expert Witness Testimony: Using Scenarios to Identify Calibration Need. In: Proceedings 2nd International Workshop on Systematic Approaches to Digital Forensic Engineering, Seattle, WA, (April 2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Endicott-Popovsky, B., Frincke, D.A. (2007). Embedding Hercule Poirot in Networks: Addressing Inefficiencies in Digital Forensic Investigations. In: Schmorrow, D.D., Reeves, L.M. (eds) Foundations of Augmented Cognition. FAC 2007. Lecture Notes in Computer Science(), vol 4565. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-73216-7_41
Download citation
DOI: https://doi.org/10.1007/978-3-540-73216-7_41
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-73215-0
Online ISBN: 978-3-540-73216-7
eBook Packages: Computer ScienceComputer Science (R0)