Tesi sul tema "Digital forensic readiness management"

The Internet of Things (IoT) has evolved to be an important part of modern society. IoT devices can be found in several environments such as smart homes, transportation, the health sector, smart cities and even facilitates automation in organisations. The increasing dependence on IoT devices increases the possibility of security incidents in the physical or cyber environment. Traditional methods of digital forensic (DF) investigations are not always applicable to IoT devices due to their limited data processing resources. A possible solution for conducting forensic investigations on IoT devices is to utilise a proactive approach known as digital forensic readiness (DFR). This dissertation firstly aims to conduct a thorough review of the available literature in the current body of knowledge to identify a clear process that can be followed to implement DFR tailored for IoT devices. This dissertation then formulates requirements for DFR in IoT based on existing forensic techniques. The requirements for DFR in IoT give rise to the development of a model for DFR in IoT, which is then implemented in a prototype for IoT devices. The prototype is subsequently tested and evaluated on IoT devices that conduct proactive DFR in a simulation of a smart home system. Finally, the dissertation illustrates the feasibility of the DFR processes for IoT and serves as a basis for future research with regards to DFR in IoT. This dissertation will impact future research with regards to developing a standard for DFR in IoT.
Dissertation (MSc)--University of Pretoria, 2019.
Computer Science
MSc
Unrestricted

Computers play a vital role in the automation of tedious tasks in our everyday lives. With the adoption of the advances in technology, there is a significant increase in the exploitation of security vulnerabilities, particularly in Windows computing environments. These exploitations are mostly carried out by malicious software (malware). Ransomware, a variant of malware which encrypts user files and retains the decryption key for ransom. Ransomware has shown its dominance over the years wreaking havoc to many organizations and users. This global digital epidemic is continuously on the rise with no signs of being eradicated. The current method of mitigation and propagation of malware and its variants, such as anti-viruses, have proven ineffective against most ransomware attacks. Theoretically, Ransomware retains footprints of the attack process in the Windows Registry as well as volatile memory of the infected machine. With the adoption of Digital Forensic Readiness (DFR) processes organizations can better prepare for these types of attacks. DFR provides mechanisms for pro-active collection of digital artifacts. These artifacts play a vital role when a digital investigation is conducted where these artifacts may not be available post-incident. The availability of such artifacts can be attributed to the anti-forensic properties of the ransomware itself cleaning up all the evidence before it can be investigated. Ransomware investigation often to a lengthy process because security researchers need to disassemble and reverse engineer the ransomware in order to find a inherit flaw in the malware. In some cases, the ransomware is not available post-incident which makes it more difficult. Therefore, study proposed a framework with the integration of DFR mechanisms as a process to mitigate ransomware attacks whilst maximizing Potential Digital Evidence (PDE) collection. The proposed framework was evaluated in compliance with the ISO/IEC 27043 standard as well as expert review using two prototype tools. These prototype tools realize the framework by providing a proof of concept implementation of such a framework within an organization. The evaluation revealed that the proposed framework has the potential to harness system information prior to, and during a ransomware attack. This information can then be used to help forensic investigators to potentially decrypt the encrypted machine, as well as providing automated analysis of the ransomware relieving the burden of complicated analysis. The implementation of the proposed framework can potentially be a major breakthrough in mitigating this global digital endemic that has plagued various organizations.
Dissertation (MSc)--University of Pretoria, 2019.
Computer Science
MSc (Computer Science)
Unrestricted

The new and upcoming field of wireless sensor networking is unfortunately still lacking in terms of both digital forensics and security. All communications between different nodes (also known as motes) are sent out in a broadcast fashion. These broadcasts make it quite difficult to capture data packets forensically and, at the same time, retain their integrity and authenticity. The study presents several attacks that can be executed successfully on a wireless sensor network, after which the dissertation delves more deeply into the flooding attack as it is one of the most difficult attacks to address in wireless sensor networks. Furthermore, a set of factors is presented to take into account while attempting to achieve digital forensic readiness in wireless sensor networks. The set of factors is subsequently discussed critically and a model is proposed for implementing digital forensic readiness in a wireless sensor network. The proposed model is next transformed into a working prototype that is able to provide digital forensic readiness to a wireless sensor network. The main contribution of this research is the digital forensic readiness prototype that can be used to add a digital forensics layer to any existing wireless sensor network. The prototype ensures the integrity and authenticity of each of the data packets captured from the existing wireless sensor network by using the number of motes in the network that have seen a data packet to determine its integrity and authenticity in the network. The prototype also works on different types of wireless sensor networks that are in the frequency range of the network on which the prototype is implemented, and does not require any modifications to be made to the existing wireless sensor network. Flooding attacks pose a major problem in wireless sensor networks due to the broadcasting of communication between motes in wireless sensor networks. The prototype is able to address this problem by using a solution proposed in this dissertation to determine a sudden influx of data packets within a wireless sensor network. The prototype is able to detect flooding attacks while they are occurring and can therefore address the flooding attack immediately. Finally, this dissertation critically discusses the advantages of having such a digital forensic readiness system in place in a wireless sensor network environment. Copyright
Dissertation (MSc)--University of Pretoria, 2012.
Computer Science
unrestricted

Digital Forensic investigations play a vital role in our technologically enhanced world, and it may incorporate a number of different types of evidence — ranging from digital to physical. During a Digital Forensics investigation an investigator may formulate a number of hypotheses, and in order to reason objectively about them, an investigator must take into account such evidence in its entirety, relying on multiple sources. When formulating such objective reasoning an investigator must take into account not only inculpatory evidence but also exculpatory evidence and evidence of tampering. In addition, the investigator must factor in the reliability of the evidence used, the potential for error (tool and human based) and they must factor in the certainty with which they can make various claims. By doing so and creating a detailed audit trail of all actions performed by the investigator they can be better prepared against challenges against their work when it is presented. An investigator must also take into account the dynamic aspects of an investigation, such as certain evidence no longer being admissible, and they must continuously factor these aspects into their reasoning, to ensure that their conclusions still hold. Investigations may draw over a large period of time, and should the relevant information not be captured in detail, it may be lost or forgotten, affecting the reliability of an investigator’s findings and affecting future investigators’ capability to build on and continue an investigator’s work. In this dissertation we investigate whether it is possible to provide a formalised means for capturing and encoding an investigator’s reasoning process, in a detailed and structured manner. By this we mean we would like to capture and encode an investigator’s hypotheses, their arguments, their conclusions and the certainty with which they can make such claims, as well as the various pieces of evidence (digital and physical) that they use as a foundation for their arguments. We also want to capture the steps an investigator took when formulating these arguments and the steps an investigator took in order to get evidence into its intended form. The capturing of such a detailed reasoning process helps to allow for a more thorough reconstruction of an investigator’s finding, further improving the reliability that can be placed in them. By encoding the investigator’s reasoning process, an investigator can more easily receive feedback on the impacts that the various dynamic aspects of an investigation have upon their reasoning. In order to achieve these goals, our dissertation presents a model, called the Chain of Findings, allowing investigators to formulate and capture their reasoning process throughout the investigation, using a combination of goal-driven and data-driven approaches. When formulating their reasoning, the model allows investigators to treat evidence, digital and physical, uniformly as building blocks for their arguments and capture detailed information of how and why they serve their role in an investigator’s reasoning process. In addition, the Chain of Findings offers a number of other uses and benefits including the training of investigators and Digital Forensic Readiness.
Dissertation (MSc)--University of Pretoria, 2013.
gm2014
Computer Science
unrestricted

Includes bibliographical references.
Computer crimes affect the bottom line of organisations across the globe. The ability of criminals to exploit organisational systems and avoid prosecution is a concern for most organisations. This is due to the increased use of information and communication technology (ICT) by individuals and organisations. The rapid growth of ICT has affected our communication and information exchange. These advances have not only influenced the way we conduct our daily activities, but has also led to new opportunities, risks and challenges for technical and legal structures. Unfortunately, some individuals and groups have decided to use these ICT advances in order to engage in criminal activities, such as cybercrime. The increase of cyber-related crimes puts a lot of pressure on law enforcement agencies and organisations across the globe to produce credible digital forensic evidence.

In order to protect the safety of our citizens and to ensure a civil society, we ask our law enforcement, judiciary and intelligence agencies, under the rule of law, to seek probative information which can be acted upon for the common good. This information may be used in court to prosecute criminals or it can be used to conduct offensive or defensive operations to protect our national security. As the citizens of the world store more and more information in digital form, and as they live an ever-greater portion of their lives online, law enforcement, the judiciary and the Intelligence Community will continue to struggle with finding, extracting and understanding the data stored on computers. But this trend affords greater opportunity for law enforcement. This dissertation describes how several disparate approaches: knowledge management, content analysis, narratology, and natural language processing, can be combined in an interdisciplinary way to positively impact the growing difficulty of developing useful, actionable intelligence from the ever-increasing corpus of digital evidence. After exploring how these techniques might apply to the digital forensic process, I will suggest two new theoretical constructs, the Hermeneutic Theory of Digital Forensics and the Narrative Theory of Digital Forensics, linking existing theories of forensic science, knowledge management, content analysis, narratology, and natural language processing together in order to identify and extract narratives from digital evidence. An experimental approach will be described and prototyped. The results of these experiments demonstrate the potential of natural language processing techniques to digital forensics.
Ph.D.
Doctorate
Dean's Office, Arts and Humanities
Arts and Humanities
Texts and Technology

Artificial intelligence (AI) technologies are developing rapidly and cause radical changes in organizations, companies, society, and individual levels. Managers are facing new challenges that they might not be prepared for. In this work, we seek to explore managerial challenges experienced while implementing and using AI technologies from the researchers’ perspective. Moreover, we explore how appropriate ethical deliberations should be applied when using big data concerning AI and the meaning of understanding or defining it. We describe qualitative research, the triangulation that includes related literature, in-depth interviews with researchers working on related topics from various fields, and a focus group discussion. Our findings show that AI algorithms are not universal, objective, or neutral and therefore researchers believe, it requires managers to have a solid understanding of the complexity of AI technologies and the nature of big data. Those are necessary to develop sufficient purchase capabilities and apply appropriate ethical considerations. Based on our results, we believe researchers are aware that those issues should be handled, but so far have too little attention. Therefore, we suggest further discussion and encourage research in this field.

This research examined opinions of local law enforcement agencies’ patrol officers in the State of Georgia regarding preparedness and expectations for handling of digital evidence. The increased criminal use of technology requires that patrol officers be prepared to handle digital evidence in many different situations. The researcher’s goal was to gain insight into how patrol officers view their preparedness to handle digital evidence as well as their opinions on management expectations regarding patrol officers’ abilities to handle digital evidence. The research focused on identifying whether a gap existed between patrol officers’ opinions of digital evidence and the patrol officers’ views on what management expectations are for patrol officers handling digital evidence. Using a Web-based survey, the researcher collected data from 144 departments, 407 individual patrol officers in four strata across the State of Georgia. The analysis of the data found that most patrol officers handle digital evidence in at least some situations. The patrol officers’ opinions stated that most understood management expectations for handling of digital evidence and felt those expectations were realistic based on the officers’ current knowledge and training; therefore no significant gap was found. The patrol officers state that they need additional training in order to stay up to date with the current and future needs for handling existing and new technology.

The right to information privacy is considered a basic human right in countries that recognise the right to privacy. South Africa, and other countries that recognise this right, offer individuals legal protections for their information privacy. Individuals, organisations and even governments in these countries often have an obligation under such laws to protect information privacy. Large organisations, for example, multinational companies and government departments are of special concern when it comes to protecting information privacy as they often hold substantial amounts of information about many individuals. The protection of information privacy, therefore, has become ever more significant as technological advances enable information privacy to be breached with increasing ease. There is, however, little research on holistic approaches to protecting information privacy in large organisations. Holistic approaches take account of both technical and non-technical factors that affect information privacy. Nontechnical factors may include the management of information privacy protection measures and other factors such as manual business processes and organisational policies. Amongst the protections that can be used by large organisations to protect information privacy is the ability to investigate incidents involving information privacy. Since large organisations typically make extensive use of information technology to store or process information, such investigations are likely to involve digital forensics. Digital forensic investigations require a certain amount of preparedness or readiness for investigations to be executed in an optimal fashion. The available literature on digital forensics and digital forensic readiness (DFR), unfortunately, does not specifically deal with the protection of information privacy, which has requirements over and above typical digital forensic investigations that are more concerned with information security breaches. The aim of this thesis, therefore, is to address the lack of research into DFR with regard to information privacy incidents. It adopts a holistic approach to DFR since many of the necessary measures are non-technical. There is, thus, an increased focus on management as opposed to specific technical issues. In addressing the lack of research into information privacy-specific DFR, the thesis provides large organisations with knowledge to better conduct digital forensic investigations into information privacy incidents. Hence, it allows for increased information privacy protection in large organisations because investigations may reveal the causes of information privacy breaches. Such breaches may then be prevented in future. The ability to conduct effective investigations also has a deterrent effect that may dissuade attempts at breaching information privacy. This thesis addresses the lack of research into information privacy-specific DFR by presenting a framework that allows large organisations to develop a digital forensic readiness capability for information privacy incidents. The framework is an idealistic representation of measures that can be taken to develop such a capability. In reality, large organisations operate within cost constraints. We therefore also contribute by showing how a cost management methodology known as time-driven activity-based costing can be used to determine the cost of DFR measures. Organisations are then able to make cost versus risk decisions when deciding which measures in the framework they wish to implement. Lastly, we introduce the concept of a digital forensics management system. The management of DFR in a large organisation can be a difficult task prone to error as it involves coordinating resources across multiple departments and organisational functions. The concept of the digital forensics management system proposed here allows management to better manage DFR by providing a central system from which information is available and control is possible. We develop an architecture for such a system and validate the architecture through a proof-of-concept prototype.
Thesis (PhD)--University of Pretoria, 2012.
Computer Science
unrestricted

There is a growing global recognition as to the importance of outlawing malicious computer related acts in a timely manner, yet few organisations have the legal and technical resources necessary to address the complexities of adapting criminal statutes to cyberspace. Literature reviewed in this study suggests that a coordinated, public-private partnership to produce a model approach can help reduce potential dangers arising from the inadvertent creation of cybercrime havens. It is against this backdrop that the study seeks to develop a digital forensic readiness model (DFRM) using a coordinated, multidisciplinary approach, involving both the public and private sectors, thus enabling organisations to reduce potential dangers arising from the inadvertent destruction and negating of evidentiary data which, in turn, results in the non-prosecution of digital crimes. The thesis makes use of 10 hypotheses to address the five research objectives, which are aimed at investigating the problem statement. This study constitutes qualitative research and adopts the post-modernist approach. The study begins by investigating each of the 10 hypotheses, utilising a systematic literature review and interviews, followed by a triangulation of findings in order to identify and explore common themes and strengthen grounded theory results. The output from the latter process is used as a theoretical foundation towards the development of a DFRM model which is then validated and verified against actual case law. Findings show that a multidisciplinary approach to digital forensic readiness can aid in preserving the integrity of evidentiary data within an organisation. The study identifies three key domains and their critical components. The research then demonstrates how the interdependencies between the domains and their respective components can enable organisations to identify and manage vulnerabilities which may contribute to the inadvertent destruction and negating of evidentiary data. The Multidisciplinary Digital Forensic Readiness Model (M-DiFoRe) provides a proactive approach to creating and improving organizational digital forensic readiness. This study contributes to the greater body of knowledge in digital forensics in that it reduces complexities associated with achieving digital forensic readiness and streamlines the handling of digital evidence within an organisation.
Information Science
Ph.D. (Information Systems)

Over the past decade, wireless mobile communication technology based on the IEEE 802.11 Wireless Local Area Networks (WLANs) has been adopted worldwide on a massive scale. However, as the number of wireless users has soared, so has the possibility of cybercrime. WLAN digital forensics is seen as not only a response to cybercrime in wireless networks, but also a means to stem the increase of cybercrime in WLANs. The main challenge in WLAN digital forensics is to intercept and preserve all the communications generated by the mobile stations and to conduct a proper digital forensic investigation on them. In an attempt to address this issue, the study presents firstly how a WLAN functions by simply studying the association mechanism between mobile stations and the Access Point (AP), and secondly how traffic is transmitted from a source to a destination address and the security attacks associated with such transmission. Furthermore, the dissertation analyses different digital forensic process models because every digital forensic investigation should follow a digital forensic investigation process. The study also looks at various tools for extracting the everincreasing amount of evidential data that passes through the WLAN. These tools are scrutinised to observe if they possess any digital forensic capabilities and a model is proposed to implement digital forensic readiness in WLANs. The proposed model is designed to monitor, log, preserve, analyse and report wireless network traffic for digital forensic investigations. Thus, the information needed by the digital forensic experts is rendered readily available, should it become necessary to conduct a digital forensic investigation. The availability of this digital information maximises the chances of its being used as digital evidence and reduces the cost of conducting the entire digital forensic investigation process. The proposed model is then translated into a prototype to show its viability. The results of the prototype are then analysed through experiments. The experiments were found to increase the usefulness of the forensically captured network traffic. The experiments showed that organisations that use WLANs can greatly benefit by deploying the forensic readiness model and if an incident were to be reported later on and a digital forensic investigation is warranted, the organisation would simple extract the forensically captured and stored data and conduct an analysis rather than conducting the investigation from the beginning. The dissertation also provides a critical analysis of the proposed solution and lastly, the dissertation provides the legal issues with regard to traffic interception in the South African context.
Dissertation (MSc)--University of Pretoria, 2016.
tm2016
Computer Science
MSc
Unrestricted

D.Phil.(Computer Science)
We are living in an increasingly complex world in which much of society is dependent on technology and its various offshoots and incarnations (Rogers & Siegfried, 2004). There is ample evidence of the influence of technology on our daily lives. We communicate via e-mail, use chat groups to interact and conduct business by using e-commerce. People relate each other’s existence to a presence on Facebook. The convergence of the products, systems and services of information technology is changing the way of living. The latest smart and cell phones have cameras, applications, and access to social networking sites. These phones contain sensitive information, for example photographs, e-mail, spread sheets, documents, and presentations. The loss of a cell phone therefore may pose a serious problem to an individual or an organisation, when considering privacy and intellectual property issues from an information security (Info Sec) perspective (Pieterse, 2006). Organisations have accepted the protection of information and information assets as a fundamental business requirement and managers are therefore implementing an increasing number of security counter measures, such as security policies, intrusion detection systems, access control mechanisms, and anti-virus products to protect the information and information assets from potential threats. However, incidents still occur, as no system is 100% secure. The incidents must be investigated to determine their root cause and potentially to prosecute the perpetrators (Louwrens, von Solms, Reeckie & Grobler, 2006b). Humankind has long been interested in the connection between cause and event, wishing to know what happened, what went wrong and why it happened. The need for computer forensics emerged when an increasing number of crimes were committed with the use of computers and the evidence required was stored on the computer. In 1984, a Federal Bureau of Investigation (FBI) laboratory began to examine computer evidence (Barayumureeba & Tushabe, 2004), and in 1991 the international association of computer investigation specialists (IACIS) in Portland, Oregon coined the term ‘computer forensics’ during a training session.

Magister Commercii (Information Management) - MCom(IM)
The purpose of the study described in this thesis was to investigate the structure required to implement and manage digital forensic readiness within an enterprise. A comparative analysis of different digital forensic readiness frameworks was performed and, based on the findings of the analysis, the digital forensic readiness commonalities framework (DFRCF) was extended. The resultant structure was used to design a digital forensic readiness maturity assessment model (DFRMAM) that will enable organisations to assess their forensic readiness. In conclusion, both the extended DFRCF and the DFRMAM are shown to be validated by forensic practitioners, using semi-structured interviews. A qualitative research design and methodology was used to perform a comparative analysis of the various digital forensic readiness frameworks, to comprehend the underlying structures. All the participant responses were recorded and transcribed. Analysis of the findings resulting from the study showed that participants mostly agreed with the structure of the extended DFRCF; however, key changes were introduced to the extended DFRCF. The participants also validated the DFRMAM, and the majority of respondents opted for a checklist-type MAM. Digital forensic readiness is a very sensitive topic since organisations fear that their information might be made public and, as a result, increase their exposure to forensic incidents and reputational risk. Because of this, it was difficult to find participants who have a forensic footprint and are willing, able, and knowledgeable about digital forensic readiness. This study will contribute to the body of knowledge by presenting an original, validated DFRCF and DFRMAM. Practitioners and organisations now have access to non-proprietary DFRMAM.

Historically, progress in technology development has continually created new opportunities for criminal activities which, in turn, have triggered the need for the development of new security-sensitive systems. Organisations are now adopting mobile technologies for numerous applications to capitalise on the mobile revolution. They are now able to increase their operational efficiency as well as responsiveness and competitiveness and, most importantly, can now meet new, growing customers’ demands. However, although mobile technologies and applications present many new opportunities, they also present challenges. Threats to mobile phone applications are always on the rise and, therefore, compel organisations to invest money and time, among other technical controls, in an attempt to protect them from incurring losses. The computerisation of core activities (such as mobile banking in the banking industry, for example) has effectively exposed organisations to a host of complex fraud challenges that they have to deal with in addition to their core business of providing services to their end consumers. Fraudsters are able to use mobile devices to remotely access enterprise applications and subsequently perform fraudulent transactions. When this occurs, it is important to effectively investigate and manage the cause and findings, as well as to prevent any future similar attacks. Unfortunately, clients and consumers of these organisations are often ignorant of the risks to their assets and the consequences of the compromises that might occur. Organisations are therefore obliged, at least, to put in place measures that will not only minimise fraud but also be capable of detecting and preventing further similar incidents. The goal of this research was to develop a unified fraud management and digital forensic framework to improve the security of Information Technology (IT) processes and operations in organisations that make available mobile phone applications to their clients for business purposes. The research was motivated not only by the increasing reliance of organisations on mobile applications to service their customers but also by the fact that digital forensics and fraud management are often considered to be separate entities at an organisational level. This study proposes a unified approach to fraud management and digital forensic analysis to simultaneously manage and investigate fraud that occurs through the use of mobile phone applications. The unified Fraud Management and Digital Forensic (FMDF) framework is designed to (a) determine the suspicious degree of fraudulent transactions and (b) at the same time, to feed into a process that facilitates the investigation of incidents. A survey was conducted with subject matter experts in the banking environment. Data was generated through a participatory self-administered online questionnaire. Collected data was then presented, analysed and interpreted quantitatively and qualitatively. The study found that there was a general understanding of the common fraud management methodologies and approaches throughout the banking industry and the use thereof. However, while many of the respondents indicated that fraud detection was an integral part of their processes, they take a rather reactive approach when it comes to fraud management and digital forensics. Part of the reason for the reactive approach is that many investigations are conducted in silos, with no central knowledge repository where previous cases can be retrieved for comparative purposes. Therefore, confidentiality, integrity and availability of data are critical for continued business operations. To mitigate the pending risks, the study proposed a new way of thinking that combines both components of fraud management and digital forensics for an optimised approach to managing security in mobile applications. The research concluded that the unified FMDF approach was considered to be helpful and valuable to professionals who participated in the survey. Although the case study focused on the banking industry, the study appears to be instrumental in informing other types of organisations that make available the use of mobile applications for their clients in fraud risk awareness and risk management in general.
Computing
M. Sc. (Computing)

The decentralized nature of the Internet forms its very foundation, yet it is this very nature that has opened networks and individual machines to a host of threats and attacks from malicious agents. Consequently, forensic specialists - tasked with the investigation of crimes commissioned through the use of computer systems, where evidence is digital in nature - are often unable to adequately reach convincing conclusions pertaining to their investigations. Some of the challenges within reliable forensic investigations include the lack of a global view of the investigation landscape and the complexity and obfuscated nature of the digital world. A perpetual challenge within the evidence analysis process is the reliability and integrity associated with digital evidence, particularly from disparate sources. Given the ease with which digital evidence (such as metadata) can be created, altered, or destroyed, the integrity attributed to digital evidence is of paramount importance. This dissertation focuses on the challenges relating to the integrity of digital evidence within reliable forensic investigations. These challenges are addressed through the proposal of a model for the construction of a Forensic Evidence Management System (FEMS) to preserve the integrity of digital evidence within forensic investigations. The Biba Integrity Model is utilized to maintain the integrity of digital evidence within the FEMS. Casey's Certainty Scale is then employed as the integrity classifcation scheme for assigning integrity labels to digital evidence within the system. The FEMS model consists of a client layer, a logic layer and a data layer, with eight system components distributed amongst these layers. In addition to describing the FEMS system components, a fnite state automata is utilized to describe the system component interactions. In so doing, we reason about the FEMS's behaviour and demonstrate how rules within the FEMS can be developed to recognize and pro le various cyber crimes. Furthermore, we design fundamental algorithms for processing of information by the FEMS's core system components; this provides further insight into the system component interdependencies and the input and output parameters for the system transitions and decision-points infuencing the value of inferences derived within the FEMS. Lastly, the completeness of the FEMS is assessed by comparing the constructs and operation of the FEMS against the published work of Brian D Carrier. This approach provides a mechanism for critically analyzing the FEMS model, to identify similarities or impactful considerations within the solution approach, and more importantly, to identify shortcomings within the model. Ultimately, the greatest value in the FEMS is in its ability to serve as a decision support or enhancement system for digital forensic investigators. Copyright
Dissertation (MSc)--University of Pretoria, 2010.
Computer Science
unrestricted

碩士
國立交通大學
管理學院資訊管理學程
106
Recently, the development of information technology and the mobile devices, whether it is in the work, school or various applications in life, it is inseparable from mobile devices and digital information content. The applications developed by mobile devices are widely used in daily life and also used in different fields, including medical, information processing, biometrics, financial transactions, navigation and positioning, and information science. The most popular applications for mobile are communication and email. However, the applications use in phishing, scams, or theft of data. The information-intensive environment, when a digital criminal record is to be verified, it is necessary for a professional digital forensic tool to verify it. However, the rapid development of information security and digital forensics has provided evidence of more evidence and credibility for the standardization and technology of digital forensics in the future. The encrypting applications from mobile, extracting sent and received letters and enterprise applications developed by the company, using digital forensics tools to process and retrieve feature information to identify the correctness of the source and verify the information extracted by the encrypted application. And indirectly understand whether it can provide evidence of favorable evidence and credibility. In the experiments of this paper, test results were obtained through the same forensic tools, mobile device systems, and encryption applications. In summary, the research results show that the evidence ability and credibility evidence provided by the digital forensic tools can be applied legally. However, the encrypted application can protect the enterprise data without being accessed by special permission or tools. And provide the correct digital evidence.

As digital transformation and Industry 4.0 have become a path for organizations to strengthen their performance, create value and acquire competitive advantages in different industries and regions, its appeal has increased among companies from diverse sectors and government institutions in the Colombian economy, but limited generalizability and replicability has been found in current models, which pose difficulties for their translation into the Colombian shipyard industry. Thus, this research study assessed the pertinence of utilizing digital transformation and industry 4.0 technologies as an enabler for the achievement of organizational goals, while focusing on the Colombian shipyard industry. To do so, a case study with mixed methods approach was utilized to collect data from interviews and surveys with the members of a Colombian Shipyard; which after applying analytical procedures and techniques, yielded the existence of an alignment between the Industry 4.0 and the achievement of their operational goals, as well as the identification of the strengths, challenges and implications of deploying digital technologies and a digital transformation strategy for a Colombian shipyard. Moreover, this study contributed to the understanding of digital transformation processes in relation to the specific characteristic, metrics, and factors of the Colombian shipyard industry, and it is a step forward into the further development of applications within different Colombian sectors by academics and practitioners in the field.