PRECEPT: a framework for ethical digital forensics investigations
| Date | 13 March 2020 |
| Published date | 13 March 2020 |
| DOI | https://doi.org/10.1108/JIC-05-2019-0097 |
| Pages | 257-290 |
| Author | R.I. Ferguson,Karen Renaud,Sara Wilford,Alastair Irons |
| Subject Matter | Information & knowledge management,Knowledge management,HR & organizational behaviour,Organizational structure/dynamics,Accounting & Finance,Accounting/accountancy,Behavioural accounting |
PRECEPT: a framework for ethical
digital forensics investigations
R.I. Ferguson
Division of Cyber Security, Abertay University, Dundee, UK
Karen Renaud
Division of Cyber Security, Abertay University, Dundee, UK;
Rhodes University, Grahamstown, South Africa and
University of South Africa, Pretoria, South Africa
Sara Wilford
Centre for Computing and Social Responsibility, De Montfort University, Leicester,
England, and
Alastair Irons
University of Sunderland, Sunderland, UK
Abstract
Purpose –Cyber-enabledcrimes are on the increase, and law enforcement has had toexpand many of their
detectingactivitiesinto the digitaldomain. As such,the field of digital forensicshas becomefar more sophisticated
over the yearsand is now able to uncover even more evidencethat can be used to support prosecutionof cyber
criminals in a courtof law. Governments, too, haveembraced the ability to track suspicious individuals in the
onlineworld. Forensics investigatorsare drivento gather data exhaustively,being under pressureto provide law
enforcementwith sufficient evidence to securea conviction.
Yet, thereare concerns about the ethics and justiceof untrammeled investigationson a number of levels. On
an organizationallevel, unconstrainedinvestigations could interferewith, and damage, the organization’sright
to controlthe disclosure of their intellectualcapital. On an individual level,those being investigatedcould easily
have theirlegal privacy rights violatedby forensics investigations.On a societal level,there might be a sense of
injustice at the perceived inequality of current practice in this domain.
Thispaper argues the need fora practical, ethicallygrounded approach todigital forensic investigations, one
that acknowledges and respectsthe privacy rights of individuals and the intellectual capitaldisclosure rights of
organizations, as well as acknowledging the needs of law enforcement. The paper derives a set of ethical
guidelines,and thenmaps these onto a forensicsinvestigationframework. The frameworkto expert reviewin two
stages is subjected, refining the framework after each stage. The paper concludes by proposing the refined
ethicallygroundeddigital forensicsinvestigation framework.The treatiseis primarily UK based,but the concepts
presentedhere have international relevanceand applicability.
Design/methodology/approach –In this paper, the lens of justice theory is used to explore the tension
that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and,
on the other, individuals’rights to privacy and organizations’rights to control intellectual capital
disclosure.
Findings –The investigation revealed a potential inequality between the practices of digital forensics
investigators and the rights of other stakeholders. That being so, the need for a more ethically informed
approach to digital forensics investigations, as a remedy, is highlighted and a framework proposed to
provide this.
Research limitations/implications –The proposed ethically informed framework for guiding digital
forensics investigations suggests a way of re-establishing the equality of the stakeholders in this arena, and
ensuring that the potential for a sense of injustice is reduced.
Originality/value –Justice theoryis used to highlight the difficultiesin squaring the circle between the rights
and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation
guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the
PRECEPT
257
The authors acknowledge the contribution of the digital forensics investigators who evaluated their
framework and provided helpful comments.
The current issue and full text archive of this journal is available on Emerald Insight at:
https://www.emerald.com/insight/1469-1930.htm
Received 13 May 2019
Revised 1 October 2019
2 December 2019
Accepted 2 December 2019
Journal of Intellectual Capital
Vol. 21 No. 2, 2020
pp. 257-290
© Emerald Publishing Limited
1469-1930
DOI 10.1108/JIC-05-2019-0097
balance between the requirements and expectations of digital forensic investigators on the one hand, and
individual and organizational expectations and rights, on the other.
Keywords Ethics, Intellectual capital, Privacy, Forensics investigation
Paper type Viewpoint
1. Introduction
Rawls’(1991) Theory of Justice is built on two core principles: liberty and equality. Working in
tandem, they designate that society ought be structured so that the greatest possible amount
of liberty is provided to its members, the proviso being that the liberty of any one individual
not be permitted to infringe upon that of any other. Moreover, any inequalities that do exist
ought only to be permitted if equality would leave people worse off. Deutsch (1986) introduces
the concept of distributive justice as a way of envisioning whether these principles are being
achieved in any society. Deutsch reports on a number of experimental studies he carried out
to investigate the sense of injustice in society, and recounts a range of insights gained from
these. Of particular relevance to our context is that those who are disadvantaged by
inequality are more sensitive to the injustice thereof than those who are advantaged by such
inequalities. Adams (1965) argues that an experience of injustice should not be an accepted
fact of life. Kant’scategorical imperative (O’Neill, 1993) requires everyone to act only in such a
way that they would consider fair if applied universally across society. Deutsch (1986) argues
that sensitivity to injustice across society can be increased by acknowledgement of
inequalities and by providing viable remedies.
The focus in this paper is on digital forensics investigations, and their potential for being
perceived as unjust. George Orwell’s infamous Big Brother (Orwell, 1949) has, for some,
materialized some six decades after the book was published (Sorell and Draper, 2012) due to
ubiquitous digital surveillance and rapacious digital investigations. David Patterson, then
ACM President (Patterson, 2005), expressed these concerns trenchantly: “We must protect
the security and privacy of computer and communication users from criminals and terrorists
while preventing the Orwellian vision of Big Brother. Computer and communication in the
21st century should be as safe as 20th century banking”(p. 16).
In the digital forensics domain, it is appropriate for us to ensure that there is no injustice in
the way digital forensics investigations are carried out, because the day might come when
any one of us could become the subject of such an investigation. Moreover, as Irons and
Konstadopoulou (2007) argue, the field of digital forensics requires a codified body of
principles as well as standards for ethics and practice if it is to be considered a profession.
Dehghantanha and Franke (2014) make a strong case for the need of a framework for
privacy-respecting digital investigations, but do not propose such a framework themselves.
Aminnezhad et al. (2012) write a treatise on the tensions between digital forensics
investigators and privacy preserving technologies, but they, too, do not propose a framework
to resolve the tensions. Antoniou et al. (2006) and Croft and Olivier (2010) do propose
privacy-preserving frameworks, but the measures they deploy are technological, and not
ethically grounded, which is what we are proposing to do, as advocated by Irons and
Konstadopoulou (2007). Why specifically a framework? Because a framework has the ability
to structure, guide and inform investigations, providing a way for investigators to chart their
progress. Moreover, the very structured nature serves as a convenient harness for
highlighting pertinent ethical considerations as investigators work through the stages
during their investigations.
Figure 1 depicts this paper’s argument and layout. We commence by highlighting the
current state of play in the digital forensics investigation domain (Section 2). In particular,
we present both sides of an apparent impasse: individual and organizational rights on the
one hand, and forensics investigation capabilitiesontheother.Wearguefortheneedto
home in on an elusive “sweet spot,”which maximizes utility for stakeholders on both sides
JIC
21,2
258
of the metaphorical tug-of-war. Section 2 ends with a road map outlining the rest of the
paper, which presents the perspectives of digital forensics investigations (Section 3), and
those of individuals and organizations (Section 4). Principle lists of basic privacy,
intellectual capital, investigation guidelines and ethical principles are derived from the
research literature and enumerated for subsequent use in deriving the framework.
Section 5 then compiles a set of ethical principles which can guide and inform digital
forensics inves tigations. Section 6 discussesthe tensions between thetwo somewhat opposing
perspectives. Section 7 brings all the new insights together to propose a privacy-respecting
framework that balances these tensions, in effect driving us towards the “sweet spot”we
proposein Section 2. The frameworkincorporates eightforensic investigationstages, which are
mapped ontothe listed ethical principlesas well as the challenges constitutedby “dark clouds”
caused by the emergence of modern privacy-protecting technologies.
Section 7 details our expert evaluation of the framework, in two phases, and presents the
final PRECEPT framework. Section 8 concludes.
The contributions of this paper are threefold: First, we apply justice theory to the field of
digital forensics investigations. Second, we propose a set of eleven ethical principles to
inform digital forensics investigations. Third, we provide an ethically informed privacy-
respecting digital investigation framework that was subjected to expert review as a remedy
in terms of introducing a sense of equality and justice into this domain.
2. Current state of play
Technology has changed our lives, mostly for the better. Yet there are undeniably those who
elect to use computing power for nefarious purposes. When their activities come to light, law
enforcement seizes devices for analysis by forensics experts. Forensics investigations in the
physical realm have a long and illustrious history (Locard, 1904); digital forensics emerged
much later in response to the rising incidence of cybercrime.
Computer forensic evidence has been used since the mid-1990s in the UK, although
there was “ad hoc”use of computer evidence in the decade before that (Swarb.co.uk,
2019). The first forensic computing company, AccessData, was established in the late
1980s. In the UK, a fraud case in the Northumbria Police region in 1994 was one of the
first to use computer evidence (Turner, 1994). The UK’s Association of Chief Police
Officers (ACPO) produced their first set of guidelines for dealing with computer evidence
in 1996, contributing towards a more structured approach to gathering computer
evidence[1]. Rigorous forensics procedures became established, almost organically, and
were quickly adopted by forensics investigators (McKemmish, 1999). Universities in the
UK started to consider cybercrime in ethics modules in the late 1990s, which then led to
the consideration of digital evidence both withineducationandbycrimeinvestigations.
This, in turn, led to the development of specialist modules, and programs in Computer
Forensics and Ethical Hacking were established in the late 1990s/early 2000s (Lemos,
2007). Although it would appear that computer forensics has been established for a
number of years, it remains a relatively new field, as compared to other kinds of
Intellectual Capital
Principles
Criminal
Investigation
Needs PRECEPT:
Privacy-Respecting
Privacy-
Respecting Digital Forensics
Investigation
Framework
Framework
Proposal
Forensics
Forensics Investigation
Investigations Guidelines
Ethical
Principles
Privacy Principles
Privacy&
Disclosure
Rights
Tensions
Evaluation & Refined Framework
§7:
§6§5
§4
§3
Figure 1.
The derivation of the
ethical framework
(Section numbers
indicated within the
diagram)
PRECEPT
259
To continue reading
Request your trial