Information forensics

Information Forensics is the science of investigation into systemic processes that produce information. Systemic processes utilize primarily computing and communication technologies to capture, treat, store and transmit data. Manual processes complement technology systems at every stage of system processes; e.g. from data entry to verification of computations, and management of communications to backing-up information reports. In context, both technology and manual systems, with systemic processes that are either proprietary by design or evolved inconsequentially, constitute the enterprise Information System. The complexity of enterprise business systems, in particular those augmented with technology and legacy systems, often are susceptible to fraud, abuse, mistakes, and sabotage.

Information forensic investigation dwells into the aspects of creation, operation and evolution of the enterprise information system. Specifically, investigation focuses on causal factors and processes that govern the life cycle implementation of such systems. Forensic investigation may be initiated when a system is suspect or compromised; generally, investigation occurs when a system fails. Investigations normally concentrate on specific problem areas or components of a system; the intricacies of business systems, costs and resources available, often preclude detailed examination of the whole information system. Nevertheless, bringing about scientific examination of facts when problems occur is not only prudent, but necessary for the court of law. The methodological approach to investigation at present is the subject of research interest and topical development.

The following discourse highlights some of the issues in Information Forensics that includes:
* Adherence to conventions
* Dealing with parties of interest
* Technology and systems design

Investigation Concerns

Investigations characteristically seek to identify the perpetrators, uncover the processes that lead to the creation of the system in question, and understand the operational or systemic processes on information that resulted in the problem, i.e., to clarify and document the erroneous processes. Investigation may distinguish the causes of failures that include fraudulent intent, negligence, abuse of power, sabotage and terror. Problems that warrant forensic investigations normally are catastrophic system failures, but also include doubtful system operations, anomalous events or just exceptional investigations on matters of compliance.

The design of the system in its entirety or in parts, and the modification of the system either through amendments of existing design or inclusion of new system modules in all sorts of manner, are considered vulnerable phases of systems development. In spite of regulatory constraints, stringent checks, standardization, proven methods, professional edicts, assurance contracts, and other forms of preventive measures, systems continue to fail.

A widely speculated accusation of common causes of failure of typically in-house developed information systems is due to the unwarranted influence of certain system users with vested interests. Systems development processes are often swayed to implement deliberated functions to serve the needs of such users. A form of abuse.

"Abuse of Power". Strategic exploitation of information is recognized as a source of influence. The manner of how information is acquired, processed and used, gives rise to power. The process as a whole in particular is of interest to information investigators. In order to fully comprehend technology and information systems that afford power play, investigators must be well versed in disciplines that include psychology, sociology, ethnicity, linguistics, and organizations. Other fields of interest include ethics, theology and beliefs, epistemology, knowledge engineering, and knowledge management. Some aspects of technical consideration, specifically in the field of Information Systems, broadly include close examination of systems development processes i.e. applied standards and models, the system or business processes, and the information or business domain itself.

takeholders of Information and Systems

Stakeholders of information and owners of information systems typically by and large are converged at certain geographical locations, bound by local legislations, professionalism and customary norms. Their action upon information at their disposal and control of their systems however affect a greater multitude of users, many whom are from elsewhere and practice differing norms. What is acceptable, as permissible practices in dealing with information and information systems, may be perceived even established legally as forbidden by others.

Information Users

Users are the target of information propagation and generally considered victims of circumstances. However, users are also benefactors in the manipulation of business information. Users too, are stakeholders of information.

Manipulation and consumption of information involve the intervention of information stakeholders at every stage of the information value chain. Two channels of control (generally) run parallel alongside information processes, one shapes the other regulates the information system.

Information Processes

Information system processes are essentially viewed as a black box of algorithms and procedures, proprietary and never disclosed. This notion brings about conflicting arguments and questions on the intentions, implementation and operations of certain information systems.

Investigation of information processes emphasises examination of the following, categorically:
# Development approach to the creation of information processes or systems.
# Information process itself, e.g. functions, procedures, etc.
# Interaction of processes within a "system".
# Interaction of processes among "systems".
# "the business context".
# "the local environment".

Technology Systems

Legacy systems are generally designed to serve the businesses they are commissioned for. And not intended to trace the development of the system itself, which if ever done is performed by another system.

Technology systems in itself enable investigators to gather facts of misdeed, though with some difficulties.

Methods and Standards

Established standards govern the creation, modification, operation and retirement of information systems. Standard methods however are commonly adapted and modified to suit local or specific requirements. The prerogative of how standards are actually implemented rests entirely with the stakeholders of the system in question. Contractors too have a role to play. What really transpires in the process of development is transparent and will never be known; yet investigators need to uncover the facts. Although contracts are used to define and measure means and deliverables, the actual approach to resolution is often ignored so long as business objectives are met.

Legal action requires comprehensive explanation and understanding of probable causes and effects of a forensic situation. In this arena, information management across a multitude of people and systems is vastly differentiated, necessitates investigators to possess the appropriate knowledge and understanding of how information resources interact to investigate effectively. The lack of formal expository methods makes this new field rather desirable.

Application of Information Forensics

Some examples of specific application of the science of information forensics in a systemic context include the following:
* Bioinformatics
* Cryptography, see Cryptographic engineering
* Information systems forensics
* Information traversing Pervasive systems
* Information traversing Ubiquitous networks and computing environments
* Intelligence, Command channels
* Musicology, in Music business
* Review of compliance
* Theological research
* Trace, Information trace

What is and is Not Information Forensics

Information forensics encompasses information systems forensics and computer forensics. Information forensics deals with system processes, human factors, and applied methodologies and standards. Arguably information forensics concerns the use of technology, formal methods, and implicating factors which are largely human in nature.

In fundamental research, information forensics examines the extraction and analysis of information for security applications ("IEEE SPS"). Fundamental areas of interest include attack models, cryptanalysis, steganalysis, steganography; audio engineering, authentication, human identification, performance metrics, signal classification, surveillance, transaction tracking, etc.

Other Sources of Reading

* [http://www.forensics.nl/presentations Forensic Presentations]
* [http://www.iisfa.org on Information Systems Forensics (need to register)]
* [http://www.ieee.org/organizations/society/sp/tifsedics.html IEEE Editors' Information Classification] : Signal Processing Society on Information Forensics
* [http://www.issa.org/aboutissa.html Information Systems Security Association] for information security professionals and practitioners
* [http://www.forensic.gov.uk/forensic_t/index.htm UK The Forensic Science Service]
* [http://www.afosr.af.mil/ResearchPrograms/information_forensics.htm US AFOSR Mathematics and Information Sciences] for thoughts on application in defense
* [http://www.ncjrs.org/pdffiles1/nij/sl000683.pdf US NIJ General forensics research and development]
* [http://www.computerforensicsworld.com Computer Forensics World]
* [http://www.t3i.com/services/Information-Forensics/forensics-terms.asp Information Forensics - Terms & Definitions]