Search Results

Documents authored by Rudolph, Carsten


Document
Digital Evidence and Forensic Readiness (Dagstuhl Seminar 14092)

Authors: Glenn S. Dardick, Barbara Endicott-Popovsky, Pavel Gladyshev, Thomas Kemmerich, and Carsten Rudolph

Published in: Dagstuhl Reports, Volume 4, Issue 2 (2014)


Abstract
The seminar on Digital Evidence and Forensic Readiness provided the space for interdisciplinary discussions on clearly defined critical aspects of engineering issues, evaluation and processes for secure digital evidence and forensic readiness. A large gap exists between the state-of-the-art in IT security and best-practice procedures for digital evidence. Experts from IT and law used this seminar to develop a common view on what exactly can be considered secure and admissible digital evidence. In addition to sessions with all participants, a separation of participants for discussing was arranged. The outcome of these working sessions was used in the general discussion to work on a common understanding of the topic. The results of the seminar will lead to new technological developments as well as to new legal views to this points and to a change of organizational measures using ICT. Finally, various open issues and research topics have been identified. In addition to this report, open research issues will also be published in the form of a manifesto on digital evidence. One possible definition for Secure Digital Evidence was proposed by Rudolph et al. at the Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics 2012. It states that a data record can be considered secure if it was created authentically by a device for which the following holds: - The device is physically protected to ensure at least tamper-evidence. - The data record is securely bound to the identity and status of the device (including running software and configuration) and to all other relevant parameters (such as time, temperature, location, users involved, etc.) - The data record has not been changed after creation. Digital Evidence according to this definition comprises the measured value and additional information on the state of the measurement device. This additional information on the state of the measurement device aims to document the operation environment providing evidence that can help lay the foundation for admissibility. This definition provided one basis of discussion at the seminar and was compared to other approaches to forensic readiness. Additional relevant aspects occur in the forensic readiness of mobile device, cloud computing and services. Such scenarios are already very frequent but will come to full force in the near future. The interdisciplinary Dagstuhl seminar on digital evidence and forensic readiness has provided valuable input to the discussion on the future of various types of evidence and it has build the basis for acceptable and sound rules for the assessment of digital evidences. Furthermore, it has established new links between experts from four continents and thus has set the foundations for new interdisciplinary and international co-operations.

Cite as

Glenn S. Dardick, Barbara Endicott-Popovsky, Pavel Gladyshev, Thomas Kemmerich, and Carsten Rudolph. Digital Evidence and Forensic Readiness (Dagstuhl Seminar 14092). In Dagstuhl Reports, Volume 4, Issue 2, pp. 150-190, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2014)


Copy BibTex To Clipboard

@Article{dardick_et_al:DagRep.4.2.150,
  author =	{Dardick, Glenn S. and Endicott-Popovsky, Barbara and Gladyshev, Pavel and Kemmerich, Thomas and Rudolph, Carsten},
  title =	{{Digital Evidence and Forensic Readiness (Dagstuhl Seminar 14092)}},
  pages =	{150--190},
  journal =	{Dagstuhl Reports},
  ISSN =	{2192-5283},
  year =	{2014},
  volume =	{4},
  number =	{2},
  editor =	{Dardick, Glenn S. and Endicott-Popovsky, Barbara and Gladyshev, Pavel and Kemmerich, Thomas and Rudolph, Carsten},
  publisher =	{Schloss Dagstuhl -- Leibniz-Zentrum f{\"u}r Informatik},
  address =	{Dagstuhl, Germany},
  URL =		{https://drops.dagstuhl.de/entities/document/10.4230/DagRep.4.2.150},
  URN =		{urn:nbn:de:0030-drops-45490},
  doi =		{10.4230/DagRep.4.2.150},
  annote =	{Keywords: digital evidence, forensic readiness, mobile forensic, trusted computing, Cyberlaw}
}
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail