Conference PaperPDF Available

A Framework for Cloud Forensic Readiness in Organizations

Authors:

Abstract and Figures

Many have argued that cloud computing is one of the fastest growing and most transformative technologies in the history of computing. It has radically changed the way in which information technologies can manage, access, deliver and create services. It has also brought numerous benefits to end-users and organizations. However, this rapid growth in cloud computing adoption has also seen it become a new arena for cybercrime. This has, in turn, led to new technical, legal and organizational challenges. In addition to the large number of attacks which affect cloud computing and the decentralized nature of data processing in the cloud, many concerns have been raised. One of these concerns is how to conduct a proper digital investigation in cloud environments and be ready to collect data proactively before an incident occurs in order to save time, money and effort. This paper proposes the technical, legal and organizational factors that influence digital forensic readiness for Infrastructure as a Service consumers.
Content may be subject to copyright.
A Framework for Cloud Forensic Readiness in
Organizations
Ahmed Alenezi, Raid Khalid Hussein, Robert J. Walters and Gary B. Wills
Electronics and Computer Science
University of Southampton
Southampton, UK
{aa4e15, rkh2n14, rjw5, gbw}@soton.ac.uk
Abstract—Many have argued that cloud computing is one of
the fastest growing and most transformative technologies in the
history of computing. It has radically changed the way in which
information technologies can manage, access, deliver and create
services. It has also brought numerous benefits to end-users and
organizations. However, this rapid growth in cloud computing
adoption has also seen it become a new arena for cybercrime.
This has, in turn, led to new technical, legal and organizational
challenges. In addition to the large number of attacks which
affect cloud computing and the decentralized nature of data
processing in the cloud, many concerns have been raised. One of
these concerns is how to conduct a proper digital investigation in
cloud environments and be ready to collect data proactively
before an incident occurs in order to save time, money and effort.
This paper proposes the technical, legal and organizational
factors that influence digital forensic readiness for Infrastructure
as a Service consumers.
Keywords—Digital Forensics; Cloud Computing; Cloud
Forensics; Cloud Forensic Readiness;
I.INTRODUCTION
The recent revolution in cloud computing has not only seen
it become a new paradigm in information technologies, but has
led many to view it as one of the fastest growing and most
transformative technologies in the history of computing [1]. It
has also changed the way in which information technologies
can manage, access, deliver and create services [2]. There is a
strong belief that one of the main reasons why cloud
computing is considered to be one of the fast-growing
technologies is because adopting cloud computing can reduce
IT costs and maximize operational efficiency [3,4].
However, this rapid growth in cloud computing adoption
means that cloud environments have become a new arena for
cybercrime [1]. This has, in turn, led to new technical, legal
and organizational challenges. In addition to the large number
of attacks which affect cloud computing and the decentralized
nature of data processing in the cloud, many concerns have
been raised regarding how to conduct a proper digital
investigation in cloud environments [1]. Ordinarily, if an attack
occurs, investigations must be carried out without having to
depend on a third party. However, in cloud environments this
process remains complicated, since cloud providers, which
have full power over the environment, control the sources of
evidence and consumers are still not yet capable of proactively
collecting data before an incident occurs [5]. In light of this,
being forensically ready for digital investigations would save
time and money.
According to Market Research Media [6], by 2020 it is
expected that the global cloud computing market will grow by
30% CAGR (global compound annual growth), reaching
approximately $270 billion. This estimation indicates that the
cloud computing industry is growing, as is the number of cloud
users around the world. However, this growth will also lead to
a rise in the number of cyber-attacks.
This paper attempts to understand and identify the factors
that contribute to cloud forensics readiness and how these
factors can help to achieve forensics readiness. This paper is
organized as follows: in Section II, we review the background
of digital forensics and cloud computing. In section III, we
discuss a number of valuable studies that have attempted to
investigate digital forensic readiness. In section IV, we propose
our Cloud Forensic Readiness Framework. Finally, this paper
is concluded in Section V.
II.BACK GROUND
This section assesses the research background of digital
forensics and cloud computing. Cloud computing deployment
models, service models, and their characteristics are discussed
in this section. Moreover, the field of digital forensics is
reviewed, following which there is an overview of cloud
forensics and its challenges. Finally, forensics readiness is
introduced and related work is comprehensively discussed.
A.Digital Forensics
It is believed that digital forensics, as an independent field,
was developed after the late 90s when the number of computer
crimes increased as a result of the Internet’s surging popularity
[7]. Palmer [8] was the first to define digital forensics. It can be
said that digital forensics is the process of analyzing electronic
information that is stored in one or more digital machines to
determine and reconstruct the sequence of events that lead to a
specific incident.
B.Cloud Computing
Whilst it is well-known that cloud computing, as a
technology, is not new to the field of computing, the actual
term cloud computing was only introduced to the public in
2007, when Google and IBM announced a collaboration on
cloud technologies [9]. The European Commission, Expert
2017 5th IEEE International Conference on Mobile Cloud Computing, Services, and Engineering
978-1-5090-6325-3/17 $31.00 © 2017 IEEE
DOI 10.1109/MobileCloud.2017.12
199
Group report [10] defined cloud computing as a flexible
execution environment of resources that includes a number of
stakeholders and provides measured services at various
granularities for a specified level of service.
From the user, provider, designer and architect
perspectives, we can define cloud computing as a type of both
parallel and distributed system that enables different users to
benefit from sharing various computing resources as a service.
Indeed, based on specific agreements with cloud providers,
consumers are able to adjust, upgrade or change their service
requirements at a lower cost.
The National Institute of Standards and Technology’s
(NIST) [11] description of cloud computing has been widely
accepted; indeed, NIST has clearly defined four types of cloud
deployment models, three different service models, and a
number of essential and common characteristics. Cloud
computing deployment models are classified as: Public cloud
which is commonly owned by profitable organizations that sell
services on a pay as you go basis (e.g. Google AppEngine) [3];
Private cloud, which provides services just as the public cloud
does and can be managed by a third party but used only by one
organization for specific usage (e.g. Microsoft Private Cloud)
[11]; Hybrid cloud is a mix of public and private clouds which
gives consumers more flexibility than private and public clouds
(e.g. VMware Hybrid Cloud) [12]; Community cloud shares the
same infrastructures among a number of users in various
organizations who share the same needs [13]. In contrast, cloud
service models are classified as: Software as a Service (SaaS)
which allows only cloud end-users to utilize cloud services
over the Internet (e.g. GoogleApps) [11]; In Platform as a
Service (PaaS) model, with which users can deploy and
manage their own application in the cloud (e.g. Microsoft
Azure) [14]; Infrastructure as a Service (IaaS), whereby users
can manage the applications, storages and the operating system
but have less control over the network (e.g. Amazon Web
Services AWS) [11].
C.Cloud Forensics
Cloud computing environments have become an attractive
battleground for cybercrime in the last few years. Cloud
forensics was defined by NIST [15] as "the application of
scientific principles, technological practices and derived and
proven methods to reconstruct past cloud computing events
through identification, collection, preservation, examination,
interpretation and reporting of digital evidence”. Whilst in
conventional digital forensics it is possible for investigators to
collect evidence and isolate targeted systems, in cloud
environments many new challenges are faced, such as:
unknown physical location, inaccessibility, multi-tenancy and
multi-jurisdiction. In 2011, Ruan [1] was the first researcher to
introduce the term Cloud Forensics. Indeed, she introduced
technical, organizational and legal cloud forensics dimensional
models, as well as their challenges. Furthermore, NIST [15]
aggregated a list of 65 challenges for cloud forensics.
The numerous challenges that exist in cloud forensics have
motivated many organizations to overcome these issues by
being forensically ready to undertake digital investigation in
cloud environments, which will be introduced in the following
section.
D.Cloud ForensicsReadiness
The increased number of security breaches in cloud
environments has shown many organizations how severe the
need for Cloud Forensics Readiness is [16]. Indeed, a recent
cloud forensics survey [17] revealed that more than 80% of the
respondents who were familiar with digital forensics expressed
the need for “a procedure and a set of toolkits to proactively
collect forensic-relevant data in the cloud is important”. In
order for any system to be forensically ready, two main
objectives must be satisfied: maximizing the ability to acquire
digital evidence, and reducing the costs of any digital forensics
investigations [18]. Consequently, cloud forensics readiness
can be identified as a mechanism aimed at reducing the cost of
carrying out an investigation in a cloud environment by
providing any relevant information needed before setting up
the investigation.
III.RELATED WORK
A number of valuable studies have attempted to investigate
digital forensic readiness, and these will be discussed below:
Grobler et al. [19] identified certain goals and steps of
proactive digital forensics, and six various dimensions of
digital forensics. They proposed a theoretical digital forensics
framework that can guide organizations in implementing
proactive forensics. Moreover, Elyas et al. [20,21] developed a
conceptual framework by identifying factors that can
contribute to achieving forensic readiness in an organization.
Valjarevic and Venter [22] proposed implementation
guidelines for a harmonized Digital Forensic Investigation
Readiness Process (DFIRP) model that consists of three
readiness processes (planning, implementation and
assessment); this model was then added to ISO/IEC 27043,
2014. The proposed guidelines can help to implement digital
forensic readiness measures in various organizations, thus
resulting in effective and efficient digital forensics
investigations that provide courts with admissible digital
evidence.
Certain papers have highlighted the need for new tools and
digital forensics techniques to investigate anti-forensics
methods; these papers have also provided an automation of live
investigations. Moreover, a systematic literature review was
undertaken by Alharbi [23] in order to identify and map out the
existing processes in the digital forensics literature. The review
revealed only one process that supports proactive forensics.
Consequently, a proactive and reactive digital forensics
functional process was proposed.
Kebande and Venter [24] propose a model designed to
achieve digital forensic readiness by implementing a Botnet as
a service in a cloud environment. The main contribution of this
model was that it transformed botnets from illegal to legal
monitoring and information capturing applications that can be
used to provide courts with admissible digital evidence.
However, this model has yet be standardized so that it can
support other proactive cloud processes.
200
Sibiya et al. [25] proposed a forensics readiness model that
can be utilized by cloud providers as a technique for digital
forensics readiness. This can help cloud providers to administer
data which are needed for potential investigations.
Nevertheless, the scope of this model is limited to examining
the readiness of data for forensic analysis in a cloud
environment.
Trenwith and Venter [26] propose a model designed to
achieve digital forensics readiness in a cloud environment. The
proposed model considers a remote and central logging facility
which accelerates data collection. However, the model also
addresses the collection of other forms of evidence which may
be needed in digital forensic investigations.
Makutsoane and Leonard [27] proposed a conceptual
framework for organizations that intend to migrate to cloud
computing. The aim was to determine the state of readiness of
Cloud Service Providers (CSPs). The proposed framework,
which includes a process tool, enables organizations to make
correct decisions and select the suitable CSPs.
Kebande and Venter [28] highlighted the needs of a cloud
environment when using a non-Malicious Botnet to be ready
for forensic investigations. These proposed requirements cover
technical, operational and legal perspectives based on the
ISO/IEC 27043:2015 standard. However, the requirements
must also be tested for effectiveness and standardized in order
to support future technologies.
A study by Moussa et al. [29] proposed a conceptual
framework designed to help IaaS consumers be forensically
ready. The framework illustrates how IaaS consumers can
collect the required digital evidence without relying on cloud
providers. The framework consists of nine components,
including the technical, legal and organizational forensic
readiness elements.
A forensic-by-design framework was proposed by Rahman
et al. [30] for Cyber-Physical Cloud Systems (CPCS). Indeed,
this framework highlighted the importance of forensic
readiness. This conceptual framework, which comprises six
factors, ensures that a CPCS is designed to ease forensic
investigations. The forensic-by-design approach can support
digital investigations by identifying and determining the source
of evidence and by accelerating said investigations.
IV.THE PROPOSED FRAMEWORK
Although a number of studies have investigated digital
forensics readiness, there remains little in the way of research
concerning digital forensics readiness in cloud environments.
As such, the aim of this research is to propose a framework to
investigate the factors that influence the readiness of
organizations to undertake cloud forensics. The proposed
framework in this research is designed to aid the investigation
of the technical, legal and organizational factors that influence
the forensics readiness of cloud computing consumers.
A.Framework Development
The framework development process, as shown in Figure 1,
is divided into two stages. During stage one, technical, legal
and organizational factors were identified from both the
academic literature review and industry standards, as illustrated
in Table 1. Following this, during stage two, the identified
factors have been evaluated and analyzed, with any
duplications removed.
Figure 1: the framework development process.
B.The proposed Cloud Forensic Readiness Framework
The proposed Cloud Forensic Readiness framework, as
illustrated in Figure 2, includes three categories: technical,
legal and organizational factors. These factors are discussed
below:
1)Technical Factors
The technical factors describe the technological aspects
that influence forensic readiness in cloud
environments.
Cloud infrastructure: preparing the underlying
infrastructure to support digital forensics
investigations. Infrastructure preparation includes
networking, system and laboratory.
Cloud architecture: the system architecture must be
designed in a specific way so as to increase its
forensics capabilities, which results in the obtaining
of admissible digital evidence.
201
Forensic technologies: these include specialized
forensic software or tools which are vital when it
comes to collecting evidence in any digital
investigation. It can be difficult to conduct a digital
investigation without proper technology, and as a
result these technologies should be reliable and
accurate in order to provide admissible evidence.
Cloud security: security programs are utilized in the
digital forensics field as a trigger alarm. Thus, in
order to conduct a digital investigation, incidents
must first be detected by a monitor system in a
timely manner. This can be achieved by using
various technologies such as Intrusion Detection
Systems (IDS), as well as Anti-virus and Anti-
Spyware technology.
2)Legal Factors
legal factors include the aspects that are related to
agreements between consumers and providers, multi-
jurisdictions and regulatory authorities.
Service Level Agreement (SLA): a contract between a
cloud service provider (CSPs) and customers that
documents what services the provider will offer,
including forensics investigations. The SLA should
clearly specify CSP and customers’ responsibilities
associated with forensic investigations.
Regulatory: adherence to laws and regulations, such
as admissibility of digital evidence in court and the
chain of custody.
Jurisdiction: judicial region. Since CSPs may provide
cloud services from another region or area, it is
necessary for organizations to determine the judicial
regions, if any, and consider all multi-jurisdictions.
3)Organizational Factors
The organizational factors illustrate the characteristics
of an organization and its employees that can facilitate
cloud forensic readiness.
Management support: refers to the top management
level of an organization’s support structure – the
structure which helps the organization to become
forensically ready. This includes authorization,
decision making, funding, etc.
Readiness strategy: an organization’s plan to achieve
forensics readiness. Generally speaking, the strategy
pertains to how the readiness would work. This
includes identifying hypothetical scenarios, possible
evidence sources, and budget planning.
Governance: concerns about the implementation of
cloud forensics readiness in an organization. This
includes managing procedures and responsibilities
in order to collect evidence and attain a successful
forensic investigation.
Culture: the pattern of beliefs, values, assumptions
and practices that have a direct impact on the
implementation of digital forensics. Understanding
culture before implementing digital forensics is very
important, as it leads to successful potential
forensics investigations.
Training: the provision of training programs to
technical staff and awareness programs to non-
technical staff on forensics best practices.
Procedures: a number of guidelines, procedures and
instructions designed to guide the digital forensics
investigations. These include proactive and reactive
forensic procedures.
Figure 2: Cloud Forensic Readiness Framework.
Technical
Factors
Cloud
infrastructure
Cloud
architecture
Forensic
technologies
Cloud security
Organizational
Factors
Management
support
Readiness
strategy
Governance
Culture
Training
Procedures
Legal Factors
Service Level
Agreements
(SLA)
Regulatory
Jurisdiction
Cloud Forensic
Readiness
202
Table 1: Forensic readiness factors mapped to the literature.
V.CONCLUSION AND FUTURE WORK
The increased usage of cloud services brings with it a
growth in the number of potential cyber threats. This has given
rise to many new technical, legal and organizational challenges
for digital investigations. As such, cloud forensics should
certainly not be considered an afterthought. Although cloud
environments have become an attractive battleground for
cybercrime, there is little in the way of research concerning
forensics readiness in cloud environments. This paper has
proposed a framework through which to identify the key
technical, legal and organizational factors that influence the
forensic readiness of organizations using cloud services. With
regard to future work, the framework will be validated and
confirmed by cloud forensics experts and a survey will be
distributed to a number of practitioners.
REFERENCES
[1]K. Ruan, J. Carthy, T. Kechadi, and M. Crosbie, “Cloud Forensics: An
Overview,” IFIP Conference on Digital Forensics, pp. 35–46, 2011.
[2]R. Buyya, C. S. Yeo, S. Venugopal, J. Broberg, and I. Brandic, “Cloud
computing and emerging IT platforms: Vision, hype, and reality for
delivering computing as the 5th utility,” Future Generation Computer
Systems, vol. 25, no. 6, pp. 599–616, 2009.
[3]A. Alharthi, M. O. Alassafi, R. J. Walters, and G. B. Wills, “An
exploratory study for investigating the critical success factors for cloud
migration in the Saudi Arabian higher education context,” Telematics
and Informatics, vol. 34, no. 2, pp. 664–678, 2016.
[4]M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski,
G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A view of
cloud computing,” Communications of the ACM, vol. 53, no. 4, pp. 50–
58, 2010.
[5]L. Marco, M.-T. Kechadi, and F. Ferrucci, “Cloud Forensic Readiness:
Foundations,” International Conference on Digital Forensics and Cyber
Crime, pp. 237–244, 2013.
[6]“MARKET RESEARCH MEDIA,” MARKET RESEARCH MEDIA,
2016. [Online]. Available:
http://www.marketresearchmedia.com/?p=839. [Accessed: 16-Jul-2016].
[7]S. Raghavan, “Digital forensic research: current state of the art,” CSI
Transactions on ICT, vol. 1, no. 1, pp. 91–114, 2013.
[8]G. Palmer, “A Road Map for Digital Forensic Research,” First Digital
Forensic Research Workshop, pp. 1–42, 2001.
[9]M. A. Vouk, “Cloud computing–Issues, research and implementations,”
Journal of Computing and Information Technology, vol. 16, no. 4, pp.
31–40, 2008.
[10]L. Schubert, K. Jeffery, and B. Neidecker-Lutz, “The future of cloud
computing, opportunities for European Cloud computing beyond 2010.,”
European Commission Information and Society Media - Expert Group
Report, 2010.
[11]P. Mell and T. Grance, “The NIST Definition of Cloud Computing,”
2011.
[12]Q. Zhang, L. Cheng, and R. Boutaba, “Cloud computing: State-of-the-
art and research challenges,” Journal of Internet Services and
Applications, vol. 1, no. 1, pp. 7–18, 2010.
[13]F. Liu, J. Tong, J. Mao, R. Bohn, J. Messina, L. Badger, and D. Leaf,
“NIST Cloud Computing Reference Architecture,” NIST Special
Publication 500-292, vol. 292, no. 9, p. 35, 2011.
[14]I. Foster, Y. Zhao, I. Raicu, and S. Lu, “Cloud computing and grid
computing 360-degree compared,” Proceedings of the Grid Computing
Environments Workshop, pp. 1–10, 2008.
12#4
-/$,0("0$ #(,$00 "1-/0
$"',(" * "1-/0
$& * "1-/0
/& ,(5 1(-, * "1-/0
,%/ 01/2"12/$
/"'(1$"12/$
$"',-*-&($0
$"2/(14

$&2* 1-/4
2/(0#("1(-,
 , &$+$,1
02..-/1
1/ 1$&4
-3$/, ,"$
2*12/$
/ (,(,&
./-"$#2/$
/-!*$/$1
* 6 6   6 6 6 6 6 6
*4 0$1 *
 6666666
*4 0$1 *
 6 6 6   6 6 6 6 6
(!(4 $1 *
 6 6 6 
 )210- ,$
$-, /#

6  6 6 6 6
$! ,#$
$,1$/ 6666
-200 $1
* 6 6  6 6 6 6 6
! '+ ,
$1 * 6 6 6  6 6 6
 66
 6 6 6 6 6 6
 6  6 6 6
 6 6  6 6
203
[15]NIST Cloud Computing Forensic Science Working Group. (Draft
NISTIR 8006), “NIST Cloud Computing Forensic Science Challenges,”
2014.
[16]M. Hewling, “DIGITAL FORENSICS: AN INTEGRATED
APPROACH FOR THE INVESTIGATION OF CYBER/COMPUTER
RELATED CRIMES,” 2013.
[17]K. Ruan, I. Baggili, J. Carthy, and T. Kechadi, “Survey on Cloud
Forensics and Critical Criteria for Cloud Forensic Capability : A
Preliminary Analysis,” ADFSL Conference on Digital Forensics,
Security and Law, pp. 55–70, 2011.
[18]J. Tan, “Forensic Readiness,” 2001.
[19]C. P. Grobler, C. P. Louwrens, and S. H. Von Solms, “A framework to
guide the implementation of proactive digital forensics in
organizations,” Availability, Reliability, and Security, 2010. ARES ’10
International Conference, pp. 677–682, 2010.
[20]M. Elyas, S. B. Maynard, A. Ahmad, and A. Lonie, “Towards a
Systematic Framework for Digital Forensic Readiness,” Journal of
Computer Information Systems, vol. 54, no. 3, pp. 97–105, 2014.
[21]M. Elyas, A. Ahmad, S. B. Maynard, and A. Lonie, “Digital forensic
readiness: Expert perspectives on a theoretical framework,” Computers
and Security, vol. 52, pp. 70–89, 2015.
[22]A. Valjarevic and H. Venter, “Implementation guidelines for a
harmonised digital forensic investigation readiness process model,”
2013 Information Security for South Africa, pp. 1–9, 2013.
[23]S. Alharbi, J. Weber-Jahnke, and I. Traore, “The Proactive and Reactive
Digital Forensics Investigation Process: A Systematic Literature
Review,” International Journal of Security and Its Applications, vol. 5,
no. 4, pp. 59–72, 2011.
[24]V. R. Kebande and H. S. Venter, “A Cloud Forensic Readiness Model
Using a Botnet as a Service,” The International Conference on Digital
Security and Forensics (DigitalSec2014), pp. 23–32, 2014.
[25]G. Sibiya, T. Fogwill, H. S. Venter, and S. Ngobeni, “Digital Forensic
Readiness in a Cloud Environment,” AFRICON, IEEE, pp. 1–5, 2013.
[26]P. M. Trenwith and H. S. Venter, “Digital forensic readiness in the
cloud,” 2013 Information Security for South Africa. IEEE, 2013.
[27]M. P. Makutsoane and A. Leonard, “A conceptual framework to
determine the digital forensic readiness of a Cloud Service Provider,”
Proceedings of PICMET ’14 Conference: Portland International Center
for Management of Engineering and Technology; Infrastructure and
Service Integration, pp. 3313–3321, 2014.
[28]V. R. Kebande and H. S. Venter, “Requirements for Achieving Digital
Forensic Readiness in the Cloud Environment Using an NMB Solution,”
11th International Conference on Cyber Warfare and Security ICCWS,
2016.
[29]A. N. Moussa, N. B. Ithnin, and O. A. . Miaikil, “Conceptual forensic
readiness framework for infrastructure as a service consumers,” in
Systems, Process and Control (ICSPC), 2014 IEEE Conference, 2014,
pp. 162–167.
[30]N. H. Ab Rahman, W. B. Glisson, Y. Yang, and K.-K. R. Choo,
“Forensic-by-Design Framework for Cyber-Physical Cloud Systems,”
IEEE Cloud Computing, vol. 3, no. 1, pp. 50–59, 2016.
[31]J. Williams, “ACPO Good practice Guide for Digital Evidence.,”
Metropolitan Police Service, Association of chief police officers, GB,
2012.
[32]D. Birk and M. Panico, “Mapping the Forensic Standard ISO / IEC
27037 to Cloud Computing,” Cloud Security Alliance, no. June, pp. 1–
31, 2013.
[33]D. Liveri and C. Skouloudi, “Exploring Cloud Incidents,” The European
Network and Information Security Agency (ENISA), no. June, pp. 1–14,
2016.
[34]ISO/IEC 27043. 2015. “Information technology — Security techniques
— Incident investigation principles and processes”.
204
... For organizations to be completely forensic ready, they must ensure readiness in operational and infrastructural aspects [22,23]. Operational readiness focuses on the individuals involved in forensics, while infrastructural readiness entails the processes of ensuring that organizational data are properly stored [24,25]. The same analogies are also highlighted by Ariffin and Ahmad (2021), who mention that elements of planning, policing, preparation, and control are necessary for the improvement of organizational forensic readiness in the era of Industry 4.0. ...
Article
Full-text available
As organizations strive to be compliant in a digitally evolving world, they need to ensure that they are forensically ready. Digital forensic readiness ensures compliance in legal, regulatory, functional, and operational structures. A literature review revealed a gap in detailed and comprehensive guidance on how such readiness ought to be accomplished. This is as a result of unfamiliar concepts and terms that revolve around digital forensic readiness. This research paper highlights and elaborates on a framework that can be achieved from research within focus groups. The insights drawn from the focus groups are used to critically assess the issues affecting practitioners in achieving complete digital forensic readiness.
... Beberapa penelitian sebelumnya telah mengembangkan berbagai jenis framework untuk kebutuhan investigasi dalam bidang Digital Forensic di lingkungan komputasi awan. Penelitian tersebut antara lain seperti Conceptual Forensic Readiness Framework for Infrastructure as a Service Consumers [16]dan Forensic Readiness in Organizations [17]. Tahapan-tahapan yang terdapat dalam CFR terintegrasi yang baru ini mampu menjebatani kebutuhan legalitas dengan kesiapan forensic digital di linkungan awan namun juga memberikan tahapan detail yang diperlukan dalam sebuah pembangungan sistem kesiapan dalam sebuah organisasi. ...
Article
Full-text available
Dalam pendekatan Forensic Readiness, kesiap-siagaan insiden menjadi tujuan perusahaan ataupun organisasi dalam menghadapi insiden yang swaktu-waktu terjad. Forensic Readiness dapat terdiri dari tindakan atau langkah, teknis dan non- teknis, yang memaksimalkan kemampuan organisasi untuk menggunakan bukti digital. Sebuah Cloud Forensic Readiness Framework yang terangkai dengan baik dapat membantu mempercepat dan mempermudah dalam pengambilan keputusan yang berkenaan dengan sebuah insiden terjadi dalam lingkungan komputasi awan. Hal ini memunculkan kesempatan baru dalam kolaborasi bidang digital forensic dan komputasi awan atau cloud computing, sehingga dapat ditelaah dan diteliti solusinya dengan menganalisis berbagai sumber literature pada framework kesiapan forensik komputasi awan dan membangun framework cloud forensic readiness yang terintegrasi dalam skala institutional menggunakan metode composite logic. Dengan kelengkapan tahapan framework kesiapan yang dirancang diharapkan dapat memudahkan para stakeholder organisasi untuk mengambil keputusan saat terjadi insiden.
... The need for a new approach to carrying out the forensic investigation of data in Cloud because of its peculiar challenges is established in literature [27]. This study proposes a framework that can be used to mitigate digital forensic investigation problems in Cloud storage and ensure proactive collection of forensically sound potential digital evidence. ...
Chapter
A conceptual intelligent framework for securing Cloud Forensic Readiness framework for a proactive collection of potential digital evidence from the Cloud and enhancing trust in chain-of-custody is presented in this paper. The complexities of Cloud technology including multitenancy and inter-jurisdictional spanning are making forensic investigation on Cloud storage difficult. The immensity of the Cloud data makes it difficult to be thoroughly searched as required for forensic investigation. Securing the integrity of digital evidence in the hands of its custodians is also important. These problems and other challenges peculiar to the Cloud call for effective solutions. Forensic readiness is used to maximize the ability to collect digital evidence and minimize the cost of forensic during an incident response investigation. Researchers have proposed different solutions to improve forensic readiness systems and make them suitable for their purposes. Preventing digital evidence in a forensic readiness system from being corrupted by its custodians is found to be open to research. A blockchain solution with crypto hash security for collaborative mutual authentication of the proactively collected data is proposed in this work. It uses the elliptic curve cryptography algorithms for verification of the custodians of data and authentication of the digital evidence integrity. The solution will adequately mitigate sharp practices from the digital evidence custodian who may want to compromise it, and also enhance the admissibility of the digital evidence in court by ensuring an acceptable standard for its collection. KeywordsCloud forensic readinessPotential digital evidenceChain of custody
... Step Description The processes for constructing the DFR model are divided into the politic and Technical (T) factor, and the politic factor consists of two factors: Legal (L) factor as outside the organization environment and Organizational (O) factor within the organization guideline [92]. Consequently, Each description for K-FFRaaS is classified by three factors: Technical (T), Legal (L), and Organizational (O) factors [93,94]. ...
Article
Full-text available
While Korean financial companies are currently providing electronic financial services by establishing the high-level information technology and security system in accordance with the Electronic Financial Supervision Regulations (EFSR), they are rarely equipped with digital forensic readiness (DFR) to maximize the capability to collect critical digital evidence (DE). So, there is a limit to identifying the root cause of financial incidents and securing admissible DE. In this paper, there, the authors present Financial Forensic Readiness as a Service in Korea (K-FFRaaS), as DFR of financial companies to secure the admissible DE. Based on ISO/IEC 27043:2015 international standard, K-FFRaaS consists of 3 processes groups, namely: Planning processes group, Implementation processes group, and Assessment processes group. Planning processes group is the processes group to prepare the organization to be forensically ready before potential incidents happen. Implementation processes group is the stage to carry out the processes defined in the planning group. Assessment processes group consists of activities that evaluate whether the result of the implementation process group is consistent with the objective of K-FFRaaS. The contribution of this research is to present that the financial company can adopt the systematic management procedure for mitigating the causes of incidents, store admissible DE, and present scientific evidence to a court of law through K-FFRaaS.
... The foundations of digital forensic readiness on cloud computing technologies has been necessitated by increased usage of cloud computing resources and the rapid rise of potential security incidents . 17,18 The technical factors like cloud infrastructure, cloud architecture, forensic technology affect how cloud forensic readiness aspects should be conducted. There still exist other researches that have depicted how services can be formalized in a cloud forensic readiness approach, for example, leveraging SLAs formalization based on cloud forensic reference architecture, 19 forensic readiness in the cloud through forensics log collection, 20 decision making approaches using cloud forensic readiness approaches. ...
Article
Full-text available
The importance of demonstrating the correctness of forensic analysis tools and automated incident management tools reinforces the need for a finite state machine (FSM) engine that can generate automated forensic processes. Hence, in this paper, we present an event-based FSM representation for Cloud Forensic Readiness as a Service (CFRaaS), where we also show how the FSM's predetermined states and transitions could be used to formulate an automated forensic process and generate a hypothesis for litigation purposes. Specifically, this proposition comprises a two-step level CFRaaS-FSM with possible transitions and states. This representation is useful because it can alert digital forensic investigators on how to deduce current and next state of attacks based on transitions and current states. K E Y W O R D S
Preprint
Full-text available
Recent years have witnessed an increasing number of IoT-related cybersecurity incidents, which is mainly due to three reasons: immaturity of IoT security, extensive use of IoT technologies in various fields, and a dramatic surge in the number of IoT users (particularly, in case of cloud connected IoT (cloud-IoT) technologies). On the other hand, to execute forensic investigations that involve cloud-IoT environments, there is a need for knowledge and skill in different areas such as readiness, live and dead forensics. Though, accomplishment of this objective with the use of conventional approaches could be noticeably challenging. For that reason, it is must to develop a cloud-IoT forensic process model capable of guiding consumers before, during, and after the occurrence of an incident. The current paper is focused on developing a consumer-oriented process model. In addition, this study uses the Forensics Iterative Development Model (FIDM) to examine the effectiveness of the proposed model on a simulated cloud-IoT environment in reflecting two different cloud crime scenarios. The process of developing the model is elaborated in the paper. Considering the challenges extracted through a comprehensive literature review, this study defined the requirements that need to be satisfied by forensic process models aiming to make investigation within cloud-IoT environments. In this sense, the forensic process models introduced already in the literature were assessed on the basis of the requirements defined. Then, a set of inclusion criteria was formed for the evaluation of the conventional digital forensics process models so that we could mark out the best group of models that could have best contribution to developing the proposed model. The final output of the present paper was an innovative model called Cloud-IoT Forensic Process Model (CFPM) capable of taking into consideration the consumers’ perspectives. Finally, the CFPM performance was evaluated by implementing it on two case scenarios. The obtained results confirmed the high effectiveness of the proposed model in terms of performing the tasks defined.
Article
Full-text available
Weather in Malaysia are hot and humid throughout the year thus having a sudden rain can disrupt the drying of laundries and make them wet. In this study, an automated retractable roof system was developed to overcome this problem. The development and implementation of this study enables user to monitor the parameters at the laundry suspension area by using their smartphone and prevent the laundries getting wet from rain. This study uses humidity sensors, Ultraviolet (UV) sensor, rain sensor, and temperature sensor to detect parameter such as humidity, UV intensity, presence of water and temperature respectively. Data from the sensors were collected and analysed to determine the values of parameters when rains occurred. These parameters were indicated as part of weather prediction study. From experiment, the retractable roof will open and close depended on condition met by the system. In addition, the system can communicate with the user’s phone through using Internet connection. The Blynk application in the smartphone allows the user to monitor and control the system through internet connection between the application and microcontroller. This study will be helpful for non-commercial use and can be expanded to commercial use as with further improvement.
Article
Full-text available
Aromatherapy candles with essential oils which can provides a therapeutic treatments have been made to maintain and improve our wellbeing. In this paper, a mini prototype of automated aromatherapy candle process plant using IoT and WSN has been proposed and developed. The main process of producing aromatherapy candle are heating and mixing. To produce the right quality of the aromatherapy candle, the quantity of the raw material is important. Heating process will be control by using ESP8266 based PID controller and monitored by using Open Source Programmable Logic Controller called OpenPLC that run on Raspberry Pi. The software is efficient because can support users over the entire plant and process. Mixing process will mix the raw material evenly using agitator motor with specific temperature. The whole process in this work can be monitored and control through PC via this implementation of software. To obtain the best quality of this work, the set point of temperature need to be control and the plant able to be achieved after second test of the study. As the result, this study able to produces aromatherapy candle with better quality in minimal time. This study also able to control the candle from releasing too many Volatile Organic Compound that can effect human life. Armed with the wealth of relevant information presented in this article, it is hoped that readers will have greatly benefited and gained a thorough understanding on how to develop an automated aroma therapy candle process planting using IoT and WSN. With further research put forth into this study, it is also hope it could be an advantage in innovation development and can be implemented in real life manufacturing industry.
Article
Digital forensics readiness (DFR) is an important part of the growing forensic domain. Research on DFR has been given little attention, while available DFR models have focused on theoretical investigations with inadequate input from practicing information security experts in the industry. Using feedback from practicing forensic experts in the industry and academia, this research investigates the structure required to implement and manage digital forensic readiness (DFR) within an enterprise. The research extended the DFR Commonalities framework (DFRCF) and utilised the structure to design a digital forensic maturity assessment model (DFMM) that will enable organisations to assess their forensic readiness and security incident responses. A combination of qualitative and research design approaches was utilised to perform a comparative analysis of various DFR frameworks. A top-down design approach was utilised in developing the DFMM model which was validated with forensic practitioners and academics through semi-structured interviews. The structure extracted from DFR frameworks was practical since most participants agreed with the structure of the extended DFRCF and the matrix of the maturity model. Overall, key changes were introduced to enhance both the extended DFRCF and the DFMM. The study was limited to participants who have a forensic footprint and are knowledgeable about DFR. This paper thereby provides practitioners, academics and organisations with access to a non-propriety DFMM maturity model.
Article
“Forensic-by-design” is an emergent and ambitious paradigm that extends the Digital Forensic Readiness (DFR) perspective. Similar to Security-by-design, this new vision advocates the integration of Forensic requirements into the system's design and development stages to get “Forensic-ready” systems. While it seems promising, we hypothesize that: (a) this new alternative is not effective for some open boundaries systems, and (b) this strategy is not fully aligned with the Systems and software Engineering (SE) standards. A six phases research methodology based on systematic literature review, mapping, and analysis was adopted. Our results confirm indeed the stated hypothesis, identify missing key factors, and point out potential omissions. A new System and software Engineering driven Forensic-by-design framework, with an emphasis on Cloud computing systems, is therefore proposed.
Conference Paper
Full-text available
The proliferation of cloud resources among organizations has had numerous benefits with regard to how business processes are conducted. However, despite the benefits, the cloud has not been very resilient due to its distributed and open nature. Due to this, there have been numerous reports on how the security of organizational information has been incriminated. In any organization Digital Forensic Readiness (DFR) is employed as a pre-incident phase whose aim is to maximize the use of potential digital evidence while minimizing the cost of performing a digital forensic investigation. Therefore, it is on this premise that the paper gives a contribution on the requirements needed in order for the cloud to be forensically ready for digital investigations when a modified Non-Malicious Botnet (NMB) acting as an agent-based solution is used. The objective of this paper is to propose the requirements for achieving DFR in the cloud based on the standard of ISO/IEC 27043: 2015 which presents guidelines of information technology, security techniques and incident investigation principles and processes. Moreover, the proposed requirements have been presented based on legal, technical and operational standpoint.
Article
Full-text available
Cloud computing is a rapidly developing and excellent promising technology. It has aroused the concern of the computer society of whole world. Cloud computing is Internet-based computing, whereby shared information, resources, and software, are provided to terminals and portable devices on-demand, like the energy grid. Cloud computing is the product of the combination of grid computing, distributed computing, parallel computing, and ubiquitous computing. It aims to build and forecast sophisticated service environment with powerful computing capabilities through an array of relatively low-cost computing entity, and using the advanced deployment models like SaaS (Software as a Service), PaaS (Platform as a Service), IaaS (Infrastructure as a Service),HaaS (Hardware as a Service) to distribute the powerful computing capacity to end-users. This paper will explore the background and service models and also presents the existing research issues and implications in cloud computing such as security, reliability, privacy, and so on.
Article
Full-text available
Cloud computing provides to the consumers basic computing resources that range from storage and computing power to sophisticated applications. When digital forensics is needed for suspected cases involving cloud computing, the provider is responsible for collecting the digital evidence. Limitations of this approach include lack of efficient incident response, and that the consumers may have a little or no choice but to accept electronic evidences made available by the cloud provider. This research investigates whether it is possible to perform consumer-side digital forensics where a consumer independently collects all digital evidences required for a suspected case from Infrastructure as a Service resources (IaaS). In particular, the research contributes to a digital forensics readiness framework that shows how digital evidence collection can be made strongly consumer-centric, so that all the electronic evidences that digital forensic investigation requires for suspected cases can be provided independently by the IaaS consumers.
Article
Full-text available
Modern organizations need to develop ‘digital forensic readiness’ to comply with their legal, contractual, regulatory, security and operational obligations. A review of academic and practitioner literature revealed a lack of comprehensive and coherent guidance on how forensic readiness can be achieved. This is compounded by the lack of maturity in the discourse of digital forensics rooted in the informal definitions of key terms and concepts. In this paper we validate and refine a digital forensic readiness framework through a series of expert focus groups. Drawing on the deliberations of experts in the focus groups, we discuss the critical issues facing practitioners in achieving digital forensic readiness.
Article
Saudi universities have at their disposal a huge number of low cost IT resources to aid in teaching, research and learning. By migrating to cloud services, Saudi universities will be moving data and programs from local servers to the internet, thereby providing users with the ability to access and share information at any time from multiple devices. The migration to cloud-based IT resources is not yet widespread in Saudi universities due to several challenges including security, legal policies and implementation. At present, there is lack of research and guidance for Saudi universities on how to overcome these challenges and how contextual factors can influence the successful migration to the educational clouds. This research presents a framework for the successful migration to cloud technology in the Saudi Arabian universities. In this research, a set of key critical success factors (CSFs) were identified by synthesizing components from studies concerned with the migration of cloud for higher education and factors identified from the successful implementation of WBL (Web Based Learning) and ERP (Enterprise Resource Planning) on higher education in Saudi Arabia. Based on this knowledge, the proposed framework was evaluated via expert review and a survey by IT specialists from the Saudi universities. The initial CSFs were updated based on the expert reviews and the results were analysed. Based on the findings at this stage, additional CSFs were added to the framework as suggested by the experts. Subsequently, in order to confirm the reviewed CSFs, additional investigation via a structured online questionnaire was conducted and the outcome was analysed via one-sample t-test with the data integrity analysed via Cronbach’s alpha. The outcome indicated the majority of CSFs to be statistically significant except the Physical Location CSF. Potential future study and contributions are discussed.
Article
As businesses continue to offer customers and employees increased access, improved software functionality, and continued improvements in supply chain management opportunities, it raises the risk of cyber-physical attacks on cyber-physical cloud systems (CPCS). In this article, the authors discuss the challenges associated with a CPCS attack and highlight the need for forensic-by-design, prior to presenting their conceptual CPCS forensic-by-design model. The six factors of the framework are discussed, namely, risk management principles and practices, forensic readiness principles and practices, incident handling principles and practices, laws and regulation, CPCS hardware and software requirements, and industry-specific requirements. Future research topics are also identified.
Conference Paper
The advances of the ICT industry in recent years has led to huge popularity of Cloud Computing Services. Due to the fact that the Cloud is distributed and hosts numerous users, its use to commit crimes becomes a critical issue. Proactive cloud forensics becomes a matter of urgency: its capability to collect critical data before crimes happen, thus saving time and energy for the investigations is its primary objective. In this paper, we discuss the basis of Cloud Forensic Readiness, because we believe that such a system is of huge necessity. We begin by carefully defining Digital Forensic Readiness in the Cloud Computing context. We propose a reference architecture for a Cloud Forensic Readiness System (CFRS) together with its features, components, and challenges.