Guidelines for recognize, collect, extract, protect, and report digital evidence
Abstract:
The different phases of the digital evidence management process can result in a complex and difficult task to perform in a practical way due to the nature of the evidence itself. In this paper we propose a simplified but not less exhaustive methodology based on international standards of common use to recognize, collect, extract, protect and report on the digital evidence found in the scene of a computer incident. All actions taken by computer experts must be preceded by a written authorization allowing the identification of evidence. Digital evidence is then identified based on the circumstances, within a given policy. Then the objective tests are preserved and the results are reported. The digital tests obtained through the application of the methodology are verifiable, integrated and reliable. The methodology proposed here was applied in an educational institution with the purpose of verifying its validity. Although the work performed conforms to a specific legal regulation, the fact of being supported by international computer security standards, allows it to be adapted to other legal regulations of different countries.
Año de publicación:
2018
Keywords:
- Computer forensics
- Digital evidence
- CYBERCRIME
- informatic security
- incident
Fuente:
scopusTipo de documento:
Conference Object
Estado:
Acceso restringido
Áreas de conocimiento:
- Ciencias de la computación
Áreas temáticas de Dewey:
- Funcionamiento de bibliotecas y archivos
- Otros problemas y servicios sociales
- Programación informática, programas, datos, seguridad
Procesado con IAObjetivos de Desarrollo Sostenible:
- ODS 16: Paz, justicia e instituciones sólidas
- ODS 4: Educación de calidad
- ODS 9: Industria, innovación e infraestructura
Procesado con IA