After reading the required articles this week, please write a research paper that answers the following questions: What are mobile forensics and do you believe that they are different from computer f

This paper is organized into the following sections: Section II argues the need for corporate forensic readiness and governance; Section III explains best practice governance principles; Section IV is a brief discussion of related work; Section V is a description of the proposed framework; finally, in Section VI we conclude and recommend future work. II. C ORPORATE FORENSIC READINESS AND GOVERNANCE According to [8], litigation is a last option for most organizations, because of concerns like negative publicity and its negative impact to the business. Therefore, corporate forensic readiness, governance and in-house forensic capability will help organizations to be prepared to gather and use digital evidence as a deterrent and for making firm conclusions during internal investigations of non-criminal violations. The objective of corporate forensic readiness is to ensure that digital evidence is collected using sound forensic processes and in an effective way with minimal interruption to the business. This evidence can also be used for the organizations interest and defense.

Although many organizations outs ource forensic activities, it is likely that most will prefer to perform them internally. The reasons for this include privacy, confidentiality of organizational and customer data, legal risk, delayed forensic results from consultants and compliance with regulations like Sarbanes Oxley, King 3 Report, the Basel Committee report on banking supervision, and FIPS PUB 200. In addition, it is costly to outsource forensic activities in those large organizations that experience recurring digital incidents.

Regulations like FIPS PUB 200 (2002) mandated all federal agencies in the United St ates to comply with the standard’s Audit and Accountability section, which states that “Organizations must: 1. Create, protect, and retain information system audit records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful, unauthorized, or inappropriate information system activity. 2. Ensure that the actions of individual information system users can be uniquely traced to those users so they can be held accountable for their actions” [12]. These considerations show that, in a great many cases, there is a clear need for corporate forensic readiness and in-house forensic capability. Rowlingson [4] articulates ten steps toward corporate forensic readiness: 1. “Define the business scenarios that require digital evidence. 2. Identify available sources and different types of potential evidence. 3. Determine the evidence collection requirement. 4. Establish a capability of se curely gathering admissible evidence to meet the requirement. 5. Establish a policy for secure storage and handling of potential evidence. 6. Ensure monitoring is targeted to detect and deter major incidents. 7. Specify circumstances when escalation to a full formal investigation should be launched. 8. Train staff in incident awareness so that all those involved understand their role in the digital process and the legal sensitivities of evidence. 9. Document an evidence-based case describing the incident and its impact. 10. Ensure legal review to facilitate action in response to the incident”. A good governance framework consists of both governance and management processes [11]. Rowlingson’s work should be incorporated into management processes and we therefore refined and used it in the development of the management processes (CFM domain) of our proposed corporate forensic governance framework. More elaboration on the need for corporate forensics can be found in [8]. A. The Relationship between IT Governance, IS Governance and Corporate Forensics It could be argued that corporate forensics falls, in some respects, under IT governance and IS governance. However, some important aspects of corporate forensics, like jurisprudence (legal) and forensically sound processes are not fully part of IT and IS governance [3]. According to ACPO [30], forensically sound processes mean performing forensic practices (collection, examination, analysis, documentation, preservation of evidence and ch ain of custody) according to applicable jurisdiction. It also means that forensic practices should be conducted in such a way that if necessary an independent third party is able to repeat the same processes and obtain the same result. This shows that the preservation of the integrity of evidence is very important during forensic investigations. Corporate forensics (CF) and digital forensics (DF) will be used interchangeably in this paper. Researchers like Von Solms [3] and Grobler [5] explains the relationship between Digital Forensic (DF), IS Governance, IT Governance and Corporate Governance. Von Solms et al states “that the proactive mode of information security ensures all policies, procedures, and technical mechanis ms are in place to prevent harm to the organization’s information; the reactive mode ensures that if harm occur, it will be repaired (Business continuity planning, Good backup and Disaster recovery techniques are part of the reactive mode)” [3] . “The proactive mode of digital forensics ensures all policies, procedure, technical and automated mechanisms are in place to be able to act when required; the reactive mode ensures that the necessary actions can be performed to support specified analytical and investigative techniques required by digital forensics”[3]. This shows that some components of Digital forensic, IS and IT governance overlap and are related. Therefore, the best practice 735 governance principles used for effective IT and IS governance can also be used for corporate forensic governance.

Fig. 1. Relationship between Corporate governance, IT governance, IS governance and Digital forensic [3] Figure 1 shows a holistic view of DF and its relationship with corporate governance, IS governance and IT governance. III. B EST PRACTICE GOVERNANCE PRINCIPLES According to best practices [10][11][22] governance principles include strategic alignment with business objectives, value delivery to the business, risk management, resource optimization of available resources and continuous performance evaluation. A. Strategic Alignment Good governance of corporat e forensics (CF) will ensure that the objectives of CF practices are aligned to the organization’s goals. According to Board briefing on IT governance [22], the cost effectiveness of a security program is determined by how well it supports the organization’s objective. Corporate forensic governance will also ensure that corporate forensic objectives are defined in business terms and all CF controls tracked to a specific business requirement. The following will indicate alignment: a corporate forensic program that enhances business activities; a corporate forensic program that is responsive to defined business needs; corporate forensic program and organization objectives that are defined and clearly understood by relevant stakeholders; corporate forensic program that is mapped to organizational goals and is validated by senior management; a corporate forensic strategy and steering committee made up of key executives to ensure continuous alignment of corporate forensic objectives and business goals. B. Value Delivery Good governance of corporate forensic practices will also ensure that corporate forensic investments are optimized in support of enterprise objectives. It also ensures that the organization gets benefits from their corporate forensic investments. Governance will ensure corporate forensic investments are supporting business needs and adding expected value. For instance, in a scenario where there is no governance, there won’t be monitoring and evaluation to ensure that corporate forensic investment is continuously supporting the business in achieving some of its strategic needs. Therefore, forensic investments may not add expected value to the business, since there are no m etrics to measure if value is optimized. Corporate forensic governance increases the likelihood of corporate forensic program’s success considering the significant cost associated with corporate forensic practices. Figure 2 shows some of the questions governance will ask to ensure value is optimized. Fig. 2. Val IT Framework 2.0, Value according to the Four ‘Are’s as described in the information paradox [34] C. Risk Management For applicable IT related business risk to be mitigated using corporate forensic practices, CF governance would help ensure that corporate forensic practices are an integral part of enterprise risk management program. CF governance will also ensure that corporate forensic strategy and program will help organizations achieve acceptable level of applicable IT related business risk. A structure fo r risk assessment as defined by NIST 800-30 is shown in figure 3 below. If corporate forensic practices are part of enterprise risk management program, potential evidence sources will be identified in a proactive manner. Also, CF governance will ensure legal risk involved during corporate forensic practices are fully identified, communicated, mitigated and managed. Fig. 3. NIST 800-30 Risk Assessment Methodology [32] Furthermore, from the risk assessment methodology shown in Figure 3, step 4 requires control analysis and selection. This 736 is where different controls are selected for all identified risks. Different controls are weighe d and analyzed based on their strength and weaknesses and the best control to mitigate each risk effectively is selected. All risks that could be best mitigated with corporate forensic practices should be identified, documented in a risk profile chart and rated to show their potential value impact to the business. This is one of the principles of good CF governance which will ensure that all risk that could be mitigated with corporate forensic practices are mitigated and optimized. D. Resource Optimization This principle of good corporate forensic governance deals with planning, allocation and control of corporate forensic resources which include people, processes and technologies (increased automated forensic suites) towards adding value to the business. CF resources need to be managed properly for its effectiveness. Proper CF resource management will ensure that corporate forensic practices are efficient, cost effective and most importantly ensure corporate forensic is effectively addressing applicable business needs. E. Performance Evaluation Since there is a clear saying that “you cannot manage what you cannot measure,” the govern ance of corporate forensic practices will ensure measures are in place to monitor corporate forensic processes and measure its performance. This will help management to make informed decisions about the state of corporate forensic program and ascertain if it is effective or not. Methods like Maturity model, checklist and other tools could be used. Some of the indicators of effective corporate forensic program as observed fr om performance measurement include: the time it takes to detect and uncover potential security threats to the business; number of threats effectively traced to their sources within minimal time interval without interruption to the business; number of security breaches reported (lesser number of reported breaches means effectiveness of the control in terms of deterrent). The performance measurement module of the governance framework is represented in th e corporate forensic evaluation (CFE) domain of the proposed framework. IV. R ELATED WORK Researchers like [4][6][7][8] have looked into some form of forensic readiness while [2][8][9][21] have looked into some form of proactive digital forensics which are considered part but not a comprehensive represen tation of good governance practices. They did not comprehensively address the establishment of a good governance framework and major governance processes for corporate forensics practices which will obviously make their work more effective. In other words, they did not address in details how corporate forensic practices could be enhanced using governance best practices. Lack of CF governance practices might explain why management see digital forensic as an abstract and highly technical field and have very little interest in leveraging on its benefits to achieve some of their corporate goals. Go od governance referred to in the beginning of this section means getting senior management involved in an interactive manner by using globally adopted common business languages in a governance framework for forensic practices; management taking ownership of forensic program by assuming responsibi lity and accountability (RACI Chart) of forensic processes; use of increased automated forensic suites with generation of user friendly executive reports, remote forensics and automated processes; use of forensic practices to minimize high IT related business risk. All these enhancements are expected to help organizations maximize the benefits of forensic practices in an efficient and effective way. Discussing proactive or corporate forensic readiness by [2][4][6][7][8][9] [21] without the establishment of a governance structure, framework and obtaining management support will result in the corporate forensic readiness program not being fully effective and efficient. Furthermore, at the time this paper was written, only one researcher, Grobler et al [5], to the best of our knowledge, had researched on the governance of digital forensics. Their paper was a preliminary framework in the form of an outline for the governance of digital forensics. The scope of the paper did not comprehensively address how globally accepted governance best practices [10][11][22] can be used to enhance a corporate forensic program in enterprise organizations. V. D ESCRIPTION OF THE PROPOSED FRAMEWORK According to best practice [11] a governance framework should consist of two major processes: the governance and management processes. The governance processes involve direction in strategic alignment, risk management, resource optimization, value delivery and performance evaluation. The governance field directs the management field and ensures management processes are achieving their goals. The management field is responsible for executing and implementing directions from the governance field. The management processes involved specialized and operational processes which governance us es to achieve its tactical and operational goals. The management section performs more hands-on tasks than the governance section. The proposed framework was developed with this principle. The framework was categorized into three domains namely Corporate Forensic Governance ((CFG) governance processes), Corporate Forensic Management ((CFM) management processes) and Corporate Forensic Evaluation (CFE). The third domain CFE maintains a life cycle model for the framewor k by evaluating, monitoring and continually improving fo rensic processes through lesson learned and evaluation using m aturity model. Figure 4 shows the corporate forensic governance framework lifecycle. Fig. 4. The three major domains of the proposed corporate forensic governance framework lifecycle The proposed corporate forensic governance framework was developed with the common languages and best practices used in related governance models. 737 A. Corporate Forensic Governance (CFG) Corporate Forensic Governance was developed with the major principles of best governance practices as recommended by COBIT [10][11] and Board briefing on IT governance [22], which includes strategic alignmen t, risk management, resource optimization, and value delivery. These principles represent control objectives CFG 1 to CFG 4 of the corporate forensic governance domain. Detailed control practices were developed under each of these control objectives. B. Corporate Forensic Management (CFM) The second domain Corporate Forensic Management (CFM) contains functions classified as management functions in the framework. This domain was developed from best practices, Rowlingson’s wo rk [4] and all other literatures reviewed in the reference section. The control objectives in these domain (CFM 1 to CFM 10 ) include: manage legal and ethical requirements; define policies; define procedures; manage education, training and awareness; perform pro-active evidence identification; collect evidence; examine and analyze evidence; manage evidence; ma nage third party; document, report and present evidence. Detailed control practices were developed under each of these control objectives. C. Corporate Forensic Evaluation (CFE) The third domain Corporate Forensic Evaluation (CFE) contains processes to evaluate (maturity model), monitor, assess and improve (with lesson lear ned and feedback) forensic practices to ensure the objective of the framework is continuously achieved. The objective of the framework includes performing corporate fore nsic activities in an efficient and effective way, with minimal disruption to the business; collecting evidence in a forensically sound way and reduction of applicable potential IT related risk to the business. This domain was dev eloped from process assessment best practices from all the literatures reviewed. Detailed control practices were developed under each of the control objectives (CFE 1 to CFE 3) for this domain. D. Corporate Forensic Go vernance Structure Figure 5 shows a high level hypothetical corporate forensic governance structure. Other Assurance functions like HR, Internal Audit, Privacy, Value Management office, Legal etc are part of the corporate forensic strategy and steering committee. To establish effective CF governance program, the first step is to establish a gove rnance structure that will oversee the governance of corporate forensics program. This is one of the requirements of good governance. According to several regulations and best practices [11][22], senior management is ultimately responsible for good governance and to exercise due care in performing task involving all specialized disciplines. Corporate forensics, Information technology and Information Security are examples of those specialized disciplines in a corporate environment. Therefore the overall accountability of good governance is the responsibility of the board of directors. The Board or the CEO should set up a steering and strategy committee to oversee its corporate forensic responsibilities and report back to them since they have many commitments. This responsibility could also be taken by the CIO depending on how large the organization is or the business environment of the organization. Therefore, this is just a hypothetical structure; organizations can set up their governance structure as it suits their business environment. For in stance, if an organization is experiencing various insider frauds and other negative publicity due to security breaches, the Board of directors will be interested in knowing the most effective mitigation strategy to mitigate that risk. This will increase the organization’s interest in implementing a corporate forensic program which the CEO or board might want to oversee. Fig. 5. A hypothetical corporate forensic governance structure Each member of the governance and management teams in the proposed framework has assigned roles and responsibilities similar to those seen in [22]. They are either responsible, accountable, consulted and/or informed on each of the governance, management and evaluation processes of the corporate forensic governance framework. This is achieved using the RACI chart which means who is Responsible, Accountable, Consulted and/or Informed. Table I briefly explains the RACI chart. E. Corporate Forensic Go vernance Framework The framework consists of 3 domains (CFG, CFM & CFE), 17 high level control objectives (CFG1-CFG4, CFM1-CFM10, CFE1-CFE3) and 119 detailed control practices. The control practices and RACI assignment of roles and responsibilities can be adjusted to suit each organization’s needs and business environment. In other words some of the control practices might not be applicable in some organizations depending on how they are structured and what their business environment is like. TABLE I. T HE RACI C HART RACI Task Rmeans Responsible Those responsible for performing the task or ensuring the task is done Ameans Accountable The person who must approve or sign off before the process is effective or person accountable for the success of the process. 738 Cmeans Consulted Those who provide input needed to complete the task Imeans Informed Those who are regularly updated on the outcome of decisions, processes and actions taken In addition, some of these controls have already been implemented in some organizations (maybe for information security) enhancement is needed in such scenario to accommodate forensic practices. During implementation of the framework CFG1 – CFG4 will be implemented first before CFM1 – CFM10 and then CFE1 – CFE3. RACI chart was used in assigning roles and responsibilities to the governance and management team according to best practices [10][22]. Refer to Section V. for more explanation on the structure of the proposed framework. Brief explanation of the scope and control objectives of the proposed framework is shown in Table II. The scope of the proposed corporate forensic governance framework is based on the use of increased automated forensic suites like Encase Enterprise for forensic practices. These increased automated suites are known for increased automation and provision of ease of use approach towards performing forensic practices. However, a forensic expert is needed in the forensic team for effective and efficient use of these automated suites to achieve applicable organizational goals. The framework was designed for global use and in a high level format with general requirements for performing forensic practices using automated forensic suites. Brief explanation of the control objectives are shown below. TABLE II. E XPLANATION OF THE SCOPE AND CONTROL OBJECTIVES FOR THE PROPOSED FRAMEWORK Control objectives Brief explanation of the controls in the proposed framework CFG1 Strategic alignment This control ensures clear goals and objectives of a corporate forensic program are defined and that these defined goals and objectives are strategically aligned to enterprise goals and objectives. In other words this control ensures that corporate forensic program is helping the organization achieve some of its goals and objectives. CFG2 Ensure risk is optimized with CF implementation This control ensures that business risk which can be mitigated with corporate forensics are identified and mitigated. To achieve this a corporate forensic program should be part of enterprise risk management program to ensure CF is effectively used as a mitigation control in managing applicable IT related business threat and risk such as insider threat, fraud, IP theft, staff sabotage etc. CFG3 Ensure resources are optimized with CF implementation Due to the significant cost involved in establishing a CF program, this control will ensure that CF resources are managed properly and are optimized efficiently. Also this control will ensure CF resource management is aligned with enterprise resource management for efficient utilization of budget and organization finances. CFG4 Ensure value is optimized with CF implementation This control ensures that CF program is adding expected value to the business. It will also ensure that forensic investments are monitored and value documented to determine if it is helping the business achieve some of its goals and objectives. CFM1 Manage legal and ethical requirements This control ensures that digital evidence is obtained in accordance with applicable law, regulation and standards for digital evidence acquisition. CFM2 Define policies Grobler et al stated that “policies are the building blocks for management to provide a framework to manage DF in an organization” [2]. This control will ensure that the necessary policies required for a CF program are established and managed. CFM3 Define procedures This control ensures that procedures for a CF program are established and are based on standards like ACPO [30]. CFM4 Manage education, training and awareness This control ensures that awareness is created for CF program in an organization. It also ensures that forensic resources are reputable and that forensic person nel have relevant skills to perform CF tasks. CFM5 Perform pro-active evidence identification This control ensures that digital evidence is identified in a proactive manner by analysis and assessment of enterprise resources that might be potential evidence source. This is based on enterprise risk assessment. CFM6 Collect evidence This control ensures that evidence is collected in a forensically sound manner using automated forensic suites. CFM7 Examine and analyze evidence This control ensures that evidence is examined and analyzed in a forensically sound manner using automated forensic suites. CFM8 Manage evidence (chain of custody) This control ensures that evidence is managed, secured and chain of custody monitored and managed to ensure the integrity of evidence is maintained. CFM9 Manage third party This control ensures that third party forensic consultants are managed in other not to introduce new business risk to the organization when outsourcing forensic practices. CFM10 Documentation, Reporting and Presentation This control ensures that forensic processes are documented in such a way that an independent forensic examiner can repeat the same process and obtain the same result. It also ensures digital evidence is presented using the right format to the applicable audience. CFE1 Monitor and evaluate forensic process compliance with regulation This control will ensure that all forensic processes conform to regulation and legal requirement of obtaining forensically sound digital evidence in each applicable jurisdiction. CFE2 Monitor, evaluate and report forensic process performance and conformance This control ensures that all forensic practices are monitored, evaluated using maturity model, checklist to ensure the controls are effectively achieving its objectives. CFE3 Continuously improve corporate forensic processes Without proper monitoring and evaluation of CF practices, it will be difficult to improve CF practices or make CF program effective. This control also ensures that CF practices are continuously improved using lesson learned and maturity mod el to make CF program more effective in mitigating applicable business risk. 739 Table III below shows the proposed corporate forensic governance framework at a high level with only the control objectives. The full table with its control practices will be available for download at infosec.concordia.ab.ca after the conference. TABLE III. T HE PROPOSED CORPORATE FORENSIC GOVERNANCE FRAMEWORK Domain Control Objectives and Practices Board CEO CFO COO CIO Corporate Forensic Str ategy & Steering Committee Chief Risk Officer Chief Information Security Officer HR Internal Audit Compliance Business Process Owners Value Management Office Forensic Specialist (s) Privacy Officer General Counsel/Legal CFG CFG1 Strategic alignment C C C C R A C R C C R C R C C CFG2 Ensure risk is optimized with CF implementation C R C R R R A R C R R C I R R R CFG3 Ensure resources are optimized with CF implementation I C C C A R I R C I I C C R C C CFG 4 Ensure value is optimized with CF implementation C R R R R A C R I C C C R R C C CFM CFM1 Manage legal requirements I C I C C C C R I I C C I R C A/R CFM2 Define policies C A C C R R C R C C C C C R C C CFM3 Define procedures C C I A/R I C C C I R C C CFM4 Manage education, training and awareness: I I I I A/R R C C C R C C CFM5 Perform pro-active evidence identification I I I C A/R C I C C C R C C CFM6 Collect evidence I I I C A I I C C I R C C CFM7 Examine and analyze evidence I I I A C C C R C CFM8 Manage evidence (chain of custody) I I I C R C C R A CFM9 Manage third party C C C I C R I C C C C R C A CFM10 Documentation, Reporting and Presentation I I I I I I I A I I I R I C CFE CFE1 Monitor and evaluate forensic process compliance with regulation I I R R C R C C C I R C A CFE2 Monitor, evaluate and report forensic process performance and conformance I I A R C R I C C C I R C C CFE3 Continuously improve corporate forensic processes I I I A R C R I C C C I R C C F. Corporate Forensic Gove rnance Flow Diagram This explains summarily the flow of processes explained in the corporate forensic governance framework. The flow diagram shows the processes fr om the establishment of a corporate forensic governance structure to the evaluation of corporate forensic processes and improvements applied to ensure the goal of the program is constantly being achieved. The flow diagram can be seen in the full paper and will be available for download at infosec.concordia.ab.ca after the conference. 740 VI. C ONCLUSION AND FUTURE WORK This paper provided best practices for corporate forensic governance, and management that will help empower organizations with efficient and effective corporate forensic readiness and an in-house fore nsic capability using automated forensic techniques. It also showed how governance best practices can ensure organizations get benefits from forensic investments. In addition, it can show that implementation of an enterprise automated forensic suites can detect, deter and reduce high profile business threats like insider threat, fraud and intellectual property theft since all employees are aware that illegitimate acts can be linked to the perpetrators. Therefore, compliance with regulation like FIPS PUB 200 will be effectively established in such applicable organizations.

Furthermore, the developed framework will enhance the way organizations perform forensic practices by reducing the rate of unsuccessful investigations and the effective use of resources (time, cost and personnel) during forensic investigations. Also the forensic governance framew ork used common and business languages that management understands with roles and responsibilities assigned using RACI Chart. This will increase the effectiveness of the program since accountability and responsibility for each corporate forensic process is properly defined. For future work, since the framework was developed for global usage in a high level structure, the CFM domain section of the framework can be narrowed down to a specific jurisdiction (continent) with the development of a more comprehensive step-by-step details of all forensically sound processes considering legal requirements for collecting evidence applicable to the ch osen jurisdiction. Also, the framework can be tested and evaluated in a real organization with analysis of the test result documented. ACKNOWLEDGMENT The authors are thankful to the Faculty of Graduate Studies at Concordia University College of Alberta for providing resources used in the accomplishment of this research. Special thanks go to Amer Aljaedi for his advice and discussions. REFERENCES [1] C. Grobler and C. Louwrens, “Digital evidence management plan,” Proc. IEEE Information Security for South Africa (ISSA) , South Africa, August 2-4, 2010, pp. 1-6. [2] C. Grobler, C. Louwrens and S. Von Solms, “A framework to guide the implementation of proactive digital forensics in organizations,” Proc. IEEE ARES ’10 , Krakow, Poland, February 15-18, 2010, pp. 677-682. [3] S. Von Solms and C. Louwrens, “The relationship between digital forensics, corporate governance, it governance and is governance,” in Digital Crime and Forensic Science in Cyberspace , PA: Idea, 2006, pp. 243- 265 [4] R. Rowlingson, “ A ten step process for forensic readiness,” International Journal of Digital Evidence , 2004, Available: http:/ijde.org [5] M. Grobler and I. Dlamini, “ Managing digital evidence: the governance of digital forensics,” Journal of Contemporary Management , 2010, Available: http://www.researchspace.csir.co.za [6] S. Von Solms, C. Louwrens, C. Reekie and T. Grobler, “A control framew ork for digital forensics,” Information Federation for Information Processing , 2006, vol. 222, pp. 343-355. [7] C. Grobler and C. Louwrens, “Digital forensic readiness as a component of informati on security best practice,” Information Federation for Information Processing , 2007, vol. 233, pp. 13-24. [8] G. Pangalos, C. IIioudis and I. Pagkalos “ The importance of corporate forensic readiness in the information security f ramework,” Proc. IEEE WETICE ’10 , Krakow, Poland, June 28-30, 2010, pp. 12-16. [9] M. Koh n, J. Eloff, M. Oliver, “ Framework for a Digital Forensic Investigation,” Unpublished Paper. [10] Information System Audit and Control Association (ISACA), “COBIT 4.1, ” 2007, Available: http://www.isaca.org [11] Information System Audit and Control Association (ISACA), “COBIT 5.0, ” 2011, Available: http://www.isaca.org [12] FIPS PUB 200 “ Minimum Security Requirements for Federal Information and Information. Systems ”, 2006. [13] FIPS PUB 199 “Standard for Security Categorization of Federal Information and Information Systems” , 2002. [14] Y. Shin, “New digital forensic investigation procedure model,” Proc. NCM ’08 , 2008, vol. 1, pp 528-531. [15] C. Shields, “Towards proactive forensic evidentiary collection,” Proc. HICSS ’10 , 2010, pp 1-9. [16] C. Walker. (2010), “Computer Forensics: Bringing the Evidence to Court”, Unpublished Paper, Available: http://www.infosecwriters.com [17] K. Nance, B. Hay and M. Bishop, “Digital forensics: defining a researchagenda,” Proc. HICSS ’09 , 2009, pp 1-6. [18] D. Barske, A. Stander, J. Jordan, “A digital fo rensic readiness framework for South African SME’s,” Proc. ISSA , 2010, pp 1-6. [19] CSI report “Computer crime security survey 2010/2011, Available: http://www.gocsi.com/survey [20] G. Mohay, “Technical challenge s and directi ons for digital forensics,” Proc. SADFE , 2005, pp 155-161. [21] C. Grobler, C. Louwrens and S. Von Solms, “A multi -component view of digital forensics,” Proc. ARES 2010 , pp 647-652. [22] ISACA, “Board b riefing o n IT governance”, 2003 , Available: http://www.isaca.org [23] B. Endicott and D. Frincke, “Embedding forensic capabilities into networks: addressing inefficiencies in digita l forensic investigations,” Proc. IAW 2006 , pp 133-139 [24] “The practitioner’s guide to legal issues related to digital i nvestigations and electronic discovery,” Encase Legal Journal , 2011, Available: http://www.guidancesoftware.com/ [25] Guidance Software, “The seven best practices of highly e ffective eDiscovery practitioners,” 2010, Available: http://www.guidancesoft ware.com/ [26] ACFE Report 2010/2011, “Report to the n ations on occupational fraud and abuse”, Available: http://www.acfe.com/rttn.aspx [27] NIST SP 800- 86, “Guide to integrating forensic techniques into incident response,” 2006 Available: http://www.nist.gov [28] ISO/IEC FDIS 27001, “ Information security management systems requirements”, 2005, Available: http://www.iso.org [29] ISO/IEC FDIS 27037, “Guideline for identification, collection, acquisition and preservation of digital evidence, 2005, Available: http://www.iso.org [30] ACPO Association of chief police officers, Available: http://www.acpo.police.uk [31] NIST SP 800- 92, “Guide to computer security log management,” 2006, Available: http://www.nist.gov. [32] NIST SP 800- 30, “Risk m anagement guide for information technology systems ”, Rev. 1, 2010, Available: http://www.nist.gov [33] ISACA, The risk IT practitioner guide, 2009, Available: http:// www.isaca.org [34] ITGI, “ The VAL IT framework 2.0,” 2008, Available: http:// www.isaca.org 741