CONSIDERATIONS FOR E-FORENSICS: INSIGHTS INTO IMPLICATIONS OF UNCOORDINATED TECHNICAL, ORGANISATIONAL AND LEGAL RESPONSES TO ILLEGAL OR INAPPROPRIATE ON-LINE BEHAVIOURS
DOI:
https://doi.org/10.47839/ijc.4.2.333Keywords:
Behaviour, Computer Misuse, e-Crime, e-Forensics, e-Security, Law, PrivacyAbstract
The growing incidence of e-crime and computer misuse has increased demand for effective defensive and offensive solutions. Most responses have tended to focus on discrete sets of technical, organisational or legal challenges, but there is increasing recognition of the need for more integrated solutions that balance security, individual privacy and the generation of legally admissible digital evidence. More importantly, there is also proof to indicate that these fragmented approaches are impairing their own effectiveness due to the inter-relatedness of challenges faced. This research paper adopts an e-forensic approach to examine the links between technical, organisational and legal responses to the challenges posed by illegal or inappropriate on-line behaviour. The paper acknowledges some of the numerous challenges that remain unresolved in each approach and argues that future developments must be focused on integrated and balanced solutions that are calibrated to address the dynamic and multi-faceted nature of the forensic computing domain.References
D. E. Denning, Activism, Hacktivism, and Cyberterrorism: The Internet as a Tool for Influencing Foreign Policy, 1999.
B. Etter, Evaluating the Capacity to Respond to E-Crime, Australasian Centre For Policing Research, 2000.
B. Etter, Working in Partnership: The Australasian Response to Electronic Crime, Australasian Centre For Policing Research, 2000.
B. Etter, The Challenges of E-Crime for Australasian Law Enforcement, Australasian Centre For Policing Research, 2000.
Australian Computer Emergency Response Team, The Australian Computer Crime and Security Survey 2004, 2004.
B. Etter, The Forensic Challenges of E-Crime, Australasian Centre For Policing Research, 2001.
V. Broucek and P. Turner, Forensic Computing: Developing a Conceptual Approach for an Emerging Academic Discipline, in H. Armstrong, ed., 5th Australian Security Research Symposium, School of Computer and Information Sciences, Faculty of Communications, Health and Science, Edith Cowan University, Western Australia, Perth, Australia, 2001, pp. 55-68.
V. Broucek and P. Turner, Forensic Computing: Developing a Conceptual Approach in the Era of Information Warfare, Journal of Information Warfare, 1 (2001), pp. 95-108.
M. Hannan, S. Frings, V. Broucek and P. Turner, Forensic Computing Theory & Practice: Towards developing a methodology for a standardised approach to Computer misuse, in S.-A. Kinght, ed., 1st Australian Computer, Network & Information Forensics Conference, Perth, WA, Australia, 2003.
M. Hannan, P. Turner and V. Broucek, Refining the Taxonomy of Forensic Computing in the Era of E-crime: Insights from a Survey of Australian Forensic Computing Investigation (FCI) Teams., 4th Australian Information Warfare and IT Security Conference, Adelaide, SA, Australia, 2003, pp. 151-158.
V. Broucek, P. Turner and S. Frings, Music piracy, universities and the Australian Federal Court: Issues for forensic computing specialists, Computer Law & Security Report, 21 (2005), pp. 30-37.
M. Hannan and P. Turner, The Last Mile: Applying Traditional Methods for Perpetrator Identification in Forensic Computing Investigations, 3rd European Conference on Information Warfare and Security, Royal Holloway, University of London, 2004.
A. Rathmell and L. Valeri, Handbook of Legislative Procedures of Computer and Network Misuse in EU Countries, 2003.
V. Broucek and P. Turner, Intrusion Detection: Issues and Challenges in Evidence Acquisition, International Review of Law, Computers and Technology, 18 (2004), pp. 149-164.
V. Broucek and P. Turner, Risks and Solutions to problems arising from illegal or Inappropriate On-line Behaviours: Two Core Debates within Forensic Computing., in U. E. Gattiker, ed., EICAR Conference Best Paper Proceedings, EICAR, Berlin, Germany, 2002, pp. 206-219.
P. Sommer, Intrusion Detection Systems as Evidence, Recent Advances in Intrusion Detection - RAID'98, Louvain-la-Neuve, Belgium, 1998.
P. Sommer, Digital Footprints: Assessing Computer Evidence, Criminal Law Review Special Edition (1998), pp. 61-78.
P. Sommer, Intrusion Detection Systems as Evidence, Computer Networks, 31 (1999), pp. 2477-2487.
A. Arona, D. Bruschi and E. Rosti, Adding availability to log services of untrusted machines, 15th Annual Computer Security Applications Conference (ACSAC'99), IEEE Comput. Soc, Los Alamitos, CA, USA, Phoenix, AZ, USA, 1999, pp. 199-206.
M. Handley, V. Paxson and C. Kreibich, Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics, 10th USENIX Security Symposium, Washington, DC, USA, 2001.
J. Biskup and U. Flegel, On Pseudonymization of Audit Data for Intrusion Detection, Workshop on Design Issues in Anonymity and Unobservability, Springer-Verlag, Berlin, Heidelberg, Berkeley, California, 2000, pp. 161-180.
J. Biskup and U. Flegel, Transaction-Based Pseudonyms in Audit-Data for Privacy Respecting Intrusion Detection, Third International Workshop on Recent Advances in Intrusion Detection (RAID 2000), Springer-Verlag, Berlin, Heidelberg, Toulouse, France, 2000, pp. 28-48.
J. Biskup and U. Flegel, Threshold-Based Identity Recovery for Privacy Enhanced Applications, 7th ACM Conference on Computer and Communications Security (CCS 2000), ACM, Athens, Greece, 2000, pp. 71-79.
E. Lundin, Anomaly-based intrusion detection: privacy concerns and other problems, Computer Networks, 34 (2000), pp. 623-640.
E. Lundin and E. Jonsson, Privacy vs Intrusion Detection Analysis, The 2nd International Workshop on Recent Advances in Intrusion Detection (RAID'99), Lafayette, Indiana, USA, 1999.
H. Kvarnstrom, E. Lundin and E. Jonsson, Combining fraud and intrusion detection - meeting new requirements, The fifth Nordic Workshop on Secure IT systems (NordSec2000), Reykjavik, Iceland, 2000.
M. Sobirey, S. Fischer-Hubner and K. Rannenberg, Pseudonymous audit for privacy enhanced intrusion detection, in L. Yngstrom and J. Carlsen, eds., IFIP TC11 13th International Conference on Information Security (SEC'97), Chapman & Hall, London, UK, Copenhagen, Denmark, 1997, pp. 151-163.
V. Broucek and P. Turner, E-mail and WWW browsers: A Forensic Computing perspective on the need for improved user education for information systems security management., in M. Khosrow-Pour, ed., 2002 Information Resources Management Association International Conference, IDEA Group, Seattle Washington, USA, 2002, pp. 931-932.
M. T. Dishaw, Monitoring Internet Use In the Workplace: Caution is Advised, in M. Khosrow-Pour, ed., 2002 Information Resources Management Association International Conference, Idea Group Publishing, Seattle, WA, USA, 2002, pp. 175-178.
V. Broucek and P. Turner, Computer Incident Investigations: e-forensic Insights on Evidence Acquisition, in U. E. Gattiker, ed., EICAR Conference Best Paper Proceedings, EICAR, Luxembourg, Grand Duchy of Luxembourg, 2004.
V. Broucek and P. Turner, Bridging the Divide: Rising Awareness of Forensic Issues amongst Systems Administrators, 3rd International System Administration and Networking Conference, Maastricht, The Netherlands, 2002.
V. Broucek, S. Frings and P. Turner, The Federal Court, the Music Industry and the Universities: Lessons for Forensic Computing Specialists, in C. Valli and M. Warren, eds., 1st Australian Computer, Network & Information Forensics Conference, Perth, WA, Australia, 2003.
Downloads
Published
How to Cite
Issue
Section
License
International Journal of Computing is an open access journal. Authors who publish with this journal agree to the following terms:• Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
• Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
• Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
