Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field

• For every contact that is made in a database, a digital trace will potentially be left and most of the database breaches are mostly aimed at defeating the major security goals (Confidentiality, Integrity, and Authenticity) of data that reside in the database. In order to prove/refute a fact during litigation, it is important to identify suitable investigation techniques that can be used to link a potential incident/suspect to the digital crime. As a result, this paper has proposed suitable steps of constructing and Integrated Incident Response Model (IIRM) that can be relied upon in the database forensic investigation field. While developing the IIRM, design science methodology has been adapted and the outcome of this study has shown significant and promising approaches that could be leveraged by digital forensic experts, legal practitioners and law enforcement agencies. This is owing to the fact, that IIRM construction has followed incident investigation principles that are stipulated in ISO guidelines.

Ämnesord

SAMHÄLLSVETENSKAP  -- Juridik -- Juridik och samhälle (hsv//swe)

SOCIAL SCIENCES  -- Law -- Law and Society (hsv//eng)

Nyckelord

Database security

database forensics investigation

database incident

pre-incident response

during-incident response

post-incident response

Publikations- och innehållstyp

ref (ämneskategori)

art (ämneskategori)