Conference
Audience
Focus
Call for Papers
Author Instructions
Committee
Keynote
Speakers / Schedule
Venue / Hotel
Registration
Affiliates / Sponsors
Links
Contacts
Proceedings 2009
Proceedings 2008
Proceedings 2007
Proceedings 2006

 

    

Network Forensic Investigation of Internal Misuse/Crime
in Saudi Arabia: A Hacking Case

 

Abdulrazaq Al-Murjan
Information Security Research Group
Faculty of Advanced Technology
University of Glamorgan
Pontpridd, Wales, UK
Aalmurja@glam.ac.uk

Konstantinos Xynos
Information Security Research Group
Faculty of Advanced Technology
University of Glamorgan
Pontpridd, Wales, UK
kxynos@glam.ac.uk
 

ABSTRACT

 

There are ad-hoc guidelines and a limited policy on computer incident response that does not include computer forensic preparation procedures (e.g. logging incidents). In addition, these guidelines do not consider the requirement of Islamic law for admissible evidence at an organisational level in Saudi Arabia. Network forensic investigation might breach the Saudi law if they follow ad-hoc or international digital forensic standards such as Association of Chief Police Officers (ACPO) guidelines. This might put the organisation in a costly situation when a malicious employee sues an Islamic court. This is because the law of Saudi Arabia is complying with Islamic (Al Sharia) law. Network forensic investigators should comprehend Islamic legal requirements for admissible evidence such as privacy of a suspect, integrity and availability of evidence. These legal requirements should be translated into information technology to conduct the processes of digital forensic. These processes include searching for, collecting, preserving and presenting electronic evidence in an Islamic court. Although insider abuse/crime have not been usually reported to the law enforcement in Saudi Arabia, a hacking case is provided and examined in order to highlight shortcomings for producing e-evidence at an organisational level in Saudi Arabia. Furthermore, this case shows that there is a conflict between the technical (ad-hoc) process of collecting e-evidence which has been followed at an organisational level by network forensic investigators and the main principle of forensic procedure in Saudi Arabia. It also illustrates that there is no technical investigative standard for digital evidence. Moreover, this research addresses these issues by proposing a technical investigative standard for digital evidence. As a result of this standard, network forensic investigation is able to produce e-evidence with respect to the principles of forensic procedure in Saudi Arabia.
 

Keywords: Internal threats, malicious insider, network forensic investigation, hacking, formal controls for digital forensics, technical controls for digital forensics, informal controls for digital forensics, forensic procedure in Saudi Arabia

 

 

  
 
   

Copyright © 2010 Association of Digital Forensics, Security and Law (ADFSL)