Designing A Byod Real-Time Forensic Investigation Framework For Data Leakage Through Mobile Devices

ABSTRACT

Global digitalisation has perpetuated the use of mobile devices for both personal and workrelated activities. As such, some African organisations have been allowing their employees to utilise their personally owned mobile devices to carry out work-related activities all in the name of convenience, reliability, mobility, and reduced maintenance costs. The Directorate on Corruption and Economic Offenses (DCEO), being an anti-corruption agency in Lesotho is embracing the BYOD benefits. However, a couple of challenges have been recorded through an interview with its employees. Yet still, the DCEO’s employees in different departments are relishing the benefits of the Bring Your Own Device (BYOD) phenomenon as employees can telework, access, and respond to their work emails within a pocket’s reach. These mobile devices can work exactly as the traditional laptops and the desktops and that capability has fuelled their predominant use. Considering the type of sensitive information that the DCEO works with, it was interesting in the present study to know whether the agency is maintaining its data security as the very same perpetual utilisation of personally owned mobile devices has resulted in mobile devices to be the number one target for hackers as well as their use by internal employees to commit cybercrimes. Their mobility and Internet connection capabilities make them lucrative to attacks. The use of personally owned mobile devices has also proven to be a challenge for the IT department at the DCEO and the digital forensic investigators as there has been little knowledge on the BYOD security; the legislative and also the law side on how to handle digital forensic investigations of personally owned mobile devices that are used to perform workrelated activities in the event of a breach. Thus, the study aimed to design a real-time forensic investigation framework that could assist the DCEO with proper deployment, management of BYOD adoption, and real-time digital forensics investigation of data leakage through personally owned mobile devices. The study followed a mixed-method research approach where a single case study was conducted and this was complemented with an experiment. This pragmatic study enabled v the researcher to gather primary data using interviews, questionnaires, and experimentation. Thematic data analyses were used to make meaning of the interview and survey data, and the case site results demonstrated a lack of information security awareness, training, and education; lack of a Bring your Own Device policy; lack of infrastructure, and lack IT security governance. The results revealed that android mobile devices are the most used by DCEO employees for work-related activities. The experimentation was then conducted on android mobile devices to ascertain the existence of data leakage. The results revealed the challenges of using personally owned android mobile devices to access corporate data and other resources. The findings were validated using literature and thus informed the design of the Real-Time BYOD Digital Forensic Investigation Framework. A comparative evaluation was used to evaluate the relevancy and usability of the framework. To confirm its relevancy, usability and suitability expert reviews were employed against set metrics which assisted in redefining the framework components and structure, thus enhancing the framework’s ability to attaining the research objectives. The proposed Real-Time BYOD Digital Forensic Investigation Framework guides BYOD enabled organisations to investigate malicious activities committed through personally owned mobile devices. An implementation guide was also developed. This study adds to the understanding of how to securely adopt BYOD phenomena within the working environments as well as how to account for breaches that are committed through employees’ devices through organisational policies enforcement. Furthermore, the study can aid some organisations in Lesotho and other similar environments that have adopted BYOD with proper management and some understanding of how to perform internal digital forensic investigations in cases where sensitive organisational data might be leaking through their personally owned mobile devices.