Author: Lukáš Daubner
Advisor: prof. RNDr. Tomáš Pitner, Ph.D.
Consultant: doc. Ing. RNDr. Barbora Bühnová, Ph.D
Abstract: Security-related incidents, like cyberattacks, threaten software systems, their data, and the services they support. They cannot be fully mitigated, as serious incidents can always occur, for example, due to the system’s vulnerability or insider attack. The system can also be involved in a dispute. Such incidents must be investigated to uncover what happened, when, where, how, and who is responsible for which digital forensics is employed. However, the investigation is very laborious, with uncertain results. Thus, forensic readiness is employed as a set of proactive measures to improve the effectiveness and the odds. Forensic-ready software systems is a specific take on forensic readiness, approaching it from a software engineering perspective, including the forensic readiness in the software design. Hence, the systems should produce highly trustable, on-point data traces usable as digital evidence and should support the digital forensic processes. Thus, the exact requirements for the system to implement forensic readiness need to be formulated, modelled, reasoned about, and verified. Importantly, they must address the specific needs for which forensic readiness is implemented in the first place by considering the security risks present in the system. This thesis fills the gap in the engineering of forensic-ready software systems by proposing a risk-oriented approach to facilitate the inclusion of forensic readiness into the system’s design. This entails a method for capturing the needs for forensic readiness within the system, assessing them with respect to the risks, and finally formulating implementable and verifiable requirements. The method is supported by a modelling notation capturing the forensic readiness requirements and controls to enable systematic reasoning. Together, they form a basis for further analysis aiming at the assurance of forensic-ready software systems, realised by metrics and a software tool. The methods composing the proposed approach were published in high-rank, peer-reviewed conferences and journals. They were applied to running scenarios, demonstrating their contribution. Furthermore, the approach is complemented by a case study presenting its application and evaluation on a real-world system, showing the feasibility of the results. less