Mobile devices have become very popular, and virtually everyone owns a smart
device. As more employees became owners of smart devices, the organisations were put under pressure to allow employees to use their smart devices for work purposes, or alternatively provide employees with smart devices.
Most organisations opted for a Bring Your Own Device policy, where employees
use their own smart devices for work purposes, with the organisation reimbursing
some of the costs. Adopting such a policy introduced risks into the organisations,
since the organisations do not own and do not have direct control over employees' personal devices.
One of the most widely used solutions to this problem is Mobile Device Management (MDM) software, which is installed on employees' devices and prevent them from taking actions that may be harmful to the organisation.
This leads us to the problem statement of this research. Since MDM systems are
purely preventative and devices are not owned by the organisation, it is expensive
and sometimes impossible for organisations to retrieve potential evidence from the devices when an incident occurs.
This research proposes a model to solve this problem by introducing a digital
forensic readiness component into an MDM system. Adding digital forensic readiness to an existing MDM solution reduces costs by collecting evidence when suspicious activity is detected, reducing investigation times and legal costs involved in collecting evidence.
A prototype was created to show that the proposed model could be implemented
in practice. The prototype shows how this solution can be utilised to collect data
from devices and utilise it in an investigation.
Finally, the research and prototype are critically evaluated, and the bene ts and
shortcomings of such a solution are presented. The author also addresses privacy
concerns arising from the data collection component.