Communications of the ACM - Digital rights management
Security architectures for controlled digital information dissemination
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
Mesmerize: an open framework for enterprise security management
ACSW Frontiers '04 Proceedings of the second workshop on Australasian information security, Data Mining and Web Intelligence, and Software Internationalisation - Volume 32
The advent of trusted computing: implications for digital forensics
Proceedings of the 2006 ACM symposium on Applied computing
The impact of full disk encryption on digital forensics
ACM SIGOPS Operating Systems Review
Usage Control Enforcement: Present and Future
IEEE Security and Privacy
SQL Server Forensic Analysis
SP'04 Proceedings of the 12th international conference on Security Protocols
SP 800-86. Guide to Integrating Forensic Techniques into Incident Response
SP 800-86. Guide to Integrating Forensic Techniques into Incident Response
On metadata context in Database Forensics
Digital Investigation: The International Journal of Digital Forensics & Incident Response
InnoDB Database Forensics: Reconstructing Data Manipulation Queries from Redo Logs
ARES '12 Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security
Hi-index | 0.00 |
Digital forensics is the application of techniques to recover, reconstruct and analyze data from a computer or a similar system in order to gather digital evidence (e.g. on a suspicious employee or for law enforcement). Guidelines and standards for forensic investigations exist (e.g. NIST SP800-86), but do not cover Enterprise Rights Management (ERM), where data is usually encrypted and therefore inaccessible without knowing the cryptographic key. This paper explores forensic techniques for ERM systems and develops application specific guidelines for forensic investigations targeting Microsoft Active Directory Rights Management Services (RMS) and Adobe LiveCycle Rights Management. Moreover, we illustrate the important role of database forensics for investigations in ERM systems and finally show that with Microsoft's ERM solution no secure, centrally-managed revocation of specific documents in order to prevent digital forensics is feasible.