TY - GEN
T1 - Use of organisational topologies for forensic investigations
AU - Grispos, George
AU - Hanvey, Sorren
AU - Nuseibeh, Bashar
N1 - Funding Information:
ACKNOWLEDGMENTS This research is partially supported by SFI Grant No. 13/RC/2094 and ERC Advanced Grant. No. 291652 (ASAP),
Publisher Copyright:
© 2017 Association for Computing Machinery.
PY - 2017/9/4
Y1 - 2017/9/4
N2 - In today’s highly regulated business environment, it is becoming increasingly important that organisations implement forensic-ready systems and architectures to aid the investigation of security incidents and data breaches. Previously, different solutions have been proposed for implementing forensic readiness within organisations. One of these solutions is that organisations implement an organisational structure that takes into consideration digital forensics by establishing roles and responsibilities to assist with investigations. However, no previous research has defined how this can actually be accomplished within an organisation. In this paper, we put forth the idea of using the topology of an organisation’s structure to define the roles and responsibilities to assist with handling a forensic investigation. In the past, the role of topology has been examined from various perspectives, including software engineering. We draw on this previous research and use the topological properties of containment, proximity and reachability in order to define a representation of the organisational structure that takes into consideration digital forensics. For example, topology can be used to express and provide a context regarding the location of assets that need to be investigated, as well as the individuals, whose assistance is required to investigate such assets. Furthermore, knowing the topology of an organisation’s structure can also assist investigators identify stakeholders that could be of interest to an investigation, based on their relationship to the asset(s) under investigation.
AB - In today’s highly regulated business environment, it is becoming increasingly important that organisations implement forensic-ready systems and architectures to aid the investigation of security incidents and data breaches. Previously, different solutions have been proposed for implementing forensic readiness within organisations. One of these solutions is that organisations implement an organisational structure that takes into consideration digital forensics by establishing roles and responsibilities to assist with investigations. However, no previous research has defined how this can actually be accomplished within an organisation. In this paper, we put forth the idea of using the topology of an organisation’s structure to define the roles and responsibilities to assist with handling a forensic investigation. In the past, the role of topology has been examined from various perspectives, including software engineering. We draw on this previous research and use the topological properties of containment, proximity and reachability in order to define a representation of the organisational structure that takes into consideration digital forensics. For example, topology can be used to express and provide a context regarding the location of assets that need to be investigated, as well as the individuals, whose assistance is required to investigate such assets. Furthermore, knowing the topology of an organisation’s structure can also assist investigators identify stakeholders that could be of interest to an investigation, based on their relationship to the asset(s) under investigation.
KW - Forensic Readiness
KW - Organisational Structures
KW - Topology
UR - http://www.scopus.com/inward/record.url?scp=85052904625&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85052904625&partnerID=8YFLogxK
U2 - 10.1145/3121252.3121253
DO - 10.1145/3121252.3121253
M3 - Conference contribution
AN - SCOPUS:85052904625
SN - 9781450351560
T3 - SERF 2017 - Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics, Co-located with FSE 2017
SP - 2
EP - 5
BT - SERF 2017 - Proceedings of the 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics, Co-located with FSE 2017
A2 - Alrajeh, Dalal
A2 - Pasquale, Liliana
PB - Association for Computing Machinery, Inc
T2 - 1st ACM SIGSOFT International Workshop on Software Engineering and Digital Forensics, SERF 2017 - 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on theFoundations of Software Engineering, ESEC/FSE 2017
Y2 - 4 September 2017
ER -