Contributions to Proceedings:
S. Schrittwieser, P. Kieseberg, E. Weippl:
"Digital Forensics for Enterprise Rights Management Systems";
in: "Proceedings of the 14th International Conference on Information Integration and Web-based Applications & Services (iiWAS)",
Digital forensics is the application of techniques to recover, reconstruct and analyze data from a computer or a similar system in order to gather digital evidence (e.g. on a suspicious employee or for law enforcement). Guidelines and standards for forensic investigations exist (e.g. NIST SP800-86), but do not cover Enterprise Rights Management (ERM), where data is usually encrypted and therefore inaccessible without knowing the cryptographic key. This paper explores forensic techniques for ERM systems and develops application specific guidelines for forensic investigations target- ing Microsoft Active Directory Rights Management Services (RMS) and Adobe LiveCycle Rights Management. Moreover, we illustrate the important role of database forensics for investigations in ERM systems and finally show that with Microsoft´s ERM solution no secure, centrally-managed re- vocation of specific documents in order to prevent digital forensics is feasible.
digital forensics, enterprise rights management, revocation, databases
Created from the Publication Database of the Vienna University of Technology.