The Journal of the Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회논문지)

The Institute of Internet, Broadcasting and Communication (한국인터넷방송통신학회)
권호 표지
DOI QR코드

DOI QR Code

Digital Investigation First Responder and Preliminary Analyst Requirements

디지털 수사 초동조치 대응인력 및 예비분석관들이 갖추어야 할 요건

  • Received : 2016.08.01
  • Accepted : 2016.10.07
  • Published : 2016.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

As investigations dealing with digital evidence increase, so to does the need for skilled first responders and improved investigation process models. Recently the concept of digital forensic triage and preliminary analysis has been gaining popularity in investigation laboratories. At the same time, however, there has been little focus on specific training needs of first response and preliminary analysts. Instead, many organizations consider these responders to need the same skills as full digital forensic analysts. In this work we describe the 'ideal' digital investigation first responder and preliminary analyst, hardware and software requirements and most importantly, required training.

디지털 증거를 다루는 범죄 사건 수사가 증가함에 따라 초동조치를 할 수 있는 인력과 개선된 수사절차 모델의 필요성이 증가하고 있다. 최근 들어 디지털 포렌식 분류(triage)와 예비분석 등의 개념이 수사 연구기관에 각광을 받고 있다. 하지만 초동조치 대응인력 및 예비분석관들이 구체적으로 어떤 훈련을 받아야 하는지에 대한 연구는 그다지 주목받지 못했다. 오히려 많은 조직에서 초동조치 대응인력이 전문적인 디지털 포렌식 분석관과 같은 실력을 갖추어야 한다고 여기고 있다. 본 연구에서는 '이상적인' 상황에서 디지털 수사의 초동조치 대응인력과 예비분석관들이 어떤 능력을 갖추어야 하며, 하드웨어 및 소프트웨어 측면에서의 필요사항과, 어쩌면 가장 중요하다 할 수 있는 교육훈련 조건에 대해 논하고자 한다.

Keywords

References

  1. E. Casey, M. Ferraro, and L. Nguyen, "Investigation Delayed Is Justice Denied: Proposals for Expediting Forensic Examinations of Digital Evidence*," J. Forensic Sci., vol. 54, no. 6, pp. 1353-1364, Nov. 2009. https://doi.org/10.1111/j.1556-4029.2009.01150.x
  2. J. I. James and P. Gladyshev, "A survey of digital forensic investigator decision processes and measurement of decisions based on enhanced preview," Digit. Investig., vol. 10, no. 2, pp. 148-157, Sep. 2013. https://doi.org/10.1016/j.diin.2013.04.005
  3. G. Palmer, "A Road Map for Digital Forensic Research," Utica, New York, Nov. 2001.
  4. M. B. Koopmans and J. I. James, "Automated network triage," Digit. Investig., vol. 10, no. 2, pp. 129-137, Sep. 2013. https://doi.org/10.1016/j.diin.2013.03.002
  5. A. Shaw and A. Browne, "A practical and robust approach to coping with large volumes of data submitted for digital forensic examination," Digit. Investig., vol. 10, no. 2, pp. 116-128, Sep. 2013. https://doi.org/10.1016/j.diin.2013.04.003
  6. A. Shaw and A. Browne, "A practical and robust approach to coping with large volumes of data submitted for digital forensic examination," Digit. Investig., vol. 10, no. 2, pp. 116-128, Sep. 2013. https://doi.org/10.1016/j.diin.2013.04.003
  7. N. Jones, "Training and accreditation - who are the experts?," Digit. Investig., vol. 1, no. 3, pp. 189-194, Sep. 2004. https://doi.org/10.1016/j.diin.2004.07.009
  8. R. Jones, "Your day in court - the role of the expert witness," Digit. Investig., vol. 1, no. 4, pp. 273-278, Dec. 2004. https://doi.org/10.1016/j.diin.2004.11.001
  9. J. I. James and Y. Jang, "Practical and Legal Challenges of Cloud Investigations," The Journal of the Institute of Webcasting, Internet and Telecommunication, vol. 14, no. 6, pp. 33-39, Dec. 2014.
  10. ACPO E-Crime Working Group, "Good Practice Guide for Computer-Based Electronic Evidence," 7safe Inf. Secur. website,[URL] http//7safe.com/electronic_evidence/index. html, 1996.