Towards a capability maturity model for digital forensic readiness

  • Ludwig EnglbrechtEmail author
  • Stefan Meier
  • Günther Pernul


Increasing IT-Security breaches and the extensively growing loss due to fraud related incidents cause the need for being prepared for a digital investigation. A specific capability maturity model can assist organizations to determine their current state according to implement digital forensic readiness measures and get assistance to reach a desired level in having related capabilities implemented. This paper examines how such a model can assist in integrating digital forensic readiness related measures and to reach an appropriate maturity level. Through facilitating core elements of the IT-Governance framework COBIT 5 and the core characteristics of implementing digital forensic readiness a proposal for a specific capability maturity model has been conducted. In five maturity levels (Initial, Managed, Defined, Quantitatively Managed and Optimized) the different stages of implementing digital forensic readiness measures are represented. It can be shown that with the IT-Governance aligned model the implementation of digital forensic readiness can be assisted.


IT-Security management Digital forensic readiness Capability maturity model IT-Governance 



This article is an extended version of a paper presented at COMPSE 2018 (held at the Furama Hotel, Bangkok, Thailand, March 2018) which was kindly invited for a consideration in this journal. This work is partly performed under the BMBF-DINGfest project which is supported under contract by the German Federal Ministry of Education and Research (16KIS0501K).


  1. 1.
    Ahmad, A., Hadgkiss, J., & Ruighaver, A. B. (2012). Incident response teams—Challenges in supporting the organisational security function. Computers & Security, 31(5), 643–652.CrossRefGoogle Scholar
  2. 2.
    Becker, J., Knackstedt, R., & Pöppelbuß, J. (2009). Entwicklung von Reifegradmodellen für das IT-Management. Wirtschaftsinformatik, 51(3), 249–260. Scholar
  3. 3.
    de Bruin, T., Freeze, R., Kaulkarni, U., & Rosemann, M. (2005). Understanding the main phases of developing a maturity assessment model.Google Scholar
  4. 4.
    Carrier, B., & Spafford, E. H. (2003). Getting physical with the digital investigation process. International Journal of Digital Evidence (IJDE), 2, 1–20.Google Scholar
  5. 5.
    Casey, E. (2005). Case study: Network intrusion investigation—Lessons in forensic preparation. Digital Investigation, 2(4), 254–260.CrossRefGoogle Scholar
  6. 6.
    Chryssanthou, A., & Katos, V. (2012). Assessing forensic readiness. In Proceedings of the seventh international workshop on digital forensics & incident analysis (WDFIA 2012).Google Scholar
  7. 7.
    CMMI Product Team. (2010). CMMI ® for Development, Version 1.3, Improving processes for developing better products and services. no. CMU/SEI-2010-TR-033. Software Engineering Institute.Google Scholar
  8. 8.
    Cohen, F. (2010). Toward a science of digital forensic evidence examination. In K. P. Chow & S. Shenoi (Eds.), Advances in Digital Forensics VI. IFIP Advances in Information and Communication Technology (pp. 17–35). Berlin: Springer.Google Scholar
  9. 9.
    Dewald, A. (2012). Formalisierung digitaler Spuren und ihre Einbettung in die Forensische Informatik. Erlangen: Universität Erlangen-Nürnberg.Google Scholar
  10. 10.
    Dowdy, J. (2012). The cyber security threat to US growth and prosperity. In N. Burns & J. Price (Eds.), Securing cyberspace: A new domain for national security. Washington, DC: Aspen Strategy Group.Google Scholar
  11. 11.
    Elyas, M., Ahmad, A., Maynard, S. B., & Lonie, A. (2015). Digital forensic readiness. Expert perspectives on a theoretical framework. Computers & Security, 52, 70–89. Scholar
  12. 12.
    Grobler, T., Louwrens, C. P., & von Solms, S. H. (2010). A framework to guide the implementation of proactive digital forensics in organisations. In ARES 2010, Fifth international conference on availability, reliability and security, 1518 February 2010, Krakow, Poland (pp. 677–682). IEEE Computer Society.Google Scholar
  13. 13.
    Inman, K., & Rudin, N. (2000). Principles and practice of criminalistics: The profession of forensic science. Protocols in forensic science. Boca Raton: CRC Press.CrossRefGoogle Scholar
  14. 14.
    ISACA. (2012). COBIT 5. A business framework for the governance and management of enterprise IT. Rolling Meadows, IL: ISACA.Google Scholar
  15. 15.
    Ivtchenko, D., & Sachowski, J. (Eds.). (2016). Implementing digital forensic readiness. From reactive to proactive process. Cambridge, MA: Syngress.Google Scholar
  16. 16.
    Jacobs, S. (2017). Reifegradmodelle (August 2017). Retrieved August 21, 2017 from
  17. 17.
    Karie, N., & Karume, S. (2017). Digital forensic readiness in organizations: Issues and challenges. JDFSL. Scholar
  18. 18.
    Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Guide to integrating forensic techniques into incident response. NIST SP 800-86.Google Scholar
  19. 19.
    Kerrigan, M. (2013). A capability maturity model for digital investigations. Digital Investigation, 10(1), 19–33. Scholar
  20. 20.
    Kessem, L., Kuhn, J., & Mueller, L. (2015). The Dyre Wolf Attacks on Corporate Banking Accounts. Retrieved August 7, 2017, from
  21. 21.
    Kitten, T. (2015). FBI alert: Business Email Scam Losses Exceed 1.2 Billion. Retrieved August 7, 2017, from
  22. 22.
    Kolias, C., Kambourakis, G., Stavrou, A., & Voas, J. (2017). DDoS in the IoT. Mirai and other botnets. Computer, 50(7), 80–84. Scholar
  23. 23.
    Manworren, N., Letwat, J., & Daily, O. (2016). Why you should care about the Target data breach. Business Horizons, 59(3), 257–266.CrossRefGoogle Scholar
  24. 24.
    Meier, S., & Pernul, G. (2014). Einsatz von digitaler Forensik in Unternehmen und Organisationen. In Sicherheit 2014: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 7. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 19.-21. März 2014, Wien, Österreich (pp. 103–114). LNI, 228. GI.Google Scholar
  25. 25.
    Mouhtaropoulos, A., Grobler, M., & Li, C.-T. (2011). Digital forensic readiness: An insight into governmental and academic initiatives. In Proceedings of the 2011 European intelligence and security informatics conference. EISIC’11 (pp. 191–196). IEEE Computer Society.Google Scholar
  26. 26.
    Palmer, G. (2001). A road map for digital forensic research. In First digital forensic research workshop (DFRWS).Google Scholar
  27. 27.
    Pangalos, G., & Katos, V. (2010). Information assurance and forensic readiness. In A. B. Sideridis & C. Z. Patrikakis (Eds.), Next generation society: Technological and legal issues. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering (pp. 181–188). Berlin: Springer.Google Scholar
  28. 28.
    Reddy, K., & Venter, H. S. (2013). The architecture of a digital forensic readiness management system. Computers & Security, 32, 73–89. Scholar
  29. 29.
    Reyes, A., & Wiles, J. (2007). Developing an enterprise digital investigative/electronic discovery capability. In The Best Damn Cybercrime (2007) (pp. 83–114).Google Scholar
  30. 30.
    Rowlingson, R. (2004). A ten step process for forensic readiness. International Journal of Digital Evidence (IJDE), 2, 3.Google Scholar
  31. 31.
    Shedden, P., Ahmad, A., & Ruighaver, A. B. (2010). Organisational learning and incident response: Promoting effective learning through the incident response process.Google Scholar
  32. 32.
    Shu, X., Tian, K., Ciambrone, A. et al. (2017). Breaking the target: An analysis of target data breach and lessons learned. arXiv preprint arXiv:1701.04940.
  33. 33.
    Stanwick, P. A., & Stanwick, S. D. (2014). A security breach at target: A different type of bulls eye. International Journal of Business and Social Science, 5, 12.Google Scholar
  34. 34.
    Tan, J. (2001). Forensic readiness.Google Scholar
  35. 35.
    Yasinsac, A., & Manzano, Y. (2001). Policies to enhance computer and network forensics. In Proceedings of the 2001 IEEE workshop on information assurance and security.Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2019

Authors and Affiliations

  1. 1.Department of Information SystemsUniversity of RegensburgRegensburgGermany
  2. 2.Meier Computersysteme GmbHDeiningGermany

Personalised recommendations