Forensic readiness: emerging discipline for creating reliable and secure digital evidence

Abstract

Traditional approaches to digital forensics reconstruct events within digital systems that often are not built for the creation of evidence; however,there is an emerging discipline of forensic readiness that examines what it takes to build systems and devices that produce digital data records for which admissibility is a requirement. This paper reviews the motivation behind research in this area,a generic technical solution that uses hardware-based security to bind digital records to a particular state of a device and proposed applications of this solution in concrete,practical scenarios. Research history in this area,the notion of secure digital evidence and a technical solution are discussed. A solution to creating hardware-based security in devices producing digital evidence was proposed in 2012. Additionally,this paper revises the proposal and discusses three distinct scenarios where forensic readiness of devices and secure digital evidence are relevant. It shows,how the different requirements of the three scenarios can be realized using a hardware-based solution. The scenarios are:lawful interception of voice communication,automotive black box,precise farming. These three scenarios come from very distinctive application domains. Nevertheless,they share a common set of security requirements for processes to be documented and data records to be stored.