Digital forensics for enterprise rights management systems

Authors:
Sebastian Schrittwieser;Peter Kieseberg;Edgar Weippl
Affiliations:
Vienna University of Technology, Vienna, Austria;SBA Research, Vienna, Austria;SBA Research, Vienna, Austria
Venue:
Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services
Year:
2012

Citing 11
Cited 0

DRM and privacy

Communications of the ACM - Digital rights management
Security architectures for controlled digital information dissemination

ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Mesmerize: an open framework for enterprise security management

ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
The advent of trusted computing: implications for digital forensics

Proceedings of the 2006 ACM symposium on Applied computing
The impact of full disk encryption on digital forensics

ACM SIGOPS Operating Systems Review
Usage Control Enforcement: Present and Future

IEEE Security and Privacy
SQL Server Forensic Analysis

SQL Server Forensic Analysis
Last orders

SP'04 Proceedings of the 12th international conference on Security Protocols
SP 800-86. Guide to Integrating Forensic Techniques into Incident Response

SP 800-86. Guide to Integrating Forensic Techniques into Incident Response
On metadata context in Database Forensics

Digital Investigation: The International Journal of Digital Forensics & Incident Response
InnoDB Database Forensics: Reconstructing Data Manipulation Queries from Redo Logs

ARES '12 Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Digital forensics is the application of techniques to recover, reconstruct and analyze data from a computer or a similar system in order to gather digital evidence (e.g. on a suspicious employee or for law enforcement). Guidelines and standards for forensic investigations exist (e.g. NIST SP800-86), but do not cover Enterprise Rights Management (ERM), where data is usually encrypted and therefore inaccessible without knowing the cryptographic key. This paper explores forensic techniques for ERM systems and develops application specific guidelines for forensic investigations targeting Microsoft Active Directory Rights Management Services (RMS) and Adobe LiveCycle Rights Management. Moreover, we illustrate the important role of database forensics for investigations in ERM systems and finally show that with Microsoft's ERM solution no secure, centrally-managed revocation of specific documents in order to prevent digital forensics is feasible.