Proposal / Submission Type

Peer Reviewed Paper

Location

Oklahoma City, Oklahoma

Abstract

There are ad-hoc guidelines and a limited policy on computer incident response that does not include computer forensic preparation procedures (e.g. logging incidents). In addition, these guidelines do not consider the requirement of Islamic law for admissible evidence at an organisational level in Saudi Arabia. Network forensic investigation might breach the Saudi law if they follow ad-hoc or international digital forensic standards such as Association of Chief Police Officers (ACPO) guidelines. This might put the organisation in a costly situation when a malicious employee sues an Islamic court. This is because the law of Saudi Arabia is complying with Islamic (Al Sharia) law. Network forensic investigators should comprehend Islamic legal requirements for admissible evidence such as privacy of a suspect, integrity and availability of evidence. These legal requirements should be translated into information technology to conduct the processes of digital forensic. These processes include searching for, collecting, preserving and presenting electronic evidence in an Islamic court. Although insider abuse/crime have not been usually reported to the law enforcement in Saudi Arabia, a hacking case is provided and examined in order to highlight shortcomings for producing eevidence at an organisational level in Saudi Arabia. Furthermore, this case shows that there is a conflict between the technical (ad-hoc) process of collecting e-evidence which has been followed at an organisational level by network forensic investigators and the main principle of forensic procedure in Saudi Arabia. It also illustrates that there is no technical investigative standard for digital evidence. Moreover, this research addresses these issues by proposing a technical investigative standard for digital evidence. As a result of this standard, network forensic investigation is able to produce evidence with respect to the principles of forensic procedure in Saudi Arabia.

Keywords: Internal threats, malicious insider, network forensic investigation, hacking, formal controls for digital forensics, technical controls for digital forensics, informal controls for digital forensics, forensic procedure in Saudi Arabia

 

Network Forensic Investigation of Internal Misuse/Crime in Saudi Arabia: A Hacking Case

Oklahoma City, Oklahoma

There are ad-hoc guidelines and a limited policy on computer incident response that does not include computer forensic preparation procedures (e.g. logging incidents). In addition, these guidelines do not consider the requirement of Islamic law for admissible evidence at an organisational level in Saudi Arabia. Network forensic investigation might breach the Saudi law if they follow ad-hoc or international digital forensic standards such as Association of Chief Police Officers (ACPO) guidelines. This might put the organisation in a costly situation when a malicious employee sues an Islamic court. This is because the law of Saudi Arabia is complying with Islamic (Al Sharia) law. Network forensic investigators should comprehend Islamic legal requirements for admissible evidence such as privacy of a suspect, integrity and availability of evidence. These legal requirements should be translated into information technology to conduct the processes of digital forensic. These processes include searching for, collecting, preserving and presenting electronic evidence in an Islamic court. Although insider abuse/crime have not been usually reported to the law enforcement in Saudi Arabia, a hacking case is provided and examined in order to highlight shortcomings for producing eevidence at an organisational level in Saudi Arabia. Furthermore, this case shows that there is a conflict between the technical (ad-hoc) process of collecting e-evidence which has been followed at an organisational level by network forensic investigators and the main principle of forensic procedure in Saudi Arabia. It also illustrates that there is no technical investigative standard for digital evidence. Moreover, this research addresses these issues by proposing a technical investigative standard for digital evidence. As a result of this standard, network forensic investigation is able to produce evidence with respect to the principles of forensic procedure in Saudi Arabia.

Keywords: Internal threats, malicious insider, network forensic investigation, hacking, formal controls for digital forensics, technical controls for digital forensics, informal controls for digital forensics, forensic procedure in Saudi Arabia