Skip to main content

Advertisement

SpringerLink
Log in

Winning the Battles, Losing the War? Rethinking Methodology for Forensic Computing Research

  • Original Paper
  • Published:
Journal in Computer Virology Aims and scope Submit manuscript

Abstract

In the last 10 years, Forensic computing (FC) has emerged in response to the challenges of illegal, criminal and other inappropriate on-line behaviours. As awareness of the need for the accurate and legally admissible collection, collation, analysis and presentation of digital data has grown, so has recognition of the challenges this requirement poses for technical, legal and organisational responses to these on-line behaviours. Despite recognition of the multi-dimensional nature of these behaviours and the challenges faced, agreement on coherent frameworks for understanding and responding to these issues, their impacts and their interrelationships appears to remain a long way off. As a consequence, while significant advances have been made within technical, organisational and legal ‘solution centred paradigms’, the net result appears to be a case of ‘winning the battles but losing the war’ on computer misuse and e-crime. This paper examines this situation and reflects on its implications for academic researchers’ methodological approach to understanding and responding to these challenges. This paper suggests the need to reconceptualise the term ‘solution’ and advocates an additional methodological step, (that it is anticipated will generate data) for the development of a framework to map the value propositions of, and interrelationships between the individual sets of responses within the dynamically evolving FC landscape. By exposing issues, responses and underlying assumptions it is anticipated that this will improve the possibility of calibrated responses that more effectively and coherently balance the interests for security, privacy and legal admissibility.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Baryamureeba V., Tushabe F. (2004) The Enhanced Digital Investigation Process Model. Makerere University Institute of Computer Science, Uganda

    Google Scholar 

  2. Broucek, V., Frings, S., Turner, P. The Federal Court, the Music Industry and the Universities: Lessons for forensic computing specialists. In: Valli, C., Warren M., (eds). 1st Australian Computer, Network and Information Forensics Conference, Perth, WA, Australia (2003)

  3. Broucek, V., Turner, P. Bridging the divide: rising awareness of forensic issues amongst systems administrators. In: 3rd International System Administration and Networking Conference, Maastricht, The Netherlands (2002)

  4. Broucek, V., Turner, P. Computer incident investigations: e-forensic insights on evidence acquisition. In: Gattiker, U.E. (ed.) EICAR Conference Best Paper Proceedings, EICAR, Luxembourg, Grand Duchy of Luxembourg (2004)

  5. Broucek, V., Turner, P. E-mail and WWW browsers: a forensic computing perspective on the need for improved user education for information systems security management. In: Khosrow-Pour, M. (ed.) 2002 Information Resources Management Association International Conference, pp. 931–932. IDEA Group, Seattle, Washington, USA (2002)

  6. Broucek, V., Turner, P. A forensic computing perspective on the need for improved user education for information systems security management. In: Azari, R., (ed.) Current Security Management Ethical Issues of Information Technology, IGP/INFOSCI/IRM Press, Hershey, PA, USA (2003)

  7. Broucek, V., Turner, P.: Forensic computing: developing a conceptual approach for an emerging academic discipline. In: Armstrong, H. (ed.). 5th Australian Security Research Symposium, pp. 55–68 School of Computer and Information Sciences, Faculty of Communications, Health and Science, Edith Cowan University, Western Australia, Perth, Australia (2001)

  8. Broucek V., Turner P. (2001) forensic computing: developing a conceptual approach in the era of information warfare. J. Inf. Warf. 1, 95–108

    Google Scholar 

  9. Broucek, V., Turner, P. intrusion detection systems: issues and challenges in evidence acquisition. In: CTOSE Conference, Facultés Universitaires Notre-Dame De la Paix, Namur, Belgium (2003)

  10. Broucek, V., Turner, P. intrusion detection: forensic computing insights arising from a case study on SNORT. In: Gattiker, U.E. (ed.) EICAR Conference Best Paper Proceedings, EICAR, Copenhagen, Denmark (2003)

  11. Broucek V., Turner P. (2004) intrusion detection: issues and challenges in evidence acquisition. Int. Rev. Law, Comput. Technol. 18, 149–164

    Article  Google Scholar 

  12. Broucek, V., Turner, P.Riding furiously in all directions implications of uncoordinated technical, organisational and legal responses to illegal or inappropriate on-line behaviours. In: Turner, P., Broucek, V., (eds). EICAR 2005 Conference Best Paper Proceedings, pp. 190–203 EICAR, Saint Julians, Malta, (2005)

  13. Broucek, V., Turner, P. risks and solutions to problems arising from illegal or inappropriate on-line behaviours: two core debates within forensic computing. In: Gattiker, U. E. (ed.) EICAR Conference Best Paper Proceedings, pp. 206–219. EICAR, Berlin, Germany, (2002)

  14. Broucek V., Turner P., Frings S. (2005) Music piracy, universities and the Australian Federal Court: issues for forensic computing specialists. Comput. Security Rep. 21, 30–37

    Article  Google Scholar 

  15. Carrier B.D., Spafford E.H. Getting physical with the digital investigation Process, Int. J. Digit. Evidence 2, (2003)

  16. Ciardhuáin, S.Ó. An extended model of cybercrime investigation. Int. J. Digit. Evidence 3, (2004)

  17. CTOSE: CTOSE Project Final Results (2003)

  18. Denning, D. E. Description of Key Escrow System (1997)

  19. Denning, D. E.; Branstad, D. K. A taxonomy for key escrow encryption systems. Commun. ACM 39, (1996)

  20. Doolin B. (1996) Alternative views of case research in information systems. Aust. J. Inf. Syst. 3, 21–29

    Google Scholar 

  21. Farmer, D., Venema, W. Murder on the Internet Express (1999)

  22. Filiol, E. Personal communication (2006)

  23. Glaser, B. G., Strauss, A. The Discovery of Grounded Theory: Strategies for Qualitative Research. Aldine Pub. Co., Chicago (1967)

  24. Hanks, P. (ed.) The Collins Australian Pocket Dictionary of the English Language, HarperCollins Publishers (1991)

  25. Hannan, M., Frings, S., Broucek, V., Turner, P. Forensic computing theory and practice: towards developing a for a standardised approach to computer misuse. In: Kinght, S.-A. (ed.). 1st Australian Computer, Network and Information Forensics Conference, Perth, WA, Australia (2003)

  26. Hannan, M., Turner, P., Broucek, V. Refining the taxonomy of forensic computing in the era of E-crime: insights from a survey of Australian Forensic Computing Investigation (FCI) Teams. 4th Australian Information Warfare and IT Security Conference, Adelaide, SA, Australia, 151–158 (2003)

  27. Leroux, O., Pérez Asinari, M. V. Collecting and producing electronic evidence in cybercrime cases. In: CTOSE Conference, Facultés Universitaires Notre-Dame De la Paix, Namur, Belgium (2003)

  28. McKemmish, R. What is forensic computing. Trends and issues in crime and criminal justice (1999)

  29. Palmer, G. A Road Map for Digital Forensic Research: Report from the First Digital Forensic Research Workshop (DFRWS), Utica, New York (2001)

  30. Reith, M., Carr, C., Gunsch, G. An examination of digital forensic models; Int. J. Digit. Evidence 1, (2002)

  31. Reno, J. Law enforcement in cyberspace address. In: Denning, D. E., Denning, P. J. (eds). Internet Besieged: Countering Cyberspace Scofflaws, pp. 439–447. ACM Press (1996)

  32. Sato O., Broucek V., Turner P. (2005) Electronic evidence management for computer incident investigations: a prospect of CTOSE. Security Manage. 18, 11–18

    Google Scholar 

  33. Strauss, A., Corbin, J. M. Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications, Thousand Oaks (1998)

  34. Urry, R., Mitchison, N. CTOSE Project. Electronic evidence: gathering, securing, integrating, presenting. In: CTOSE Conference. Facultés Universitaires Notre-Dame De la Paix, Namur, Belgium (2003)

  35. Venema, W., Farmer, D. SATAN (Security Administrator Tool for Analyzing Networks) (1995)

  36. Verreck, P. Case study – vindictive e-mail. Int. J. Forensic Comput. (2000) http://www.forensic-computing.com/ archives/vind.html

  37. Verreck, P. Presenting the evidence. Int. J. Forensic Comput. (2000) http://www.forensic-computing.com/archives/present. html

  38. Zimmerman, P. A note to PGP users (2001)

  39. Zimmerman, P. Testimony of Philip R. Zimmerman to the Subcommittee on Science, Technology, and Space of the US Senate Committee on Commerce, Science, and Transportation (1996)

Download references

Author information

Authors and Affiliations

  1. School of Information Systems, University of Tasmania, Private Bag 87, Hobart, TAS, 7001, Australia

    Vlasti Broucek & Paul Turner

Authors
  1. Vlasti Broucek
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paul Turner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vlasti Broucek.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Broucek, V., Turner, P. Winning the Battles, Losing the War? Rethinking Methodology for Forensic Computing Research. J Comput Virol 2, 3–12 (2006). https://doi.org/10.1007/s11416-006-0018-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-006-0018-9

Keywords

Search

Navigation