A combined approach for a privacy-aware digital forensic investigation in enterprises

Abstract

Stricter policies, laws and regulations for companies on the handling of private information arise challenges in the handling of data for Digital Forensics investigations. This paper describes an approach that can meet the necessary requirements to conduct a privacy-aware Digital Forensics investigation in an enterprise. The core of our approach is an entropy-based identification algorithm to detect specific patterns within files that can indicate non-private information. Therefore we combine various approaches with the goal to detect and exclude files containing sensitive information systematically. This privacy-preserving method can be integrated into a Digital Forensics examination process to prepare an image which is free from private as well as critical information for the investigation. We implemented and evaluated our approach with a prototype. The approach demonstrates that investigations in enterprises can be supported and improved by adapting existing algorithms and processes from related subject areas to implement privacy-preserving measures into an investigation process.