| dc.description.abstract | Enterprises are confronted with regulations, such as Sarbanes-Oxley Act and the new Personal Privacy law in Taiwan, as well as the requirement of increasing R&D investment in product innovation. In order to protect the confidential financial, personal and R&D information, multinational companies and government agencies, with growing attacks by hackers, all have to re-examine their internal network security for the protection of confidential information, e.g. evaluating data encryption technology to prevent information leakage. Moreover, the government and businesses have realized the importance of digital forensics in recent years. They need to have such capabilities as knowing when and how a hacking event happened, its impact and damage and what immediate and long-term solutions to take.
In this study, MS-Windows 7 operating system was used as the research platform, on which traces of data leakage cases were analyzed by various digital forensics tools. By collecting and analyzing evidences from different sources with time stamped, this study was able to validate the forensics results and make recommendations for information security departments of the government and business organizations.
It is found that the time related records of files contained in the operating system are not enough to put all relevant, indirect evidences together. The research recommends the organizations, depending on their needs, can enable related audit trails or adopt commercial security products, recognized by international courts, for more solid evidence establishment. | en_US |