Toward a Capability Maturity Model for Digital Forensic Readiness

  • Ludwig EnglbrechtEmail author
  • Stefan Meier
  • Günther Pernul
Part of the EAI/Springer Innovations in Communication and Computing book series (EAISICC)


Increasing IT-security breaches and the extensively growing loss due to fraud-related incidents cause the need for being prepared for a digital investigation. A specific capability maturity model can assist organizations to determine their current state accordingly to implement digital forensic readiness measures and get assistance to reach a desired level in having related capabilities implemented. This paper examines how such a model can assist in integrating digital forensic readiness related measures to reach an appropriate maturity level. Through facilitating core elements of the IT-governance framework COBIT 5 and the core characteristics of implementing digital forensic readiness, a proposal for a specific capability maturity model has been conducted. In five maturity levels (initial, managed, defined, quantitatively managed, and optimized), the different stages of implementing digital forensic readiness are represented. It can be shown that with the IT-governance aligned model, the implementation of digital forensic readiness can be assisted.


IT-security management Digital forensic readiness Capability maturity model IT-governance 



This work is partly performed under the BMBF-DINGfest project which is supported under contract by the German Federal Ministry of Education and Research (16KIS0501K).


  1. 1.
    Kitten, T.: FBI alert: business email scam losses exceed 1.2 billion.
  2. 2.
    Kessem, L., Kuhn, J., Mueller, L.: The Dyre Wolf attacks on corporate banking accounts.
  3. 3.
    Dowdy, J.: The Cyber security threat to US growth and prosperity. In: Burns, N., Price, J. (eds.) Securing Cyberspace: A New Domain for National Security. Aspen Strategy Group, Washington, DC (2012)Google Scholar
  4. 4.
    Kolias, C., Kambourakis, G., Stavrou, A., Voas, J.: DDoS in the IoT. Mirai and Other Botnets. Computer. 50, 80–84 (2017)CrossRefGoogle Scholar
  5. 5.
    Tan, J.: Forensic readiness (2001)Google Scholar
  6. 6.
    Meier, S., Pernul, G.: Einsatz von digitaler Forensik in Unternehmen und Organisationen. In: Katzenbeisser, S., Lotz, V., Weippl, E. R. (eds.) Sicherheit 2014: Sicherheit, Schutz und Zuverlässigkeit, Beiträge der 7. Jahrestagung des Fachbereichs Sicherheit der Gesellschaft für Informatik e.V. (GI), 19–21. März 2014, Wien, Österreich, pp. 103–114. GI (2014)Google Scholar
  7. 7.
    Mouhtaropoulos, A., Grobler, M., Li, C.-T.: Digital forensic readiness: an insight into governmental and academic initiatives. In: Proceedings of the 2011 European Intelligence and Security Informatics Conference, pp. 191–196. IEEE Computer Society (2011)Google Scholar
  8. 8.
    Kent, K., Chevalier, S., Grance, T., Dang, H.: Guide to Integrating Forensic Techniques into Incident Response: NIST SP 800-86, 2006Google Scholar
  9. 9.
    Inman, K., Rudin, N.: Principles and Practice of Criminalistics: The Profession of Forensic Science. CRC Press, Boca Raton (2000)CrossRefGoogle Scholar
  10. 10.
    Dewald, A.: Formalisierung digitaler Spuren und ihre Einbettung in die Forensische Informatik (2012)Google Scholar
  11. 11.
    Gary, P.: A road map for digital forensic research (2001)Google Scholar
  12. 12.
    Cohen, F.: Toward a science of digital forensic evidence examination. Adv. Digital Forensics VI. 337, 17–35 (2010)CrossRefGoogle Scholar
  13. 13.
    Pangalos, G., Katos, V.: Information assurance and forensic readiness. Next Gen. Soc. Technol. Legal Issues. 26, 181–188 (2010)CrossRefGoogle Scholar
  14. 14.
    Reyes, A., Wiles, J.: Developing an enterprise digital investigative/electronic discovery capability. In: The Best Damn Cybercrime and Digital Forensics Book Period, pp. 83–114 (2007)Google Scholar
  15. 15.
    Carrier, B., Spafford, E.H.: Getting physical with the digital investigation process. Int. J. Digital Evidence. 2, 2003 (2003)Google Scholar
  16. 16.
    Rowlingson, R.: A ten step process for forensic readiness. Int. J. Digital Evidence. 2, 2004 (2004)Google Scholar
  17. 17.
    Casey, E.: Case study: network intrusion investigation - lessons in forensic preparation. Digit. Investig. 2, 254–260 (2005)CrossRefGoogle Scholar
  18. 18.
    Ahmad, A., Hadgkiss, J., Ruighaver, A.B.: Incident response teams-challenges in supporting the organisational security function. Comput. Secur. 31, 643–652 (2012)CrossRefGoogle Scholar
  19. 19.
    Shedden, P., Ahmad, A., Ruighaver, A.B.: Organisational learning and incident response: promoting effective learning through the incident response process (2010)Google Scholar
  20. 20.
    Grobler, T., Louwrens, C.P., von Solms, S.H.: A framework to guide the implementation of proactive digital forensics in organisations. In: ARES 2010, Fifth International Conference on Availability, Reliability and Security, 15–18 February 2010, Krakow, Poland, pp. 677–682. IEEE Computer Society (2010)Google Scholar
  21. 21.
    Reddy, K., Venter, H.S.: The architecture of a digital forensic readiness management system. Comput. Security. 32, 73–89 (2013)CrossRefGoogle Scholar
  22. 22.
    Yasinsac, A., Manzano, Y.: Policies to enhance computer and network forensics. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, 2001Google Scholar
  23. 23.
    Elyas, M., Ahmad, A., Maynard, S.B., Lonie, A.: Digital forensic readiness. Expert perspectives on a theoretical framework. Comput. Security. 52, 70–89 (2015)CrossRefGoogle Scholar
  24. 24.
    CMMI Product Team: CMMI® for Development, Ver. 1.3, Improving processes for developing better products and services. no. CMU/SEI-2010-TR-033. Software Engineering Institute (2010)Google Scholar
  25. 25.
  26. 26.
    Kerrigan, M.: A capability maturity model for digital investigations. Digital Invest. 10, 19–33 (2013)CrossRefGoogle Scholar
  27. 27.
    Chryssanthou, A., Katos, V.: Assessing forensic readiness. In: Proceedings of the Seventh International Workshop on Digital Forensics & Incident Analysis (WDFIA 2012), 2012Google Scholar
  28. 28.
    Becker, J., Knackstedt, R., Pöppelbuß, J.: Entwicklung von Reifegradmodellen für das IT-management. Wirtsch. Inform. 51, 249–260 (2009)CrossRefGoogle Scholar
  29. 29.
    de Bruin, T., Freeze, R., Kaulkarni, U., Rosemann, M.: Understanding the main phases of developing a maturity assessment model, 2005Google Scholar
  30. 30.
    ISACA: In: ISACA (ed.) COBIT 5. A business framework for the governance and management of enterprise IT, Rolling Meadows (2012)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Ludwig Englbrecht
    • 1
    Email author
  • Stefan Meier
    • 2
  • Günther Pernul
    • 1
  1. 1.Department of Information SystemsUniversity of RegensburgRegensburgGermany
  2. 2.Meier Computersysteme GmbHDeiningGermany

Personalised recommendations