Enhancing Traditional Reactive Digital Forensics to a Proactive Digital Forensics Standard Operating Procedure (P-DEFSOP): A Case Study of DEFSOP and ISO 27035.
Uložené v:
| Názov: | Enhancing Traditional Reactive Digital Forensics to a Proactive Digital Forensics Standard Operating Procedure (P-DEFSOP): A Case Study of DEFSOP and ISO 27035. |
|---|---|
| Autori: | Yang, Hung-Cheng, Lin, I-Long, Chao, Yung-Hung |
| Zdroj: | Applied Sciences (2076-3417); Sep2025, Vol. 15 Issue 18, p9922, 18p |
| Predmety: | DIGITAL forensics, CLOUD computing, INTERNET security, EMERGENCY management, ELECTRONIC evidence, STANDARD operating procedure |
| Abstrakt: | With the growing intensity of global cybersecurity threats and the rapid advancement of attack techniques, strengthening enterprise information and communication technology (ICT) infrastructures and enhancing digital forensics have become critical imperatives. Cloud environments, in particular, present substantial challenges due to the limited availability of effective forensic tools and the pressing demand for impartial and legally admissible digital evidence. To address these challenges, we propose a proactive digital forensics mechanism (P-DFM) designed for emergency incident management in enterprise settings. This mechanism integrates a range of forensic tools to identify and preserve critical digital evidence. It also incorporates the MITRE ATT&CK framework with Security Information and Event Management (SIEM) and Managed Detection and Response (MDR) systems to enable comprehensive and timely threat detection and analysis. The principal contribution of this study is the formulation of a novel Proactive Digital Evidence Forensics Standard Operating Procedure (P-DEFSOP), which enhances the accuracy and efficiency of security threat detection and forensic analysis while ensuring that digital evidence remains legally admissible. This advancement significantly reinforces the cybersecurity posture of enterprise networks. Our approach is systematically grounded in the Digital Evidence Forensics Standard Operating Procedure (DEFSOP) framework and complies with internationally recognized digital forensic standards, including ISO/IEC 27035 and ISO/IEC 27037, to ensure the integrity, reliability, validity, and legal admissibility of digital evidence throughout the forensic process. Given the complexity of cloud computing infrastructures—such as Chunghwa Telecom HiCloud, Amazon Web Services (AWS), Google Cloud, and Microsoft Azure—we underscore the critical importance of impartial and standardized digital forensic services in cloud-based environments. [ABSTRACT FROM AUTHOR] |
| Copyright of Applied Sciences (2076-3417) is the property of MDPI and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Databáza: | Complementary Index |
Full Text Finder 
Nájsť tento článok vo Web of Science | FullText | Text: Availability: 0 CustomLinks: – Url: https://resolver.ebscohost.com/openurl?sid=EBSCO:edb&genre=article&issn=20763417&ISBN=&volume=15&issue=18&date=20250915&spage=9922&pages=9922-9939&title=Applied Sciences (2076-3417)&atitle=Enhancing%20Traditional%20Reactive%20Digital%20Forensics%20to%20a%20Proactive%20Digital%20Forensics%20Standard%20Operating%20Procedure%20%28P-DEFSOP%29%3A%20A%20Case%20Study%20of%20DEFSOP%20and%20ISO%2027035.&aulast=Yang%2C%20Hung-Cheng&id=DOI:10.3390/app15189922 Name: Full Text Finder Category: fullText Text: Full Text Finder Icon: https://imageserver.ebscohost.com/branding/images/FTF.gif MouseOverText: Full Text Finder – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Yang%20H Name: ISI Category: fullText Text: Nájsť tento článok vo Web of Science Icon: https://imagesrvr.epnet.com/ls/20docs.gif MouseOverText: Nájsť tento článok vo Web of Science |
|---|---|
| Header | DbId: edb DbLabel: Complementary Index An: 188321439 RelevancyScore: 1060 AccessLevel: 6 PubType: Academic Journal PubTypeId: academicJournal PreciseRelevancyScore: 1060.48950195313 |
| IllustrationInfo | |
| Items | – Name: Title Label: Title Group: Ti Data: Enhancing Traditional Reactive Digital Forensics to a Proactive Digital Forensics Standard Operating Procedure (P-DEFSOP): A Case Study of DEFSOP and ISO 27035. – Name: Author Label: Authors Group: Au Data: <searchLink fieldCode="AR" term="%22Yang%2C+Hung-Cheng%22">Yang, Hung-Cheng</searchLink><br /><searchLink fieldCode="AR" term="%22Lin%2C+I-Long%22">Lin, I-Long</searchLink><br /><searchLink fieldCode="AR" term="%22Chao%2C+Yung-Hung%22">Chao, Yung-Hung</searchLink> – Name: TitleSource Label: Source Group: Src Data: Applied Sciences (2076-3417); Sep2025, Vol. 15 Issue 18, p9922, 18p – Name: Subject Label: Subject Terms Group: Su Data: <searchLink fieldCode="DE" term="%22DIGITAL+forensics%22">DIGITAL forensics</searchLink><br /><searchLink fieldCode="DE" term="%22CLOUD+computing%22">CLOUD computing</searchLink><br /><searchLink fieldCode="DE" term="%22INTERNET+security%22">INTERNET security</searchLink><br /><searchLink fieldCode="DE" term="%22EMERGENCY+management%22">EMERGENCY management</searchLink><br /><searchLink fieldCode="DE" term="%22ELECTRONIC+evidence%22">ELECTRONIC evidence</searchLink><br /><searchLink fieldCode="DE" term="%22STANDARD+operating+procedure%22">STANDARD operating procedure</searchLink> – Name: Abstract Label: Abstract Group: Ab Data: With the growing intensity of global cybersecurity threats and the rapid advancement of attack techniques, strengthening enterprise information and communication technology (ICT) infrastructures and enhancing digital forensics have become critical imperatives. Cloud environments, in particular, present substantial challenges due to the limited availability of effective forensic tools and the pressing demand for impartial and legally admissible digital evidence. To address these challenges, we propose a proactive digital forensics mechanism (P-DFM) designed for emergency incident management in enterprise settings. This mechanism integrates a range of forensic tools to identify and preserve critical digital evidence. It also incorporates the MITRE ATT&CK framework with Security Information and Event Management (SIEM) and Managed Detection and Response (MDR) systems to enable comprehensive and timely threat detection and analysis. The principal contribution of this study is the formulation of a novel Proactive Digital Evidence Forensics Standard Operating Procedure (P-DEFSOP), which enhances the accuracy and efficiency of security threat detection and forensic analysis while ensuring that digital evidence remains legally admissible. This advancement significantly reinforces the cybersecurity posture of enterprise networks. Our approach is systematically grounded in the Digital Evidence Forensics Standard Operating Procedure (DEFSOP) framework and complies with internationally recognized digital forensic standards, including ISO/IEC 27035 and ISO/IEC 27037, to ensure the integrity, reliability, validity, and legal admissibility of digital evidence throughout the forensic process. Given the complexity of cloud computing infrastructures—such as Chunghwa Telecom HiCloud, Amazon Web Services (AWS), Google Cloud, and Microsoft Azure—we underscore the critical importance of impartial and standardized digital forensic services in cloud-based environments. [ABSTRACT FROM AUTHOR] – Name: Abstract Label: Group: Ab Data: <i>Copyright of Applied Sciences (2076-3417) is the property of MDPI and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract.</i> (Copyright applies to all Abstracts.) |
| PLink | https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edb&AN=188321439 |
| RecordInfo | BibRecord: BibEntity: Identifiers: – Type: doi Value: 10.3390/app15189922 Languages: – Code: eng Text: English PhysicalDescription: Pagination: PageCount: 18 StartPage: 9922 Subjects: – SubjectFull: DIGITAL forensics Type: general – SubjectFull: CLOUD computing Type: general – SubjectFull: INTERNET security Type: general – SubjectFull: EMERGENCY management Type: general – SubjectFull: ELECTRONIC evidence Type: general – SubjectFull: STANDARD operating procedure Type: general Titles: – TitleFull: Enhancing Traditional Reactive Digital Forensics to a Proactive Digital Forensics Standard Operating Procedure (P-DEFSOP): A Case Study of DEFSOP and ISO 27035. Type: main BibRelationships: HasContributorRelationships: – PersonEntity: Name: NameFull: Yang, Hung-Cheng – PersonEntity: Name: NameFull: Lin, I-Long – PersonEntity: Name: NameFull: Chao, Yung-Hung IsPartOfRelationships: – BibEntity: Dates: – D: 15 M: 09 Text: Sep2025 Type: published Y: 2025 Identifiers: – Type: issn-print Value: 20763417 Numbering: – Type: volume Value: 15 – Type: issue Value: 18 Titles: – TitleFull: Applied Sciences (2076-3417) Type: main |
| ResultId | 1 |