A Theoretical Framework For Organizational Network Forensic Readiness

This paper discusses breaking the escalation cycle that locks cyber intruders and their targets in a state where targets are perennially resigned to attacks and intruders are at liberty to exploit and disrupt networks without much risk of suffering consequences. Using systems and case analyses, several research questions are explored, resulting in the identification of conditions that must change in order to interrupt this unproductive relationship between attackers and targets. As an outcome, network forensic readiness (NFR) is proposed as a solution to digital forensic investigations that have become too resource intensive to encourage broad application to the growing numbers of computer crimes. While NFR has been implemented to some degree through tools, procedures and checklists, no comprehensive organizational implementation approach has been identified. Thus, a theoretical framework is offered as a basis for "operationalizing" network forensic readiness. The framework includes several models for implementing NFR in the enterprise.