Abstract: While approaches aimed at developing forensic-ready systems are starting to emerge, it is still primarily a theoretical concept. This paper presents a case study of integrating forensic readiness capabilities into SensitiveCloud, an information system for storing and processing sensitive data. A risk-based approach to forensic readiness design is followed to achieve it. Consequently, weaknesses in both processes and systems are identified, and forensic readiness requirements are formulated. This case study reports on lessons learned in a practical implementation of a forensic-ready system, its impact on security, and its support towards ISO/IEC 27k.
Authors: Lukas Daubner, Raimundas Matulevicius, Barbora Buhnova, Matej Antol, Michal Ruzicka and Tomas Pitner
Published: Indulska, M., Reinhartz-Berger, I., Cetina, C., Pastor, O. (eds) Advanced Information Systems Engineering. CAiSE 2023. Lecture Notes in Computer Science, vol 13901. Springer, Cham