Formalization of the processing of electronic traces
Although the traditional way to mitigate malicious incidents in real Information Systems (IS) of organizations was essentially internal, it is now more and more frequent to see criminal investigation taking place. For different reasons that will be exposed in this text, a better collaboration between forensic investigators and IS managers has to be reached, and it can be done through an approach that could and should benefit both sides. The article will see in the first part what are the relevant problematics, then will propose some possible solutions, before describing which rewards can be effectively earned by IS managers that would have implemented such solutions in their systems. It will involve in particular, the formal description of the processes of management and handling of computer related traces, to make them simultaneously compliant with investigation constraints and security management needs. It will also describe what could be a formal process of selecting which computer related traces are the most useful to both activities (investigation and security management). This selection should be done in order to avoid information overload, and resources consumption that could be caused by the storing of all computer related traces generated by an IS.