Tesis y Tesistas 2020 - Postgrado - Fac. de Informática - UNLP

MAESTRÍA
redes de datos
Mg. Mónica Diana Tugnarelli
e-mail
mtugnarelli@gmail.com
Advisor
Lic. Francisco Javier Díaz
Thesis defense date
March 31, 2020
SEDICI
http://sedici.unlp.edu.ar/handle/10915/97968
Forensic Readiness
implementation f
or digital continuity
Keywords: Forensic Readiness; Continuidad digital; Forensia; Seguridad informática; HTTP
Motivation
The emphasis of this thesis work is focused on analyzing
aspects related to the protection of assets in an organization
considering for this the complex current environment in
terms of computer security, which is the scenario where
organizations develop their daily activities. The motivation
is to find strategies and good practices that ensure the
confidentiality, integrity and availability of data in pursuit
of the digital continuity of the organization. If the fragility
and volatility of a digital event is considered, computer
forensics techniques and methodologies must ensure what,
who, when and how the security incident occurred so it can
be properly determined, as well as the proper preservation
of data that can be collected. Faced with this challenge, the
Forensic Readiness methodology, which is addressed in this
work, advances towards the protection of data considered
digital evidence from the beginning, from its selection as
such and even before the possible occurrence of a computer
security incident.
This Master’s thesis has as a general objective to carry out
a comparative analysis of models of implementation of said
methodology also called Forensic Readiness as a possible
strategy for digital continuity and preventive protection of the
assets of an organization. As a specific objective, the work seeks
to prepare a set of Good Practices for the implementation of
the Forensic Readiness methodology in an organization.
Thesis contributions
In this work, several factors have been presented that have
an impact on the preparation demanded of an organization
that wants to implement strategies and mechanisms for the
protection of its data, considered as essential assets for the
digital continuity of the business. The Forensic Readiness
or Forensic Preparation methodology raises a new vision on
the collection of digital evidence through its objectives of
maximizing the ability of the environment to gather reliable
digital evidence and minimize the forensic cost during the
response to an incident, not only to anticipate the response
but also with the fundamental premise of keeping the
evidence in perfect condition to face legal proceedings.
As a contribution of this work, a Good Practice Guide for the
implementation of Forensic Readiness in any organization
is presented and proposed. It is divided into stages which
allows minimizing the complexity of the process, so the
organization can progress in the measure of its capacity but
in a constant way, knowing that at a higher level of maturity
it will reach more detailed and better quality processes and
procedures. The Guide has a high training, commitment and
continuous improvement component to help maintain the
quality and update of procedures that ensure vulnerability
detection and data protection.
It has also reached specific conclusions about the preventive
approach and its relationship with data traceability,
anticipation of security incidents, asset risk determination,
log analysis and protocols, among others, demonstrating
that the Forensic Readiness approach , digital continuity
and risk management complement each other.
Future Research Lines
From this thesis work, several lines of research that are
directly related to the Forensic Preparation are identified and
constitute future challenges.
First, in relation to infrastructure, delving into the issue
of storage media that this approach requires and the
implications of the Cloud Computing alternative with regard
96