Abstract
Although the traditional way to mitigate malicious incidents in real Information Systems (IS) of organizations was essentially internal, it is now more and more frequent to see criminal investigation taking place. For different reasons that will be exposed in this text, a better collaboration between forensic investigators and IS managers has to be reached, and it can be done through an approach that could and should benefit both sides. The article will see in the first part what are the relevant problematics, then will propose some possible solutions, before describing which rewards can be effectively earned by IS managers that would have implemented such solutions in their systems. It will involve in particular, the formal description of the processes of management and handling of computer related traces, to make them simultaneously compliant with investigation constraints and security management needs. It will also describe what could be a formal process of selecting which computer related traces are the most useful to both activities (investigation and security management). This selection should be done in order to avoid information overload, and resources consumption that could be caused by the storing of all computer related traces generated by an IS.
Notes
Correspondence: Bertrand Lathoud, INFORGE, Lausanne Business School, BFSH 1, University of Lausanne, 1015—Lausanne, Switzerland. E‐mail: [email protected].
B Lathoud ‘Formal management of computer related traces: a way to enhance the security policy of an information system’ PhD Dissertation, University of Lausanne, December 2002.
J‐F Colonna ‘The subjectivity of computers’ Communication of the ACM Vol 36, No 8, August 1993, pp. 15–18.
See p 4 of E Casey Digital Evidence and Computer Crime Academic Press, London, 2000.
International Organisation on Computer Evidence http://www.ioce.org.
Lathoud, op cit, note 1.
Ibid.