Enterprise rights management (ERM) is concerned with managing and protecting data in an enterprise context. Digital forensics issues run into considerations of encryption and access protection. Existing guidelines and standards, such as National Institute of Standards and Technology (NIST) SP800-86, don’t address encrypted data where accessing the cryptographic key is essential. After exploring digital forensics for ERM systems in general, the authors present “specific guidelines for forensic investigations targeting Microsoft Active Directory Rights Management Services (RMS) and Adobe LiveCycle Rights Management.”

After setting the tone in an introductory section, the authors consider related work before giving the problem description and methodology of investigation, including details of two products in common use. Research results and database forensics follow, and a proposed set of ERM forensics guidelines is presented. The concluding section summarizes both the findings of the paper and emerging issues that will influence both digital forensics and the ERM domain.

There are three primary contributions of the paper. First, the authors analyze digital forensics in ERM as commonly practiced. Second, the paper notes that strict central control of access can have unexpected consequences on ERM. Third, it shows that ERM forensics is bound tightly to database forensics, and that recovery of targeted information may be accomplished on the database side even if access through ERM is no longer possible. Important in this paper and for future work is the notion of anti-forensics, which involves eliminating data that is no longer legally required to be available. Overall, this provides ERM architectures with the opportunity to become more trustworthy.