Abstract
This paper suggests that administrators form a new way of conceptualizing evidence collection across an intranet based on a model consisting of linked audit logs. This methodology enables the establishment of a chain of evidence that is especially useful across a corporate intranet environment. Administrators are encouraged to plan event configuration such that audit logs provide complementary information across the intranet. Critical factors that determine the quality of evidence are also discussed and some limitations of the model are highlighted.
Recommended Citation
Admad, Atif, "The Forensic Chain-of-Evidence Model: Improving the Process of Evidence Collection in Incident Handling Procedures" (2002). PACIS 2002 Proceedings. 61.
https://aisel.aisnet.org/pacis2002/61