Digital Forensic Readiness in Mobile Device Management Systems

Abstract

Mobile devices have become very popular, and virtually everyone owns a smart device. As more employees became owners of smart devices, the organisations were put under pressure to allow employees to use their smart devices for work purposes, or alternatively provide employees with smart devices. Most organisations opted for a Bring Your Own Device policy, where employees use their own smart devices for work purposes, with the organisation reimbursing some of the costs. Adopting such a policy introduced risks into the organisations, since the organisations do not own and do not have direct control over employees' personal devices. One of the most widely used solutions to this problem is Mobile Device Management (MDM) software, which is installed on employees' devices and prevent them from taking actions that may be harmful to the organisation. This leads us to the problem statement of this research. Since MDM systems are purely preventative and devices are not owned by the organisation, it is expensive and sometimes impossible for organisations to retrieve potential evidence from the devices when an incident occurs. This research proposes a model to solve this problem by introducing a digital forensic readiness component into an MDM system. Adding digital forensic readiness to an existing MDM solution reduces costs by collecting evidence when suspicious activity is detected, reducing investigation times and legal costs involved in collecting evidence. A prototype was created to show that the proposed model could be implemented in practice. The prototype shows how this solution can be utilised to collect data from devices and utilise it in an investigation. Finally, the research and prototype are critically evaluated, and the bene ts and shortcomings of such a solution are presented. The author also addresses privacy concerns arising from the data collection component.