Advanced search
Publication Cover
Australian Journal of Forensic Sciences Volume 50, 2018 - Issue 2
Submit an article Journal homepage
666
Views
32
CrossRef citations to date
0
Altmetric
Original Articles

On digital forensic readiness in the cloud using a distributed agent-based solution: issues and challenges

Victor R. KebandeDepartment of Computer Science, University of Pretoria, Pretoria, South AfricaCorrespondence[email protected]
ORCID Iconhttp://orcid.org/0000-0003-4071-4596
ORCID Icon &
H.S. VenterDepartment of Computer Science, University of Pretoria, Pretoria, South AfricaCorrespondence[email protected]
ORCID Iconhttp://orcid.org/0000-0002-3607-8630
ORCID Icon
Pages 209-238 | Received 09 Feb 2016, Accepted 13 May 2016, Published online: 17 Jun 2016

References

  • IDC predictions 2014. Top 10 predictions: Competing for 2020. Available from: http://www.idc.com/prodserv/FourPillars/Cloud/index.jsp
  • Birk D. Technical challenges of forensic investigations in cloud computing environments. Workshop on Cryptography and Security in Clouds. 2011: 1–6.
  • Wilcox J. Gartner: Most cios have their head in the cloud. Available from: http://betanews.com/2011/01/24/gartner-most-cios-have-their-heads-in-the-clouds/
  • Kebande VR, Venter HS. A cloud forensic readiness model using a Botnet as a Service. In: The International Conference on Digital Security and Forensics (DigitalSec2014). The Society of Digital Information and Wireless Communication; 2014, p. 23–32.
  • Draft NISTIR 8006 NIST Cloud Computing Forensic Science Challenges. Available from: http://csrc.nist.gov/publications/drafts/nistir-8006/draft_nistir_8006.pdf
  • Palmer G. A road map for digital forensic research. First Digital Forensic Research Workshop, Utica, New York. 2001: 27–30. August.
  • Casey E. Digital forensics: coming of age. Digital Investigation. 2009;6(1):1–2.10.1016/j.diin.2009.08.001
  • ISO/IEC 27043. 2015. Information technology – Security techniques – Incident investigation principles and processes. [online] Available from: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=44407
  • ISO/IEC 27037. 2012. Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence. [online] Available from: http://www.iso.org/iso/catalogue_detail?csnumber=44381
  • Rowlingson R. A ten step process for forensic readiness. Int J Digital Evidence. 2004;2(3):28.
  • Tan J. Forensic readiness. Cambridge, MA: @ Stake; 2001. p. 1–23.
  • Yasinsac A, Manzano Y. Policies to enhance computer and network forensics. Proceedings of the 2001 IEEE workshop on information assurance and security. 2001:289–295 June.
  • Mell P, Grance T. The NIST definition of cloud computing (draft), Vol. 800. NIST special publication. 2011. p. 7. Available from: http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
  • McDonald N. Gartner Research. Addressing the most common security risks in data center, virtualization projects. Available from: http://bsius.com/media/182447/addressing_the_most_common_s_173434.pdf
  • Ruan K, Carthy J, Kechadi T, Crosbie M. Cloud forensics. In: Advances in digital forensics VII. Springer Berlin Heidelberg; 2011. p.35–46. Available from: http://cloudforensicsresearch.org/publication/Cloud_Forensics_An_Overview_7th_IFIP.pdf
  • Martini B, Choo KKR. An integrated conceptual digital forensic framework for cloud computing. Digital Invest. 2012;9(2):71–80.10.1016/j.diin.2012.07.001
  • Quick D, Choo KKR. Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? Digital Invest. 2013a;10(3):266–277.10.1016/j.diin.2013.07.001
  • Quick D, Choo KKR. Digital droplets: Microsoft SkyDrive forensic data remnants. Future Gener Comput Syst. 2013b;29(6):1378–1394.10.1016/j.future.2013.02.001
  • Quick D, Choo KKR. Dropbox analysis: Data remnants on user machines. Digital Invest. 2013c;10(1):3–18.10.1016/j.diin.2013.02.003
  • Quick D, Choo KKR. Google Drive: Forensic analysis of data remnants. J Netw Comput Appl. 2014a;40:179–193.10.1016/j.jnca.2013.09.016
  • Hooper C, Martini B, Choo KKR. Cloud computing and its implications for cybercrime investigations in Australia. Comput Law Secur Rev. 2013d;29(2):152–163.
  • Martini B, Choo KKR. Cloud storage forensics: ownCloud as a case study. Digital Invest. 2013;10(4):287–299.10.1016/j.diin.2013.08.005
  • Martini B,Choo KKR. Remote programmatic vCloud forensics: a six-step collection process and a proof of concept. In: Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference. IEEE; 2014b, September. p. 935–942.
  • Chung H, Park J, Lee S, Kang C. Digital forensic investigation of cloud storage services. Digital Invest. 2012;9(2):81–95.10.1016/j.diin.2012.05.015
  • Marty R. Cloud application logging for forensics. In: Proceedings of the 2011 ACM Symposium on Applied Computing. ACM; 2011, March. p. 178–184. 10.1145/1982185
  • Dykstra J, Sherman AT. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Invest. 2012;9:S90–S98.10.1016/j.diin.2012.05.001
  • Ollmann G. Botnet communication topologies. 2009. [Cited February 2016]. Available from: https://www.damballa.com/downloads/r_pubs/WP_Botnet_Communications_Primer.pdf
  • Falliere N, Chien E. Zeus: King of the bots. Symantec Security Response. 2009. Available from: http://bit.ly/3VyFV1.
  • Ab Rahman NH, Choo KKR. A survey of information security incident handling in the cloud. Comput Security. 2015;49:45–69.
  • Martini B, Choo KKR. Cloud forensic technical challenges and solutions: A snapshot. IEEE Cloud Computing. 2014c;1:20–25.10.1109/MCC.2014.69
  • Ab Rahman NH, Glisson WB, Yang Y, Choo KKR. Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Comput. 2016;31:50–59, Jan.-Feb. doi: 10.1109/MCC.2016.5.
  • Vincze EA. Challenges in digital forensics. Police Practice and Research. 2015;1–12.
  • Simou S, Kalloniatis C, Kavakli E, Gritzalis S. Cloud forensics: identifying the major issues and challenges. In: Advanced Information Systems Engineering. Springer International Publishing; 2014d, June. p. 271–284.
  • Delport W, Köhn M, Olivier MS. Isolating a cloud instance for a digital forensic investigation. ISSA. 2011, August.
  • Valjarevic A, Venter HS. A Harmonized Process Model for Digital Forensic Investigation Readiness. In: Advances in Digital Forensics IX. Springer: Berlin Heidelberg; 2013. p. 67–82.
  • Trenwith PM, Venter HS. Digital forensic readiness in the cloud. Information Security for South Africa, 2013. 2013:1–5. IEEE, August.10.1109/ISSA.2013.6641055
  • Cohen FB. Digital forensic evidence examination. 2nd ed. Livermore (CA): Fred Cohen & Associates, ASP Press; 2009.
  • Kebande VR, Venter HS. A functional architecture for cloud forensic readiness large-scale potential digital evidence analysis. In Proceedings of the 14th European Conference on Cyber Warfare and Security 2015: ECCWS. 2015 p. 373 Academic Conferences Limited.
  • Agarwal S. Performance analysis of peer-to-peer botnets using “the storm botnet” as an exemplar (doctoral dissertation, university of Victoria), 2010.
  • Kebande VR, Venter HS Obfuscating a cloud-based botnet towards digital forensic readiness. In Iccws 2015-The Proceedings of the 10th International Conference on Cyber Warfare and Security; Academic Conferences Limited, 2015 p. 434.
  • NIST SP 800-37. 2010, Guide for Applying the Risk Management Framework to Federal Information Systems, A security Life Cycle Approach.
  • Biggs S, Vidalis S. Cloud computing: The impact on digital forensic investigations. In: Internet Technology and Secured Transaction. ICITST 2009. International Conference. IEEE; 2009. p. 1–6.
  • Pearson S. Privacy, security and trust in cloud computing. In: Privacy and Security for Cloud Computing. Springer: London; 2013. p. 3–42.10.1007/978-1-4471-4189-1
  • Abadi DJ. Data management in the cloud: limitations and opportunities. IEEE Data Eng. Bull. 2009;32(1):3–12.
  • Bousselmi K, Brahmi Z, Gammoud MM. Cloud services orchestration: A comparative study of existing approaches. In: International Conference on Advanced Information Networking and Applications Workshops. 2014;410–416.
  • Ananthanarayanan R, Gupta K, Pandey P, Pucha H, Sarkar P, Shah M, Tewari R. Cloud analytics: Do we really need to reinvent the storage stack. In Proceedings of the 1st USENIX Workshop on Hot Topics in Cloud Computing (HOTCLOUD’2009), San Diego, CA, USA, 2009, June.
  • Casey E. Handbook of Computer Crime Investigation. Boston, MA: Academic Press; 2002.
  • Carrier BD. Risks of live digital forensic analysis. Communications of the ACM. 2006;49(2):56–61.10.1145/1113034
  • Zawoad S, Hasan R Cloud forensics: A meta-study of challenges, approaches, and open problems. arXiv preprint arXiv:1302.6312, 2013.
  • Dykstra J. Seizing electronic evidence from cloud computing environments. Cybercrime and cloud forensics: Applications for investigation processes. 2013:156–185.
  • Grispos G, Storer T, Glisson W. Calm before the storm: The challenges of cloud computing in digital forensics. Int J Digital Crime Forensics. 2012;4(2):28–48.10.4018/IJDCF
  • Jahankhani H, Beqir E. Digital evidence manipulation using anti-forensic tools and techniques. Handbook of Electronic Security and Digital Forensics. 2010;411:411–425.
  • Vacca JR. Computer forensics: Computer Crime Scene Investigation. 2nd ed. Charles River Media, Hingham, MA;2005. 20 Downer Avenue, Suite 3, 02043.
  • ACPO - Association of Chief Police Officers. Good practice guide for computer based electronic evidence, 2007.
  • Kebande VR, Venter HS. A cognitive approach for botnet detection using Artificial Immune System in the cloud, Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014. Third International Conference; April 29 2014-May 1 2014 pp.52,57.
  • Flood J, Keane A. A Proposed framework for the active detection of security vulnerabilities in multi-tenancy cloud systems. Third International Conference on Emerging Intelligent Data and Web Technologies (EIDWT); 2012, September. pp. 231–235. IEEE.
  • Claycomb WR, Nicoll A. Insider threats to cloud computing: Directions for new research challenges. Computer Software and Applications Conference (COMPSAC), 2012 IEEE 36th Annual; 2012, July. pp. 387–394. IEEE.
  • Doyle C. Privacy: An overview of the Electronic Communications Privacy Act. Library of Congress, Congressional Research Service; 2011. Available from: https://www.fas.org/sgp/crs/misc/R41733.pdf
  • Gereda SL. The Electronic Communications and Transactions Act. 2006. Available from: https://www.wits.ac.za/media/migration/files/telelaw12.pdf
  • Telecommunications Law in South Africa. The Protection of Personal Information Act. 2013;581(4):12–146. Available from: http://www.potatoes.co.za/SiteResources/documents/Protection_of_Personal_Info_Act.pdf
  • Scolnik A. Protections for Electronic Communications: The Stored Communications Act and the Fourth Amendment. Fordham L. Rev. 2009;78:350–397. Available from: http://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=4471&context=flr
  • Daubert V. Merrell Dow Pharmaceuticals, Inc., 509 U.S. 579, 1993.
  • E. TC-STAG. Security techniques advisory group (stag); definition of user requirements for lawful interception of telecommunications: requirements of the law enforcement agencies, 1996.
  • Cohen F. Challenges to digital forensic evidence. Fred Cohen and Associates, 2008.
  • Chen Z, Han F, Cao J, Jiang X, Chen S. Cloud computing-based forensic analysis for a collaborative network security management system. Tsinghua Sci Technol. 2013;18(1):40–50.10.1109/TST.2013.6449406
  • Aminnezhad A, Dehghantanha A, Abdullah MT, Damshenas M. Cloud forensics issues and opportunities. International Journal of Information Processing and Management. 2013;4(4):76.
  • Regulation of Interception of Communications and Provision of Communication-related Information Act 70 of 2001.
  • Zawoad S, Hasan R. Digital forensics in the cloud. CrossTalk. The Journal of Defense Software Engineering. 2013;26(5):17.
  • Owen P, Thomas P. An analysis of digital forensic examinations: mobile devices versus hard disk drives utilising ACPO & NIST guidelines. Digital Invest. 2011;8:135–140.10.1016/j.diin.2011.03.002
  • Reilly D, Wren C, Berry T. Cloud computing: Pros and cons for computer forensic investigations. Int J Multimedia Image Process (IJMIP). 2011;1(1):26–34.
  • The regulation of interception of communications and provision of communication-related information, 2010. Accessed 10 September 2014.
  • Quick D, Choo KKR. Impacts of increasing volume of digital forensic data: A survey and future research challenges. Digital Invest. 2014e;11(4):273–294.10.1016/j.diin.2014.09.002
  • Quick D, Choo KKR. Data reduction and data mining framework for digital forensic evidence: storage, intelligence, review and archive. Trends & Issues in Crime and Criminal Justice. 2014f;480:1–11.
  • Alqahtany S, Clarke N, Furnell S, Reich C. (2015, April). Cloud Forensics: A Review of Challenges, Solutions and Open Problems. In Cloud Computing (ICCC), 2015 International Conference on (pp. 1–9). IEEE.
  • Damshenas M, Dehghantanha A, Mahmoud R, bin Shamsuddin S. Forensics investigation challenges in cloud computing environments Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference; Kuala Lumpur, 2012, pp. 190–194.
  • Meyer G, Stander A. Cloud Computing: The Digital Forensics Challenge.
  • Sández MJR. A Review of Technical Problems when Conducting an Investigation in Cloud Based Environments. 2015 arXiv preprint arXiv:1508.01053.
  • Daryabar F, Dehghantanha A, Udzir NI. A review on impacts of cloud computing on digital forensics. Int J Cyber-Security Digital Forensics (IJCSDF). 2013;2(2):77–94.
  • Sibiya G, Venter HS, Fogwill T. Digital forensic framework for a cloud environment. 2012.
  • Van Eecke P. Cloud Computing Legalissues. 2011. Available from: http://www.isaca.org/Groups/Professional-English/cloud-computing/GroupDocuments/DLA_Cloud%20computing%20legal%20issues.pdf

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.