At present, there are no guidelines for organisations that need to perform digital forensic investigations of social networking applications.
This is according to Samantha Rule, global information security officer for the Maitland Group and secretary for the (ISC)^2 Cape Town Chapter.
Rule says research shows, due to the volume of personal information social networking users make publically available, a framework for using open source intelligence (OSINT) when conducting a digital forensic investigation would be valuable.
"The explosion of the Internet, the increase in the use of mobile devices and the need to always be connected to the Internet provide ample opportunity for cyber crime, making it imperative that the traditional digital forensic investigation frameworks are updated."
Rule proposes a framework that would provide digital forensic investigators with a guide that would ensure a rigorous process is followed and that, in future, evidence from OSINT sources is seen as evidentiary - rather than supplementary.
The information security specialist outlines six key steps that embody the framework for using OSINT as a digital forensic investigative tool:
1. Identify: The identity of the person or persons must be established before the information-gathering can commence.
2. Retrieve and collect: This details how the digital evidence must be extracted and collated.
3. Analyse and process: When analysing the evidence and the majority of evidence has been gathered from OSINT sources, it is important to take the evidence certainty of the OSINT source into consideration.
4. Visualise: There are likely to be numerous evidence items and therefore an important part of a digital forensic investigation is to reconstruct a timeline of events.
5. Collaborate: Investigators should work together to provide support to each other and collaborate with respect to information and evidence.
6. Report: It is the digital forensic investigator's responsibility to document all actions and observations throughout the digital forensic investigation. All documentation should be complete, accurate, factual and comprehensive, resulting in a report being written.
Share