Forensic experts' view of forensic‐ready software systems: A qualitative study

Abstract

AbstractSoftware engineers widely acknowledge the inclusion of security requirements in the early stages of the development process. However, the need to prepare the software for the failure of the implemented security controls and subsequent investigation of the incident is often not discussed. Forensic‐ready software systems represent an evolution of secure systems being designed for the eventual digital forensic investigation. However, their exact properties remain largely unexplored, beyond preliminary high‐level conceptualizations of requirements and capabilities. Further obstacles hindering the adoption of forensic‐ready software systems are the different priorities and goals of involved parties and a gap in the digital forensics expertise of software engineers. In this paper, we conduct an empirical qualitative study identifying the problems and needs of forensic readiness while framing the notion of an ideal forensic‐ready software system and how it should treat potential evidence. To this end, we conducted semisupervised interviews with digital forensics experts on their idea, experience, and suggestions. The results provide insights into the needs of the experts to facilitate the definition of correct requirements towards forensic‐ready software systems to support the anticipated investigations properly.