# Are You Ready? Towards the Engineering of Forensic-Ready Systems

**Authors:** George Grispos, Jesus Garcia-Galan, Liliana Pasquale, Bashar, Nuseibeh

arXiv: 1705.03250 · 2017-05-16

## TL;DR

This paper investigates how organizations incorporate forensic requirements into system development, comparing traditional policies with forensic-by-design approaches, and identifies challenges in engineering forensic-ready systems.

## Contribution

It provides an initial assessment of forensic requirements consideration in organizations and highlights research challenges in engineering forensic-ready systems.

## Key findings

- Organizations vary in considering forensic requirements during development.
- Forensic-by-design is underutilized in practice.
- Several research challenges remain in engineering forensic-ready systems.

## Abstract

As security incidents continue to impact organisations, there is a growing demand for systems to be 'forensic ready'- to maximise the potential use of evidence whilst minimising the costs of an investigation. Researchers have supported organisational forensic readiness efforts by proposing the use of policies and processes, aligning systems with forensics objectives and training employees. However, recent work has also proposed an alternative strategy for implementing forensic readiness called forensic-by-design. This is an approach that involves integrating requirements for forensics into relevant phases of the systems development lifecycle with the aim of engineering forensic-ready systems. While this alternative forensic readiness strategy has been discussed in the literature, no previous research has examined the extent to which organisations actually use this approach for implementing forensic readiness. Hence, we investigate the extent to which organisations consider requirements for forensics during systems development. We first assessed existing research to identify the various perspectives of implementing forensic readiness, and then undertook an online survey to investigate the consideration of requirements for forensics during systems development lifecycles. Our findings provide an initial assessment of the extent to which requirements for forensics are considered within organisations. We then use our findings, coupled with the literature, to identify a number of research challenges regarding the engineering of forensic-ready systems.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1705.03250/full.md

## Figures

1 figure with captions in the complete paper: https://tomesphere.com/paper/1705.03250/full.md

## References

33 references — full list in the complete paper: https://tomesphere.com/paper/1705.03250/full.md

---
Source: https://tomesphere.com/paper/1705.03250