Advanced search
Publication Cover
Australian Journal of Forensic Sciences Volume 50, 2018 - Issue 5
Submit an article Journal homepage
804
Views
41
CrossRef citations to date
0
Altmetric
Original Articles

Novel digital forensic readiness technique in the cloud environment

Victor R. KebandeDepartment of Computer Science, University of Pretoria, Private Bag X20, Hatfield 0028, Pretoria, South AfricaCorrespondence[email protected]
ORCID Iconhttp://orcid.org/0000-0003-4071-4596
ORCID Icon &
H. S. VenterDepartment of Computer Science, University of Pretoria, Private Bag X20, Hatfield 0028, Pretoria, South AfricaORCID Iconhttp://orcid.org/0000-0002-3607-8630
ORCID Icon
Pages 552-591 | Received 23 Jun 2016, Accepted 21 Nov 2016, Published online: 17 Jan 2017

References

  • IDC . IDC’s top 10 technology predictions for 2015 [Internet]; 2015. Available from: http://sdtimes.com/idcs-top-10-technology-predictions-2015/
  • UC . US cybercrime: rising risks, reduced readiness key finding from the 2014 US state of cybercrime survey. 2014. Available from: http://www.pwc.com/us/en/increasing-it-effectiveness/publications/assets/2014-us-state-of-cybercrime.pdf
  • Dykstra J , Sherman AT . Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. Digit Invest. 2012;9:S90–S98. 10.1016/j.diin.2012.05.001
  • Zawoad S , Hasan R . I have the proof: providing proofs of past data possession in cloud forensics. Cyber Security (CyberSecurity), 2012 International Conference on. IEEE; 2012. p. 75-82.
  • ISO/IEC 27043 . Information technology – Security techniques – Incident investigation principles and processes [Internet]; 2015. Available from: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=44407.
  • FBI . Computer Analysis and Response Team (CART) [Internet]; 1984. Available from: https://www.utica.edu/academic/institutes/ecii/publications/articles/9C4E695B-0B78-1059-3432402909E27BB4.pdf
  • Palmer G . A road map for digital forensic research. Technical Report DTRT0010-01, DFRWS. Report for the First Digital Forensic Research Workshop (DFRWS); 2001.
  • Politt MM . Six blind men from Indostan. Digital forensics research workshop (DFRWS); 2004.
  • Carrier B , Spafford EH . Getting physical with the digital investigation process. Int J Digital Evid. 2003 Sep;2(2):1–20.
  • Tan J . Forensic readiness. Cambridge, MA: @ Stake; 2001 Jul 17. p. 1-23.
  • Rowlingson R . A ten step process for forensic readiness. Int J Digital Evid. 2004;2(3):1–28.
  • Beebe NL , Clark JG . A hierarchical, objectives-based framework for the digital investigations process. Digital Invest. 2005 Jun 30;2(2):147–167.10.1016/j.diin.2005.04.002
  • Casey E . Digital evidence and computer crime. 2nd ed. MA Academic Press: San Diego, CA ; 2000. p. 207–229.
  • SWGDE . Scientific working group on digital evidence. 2006. Available from: http://www.oas.org/juridico/spanish/cyb_best_pract.pdf
  • Carrier BD , Spafford EH . Categories of digital investigation analysis techniques based on the computer history model. Digital Invest. 2006 Sep;3(3):121–130. 10.1016/j.diin.2006.06.011
  • ACPO. Association of Chief Police Officers . ACPO good practice guide for digital evidence; 2012. Available from: http://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf
  • Gartner Gartner prediction . 2016. Available from: http://www.gartner.com/newsroom/id/3188817.
  • Almorsy M , Grundy J , Ibrahim AS . Collaboration-based cloud computing security management framework. In: Cloud Computing (CLOUD), 2011 IEEE International Conference on. IEEE; 2011. p. 364-371
  • Mell P , Tim G . The NIST definition of cloud computing. 2011:20–23. Available from: http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
  • Kebande VR , Venter HS . A cognitive approach for botnet detection using Artificial Immune System in the cloud. Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2014a Third International Conference on. IEEE; 2014. p. 52-57.
  • Kebande VR , Venter HS . A cloud forensic readiness model using a botnet as a service. The International Conference on Digital Security and Forensics (DigitalSec2014). The Society of Digital Information and Wireless Communication; 2014b. p. 23-32.
  • Banday M , Tariq JA , Qadri JA , Nisar AS . Study of Botnets and their threats to Internet Security. Working Papers on Information Security; 2009.
  • EnCase Forensic v7 . Guidance software [Internet]. 2015. Available from: https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx
  • AccessData: Forensic Toolkit . Recognized around the world as the standard digital forensic investigation solution [Internet]; 2015. Available from: http://accessdata.com/solutions/digital-forensics/forensic-toolkit-ftk.
  • Internet Evidence Finder [Internet]; 2015. Available from: http://www.magnetforensics.com/internet-evidence-finder
  • NIST . Information Technology Laboratory Computer Forensic Tool Testing Program [Internet]; 2015. Available from: http://www.cftt.nist.gov/
  • Reddy K , Venter HS . The architecture of a digital forensic readiness management system. Comput Secur. 2013;32:73–89.10.1016/j.cose.2012.09.008
  • Gummadi R , Balakrishnan H , Maniatis P , Ratnasamy S . Not-a-Bot: improving service availability in the face of botnet attacks. NSDI. 2009;9:307–320.
  • Garfinkel T , Pfaff B , Chow J , Rosenblum M , Boneh D . Terra: a virtual machine-based platform for trusted computing. ACM SIGOPS Oper Syst Rev. 2003;37 (5):193-206. ACM.10.1145/1165389
  • Quick D , Choo KKR . Forensic collection of cloud storage data: does the act of collection result in changes to the data or its metadata? Digital Invest. 2013;10(3):266–277.10.1016/j.diin.2013.07.001
  • Martini B , Choo KKR . An integrated conceptual digital forensic framework for cloud computing. Digital Invest. 2012;9(2):71–80.10.1016/j.diin.2012.07.001
  • Dykstra J , Sherman AT . Design and implementation of FROST: digital forensic tools for the OpenStack cloud computing platform. Digital Invest. 2013;10:S87–S95.10.1016/j.diin.2013.06.010
  • Quick D , Choo K-KR . Google drive: forensic analysis of data remnants. J Netw Comput Appl. 2014;40:179–193.10.1016/j.jnca.2013.09.016
  • Quick D , Choo K-KR . Impacts of increasing volume of digital forensic data: a survey and future research challenges. Digital Invest. 2014;11(4):273–294.10.1016/j.diin.2014.09.002
  • Martini B , Choo K-KR . Remote programmatic vCloud forensics: a six-step collection process and a proof of concept. Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on). IEEE; 2014. p. 935-942
  • Martini B , Choo KKR . Cloud storage forensics: ownCloud as a case study. Digital Invest. 2013;10(4):287–299.10.1016/j.diin.2013.08.005
  • Rahman ANH , Choo KKR . A survey of information security incident handling in the cloud. Comput Secur. 2015;49:45–69.10.1016/j.cose.2014.11.006
  • Wen Y , Man X , Le K , Shi W . Forensics-as-a-service (faas): computer forensic workflow management and processing using cloud. Cloud Computing. 2013; 208-214.
  • Westphal F , Axelsson S , Neuhaus C , Polze A . VMI-PL: a monitoring language for virtual platforms using virtual machine introspection. Digital Invest. 2014;11:S85–S94. 10.1016/j.diin.2014.05.016
  • Ahmad I , Abbas H , Asad Raza , Choo KKK , Sajid A , Pasha M , Aslam FK . Electronic crime investigations in a virtualised environment: a forensic process and prototype for evidence collection and analysis, Aust J Forensic Sci. 2016:1–26.
  • Ab Rahman, NH , Cahyani, NDW , Choo, K-KR . Cloud incident handling and forensic‐by‐design: cloud storage as a case study. Concurr Comput Pract Exper. 2016
  • Cahyani, NDW , Martini, B , Choo, K-KR , Al‐Azhar, AKBP . Forensic data acquisition from cloud‐of‐things devices: windows Smartphones as a case study. Concurr Comput Pract Exper. 2016.
  • Daryabar, F , Dehghantanha, A , Choo, K-KR . Cloud storage forensics: MEGA as a case study. Aust J Forensic Sci. 2016:1-14.10.1080/00450618.2016.1153714
  • Daryabar D , Dehghantanha A , Eterovic-Soric B , Choo K-KR . Forensic investigation of Onedrive, box, Googledrive and Dropbox applications on Android and iOS devices. Aust J Forensic Sci. 2016;48(6):615–642.10.1080/00450618.2015.1110620
  • Shariati M , Dehghantanha A , Choo K-KR . SugarSync forensic analysis. Aust J Forensic Sci. 2016;48(1):95–117.10.1080/00450618.2015.1021379
  • Martini B , Do Q , Choo K-KR . Mobile cloud forensics: An analysis of seven popular Android apps. In: Ko R , Choo K-KR , editors, Cloud security ecosystem. Waltham, MA: Syngress, an Imprint of Elsevier; 2015. p. 309–345.
  • Shariati M , Dehghantanha A , Martini B , Choo K-KR . Ubuntu One Investigation: Detecting Evidences on Client Machines. In: Ko R , Choo K-KR , editors, Cloud Security Ecosystem. Syngress, an Imprint of Elsevier; 2015. p. 429–446.
  • Kebande, V , Ntsamo, HS , Venter, HS . Towards a prototype for achieving digital forensic readiness in the cloud using a distributed NMB solution. ECCWS2016-Proceedings for the 15th European Conference on Cyber Warfare and Security. Academic Conferences and publishing limited; 2016. p. 369.
  • Kebande VR , Venter HS . Adding event reconstruction to a Cloud Forensic Readiness model. Information Security for South Africa (ISSA). IEEE; 2015 Aug 12. p. 1-9.
  • Kebande VR , Venter HS . A functional architecture for cloud forensic readiness large-scale potential digital evidence analysis. Proceedings of the 14th European Conference on Cyber Warfare and Security 2015: ECCWS 2015. Academic Conferences Limited; 2015. p. 373.
  • Kebande VR , Venter HS . On digital forensic readiness in the cloud using a distributed agent-based solution: issues and challenges. Aust J Forensic Sci. 2016:1-30.10.1080/00450618.2016.1194473
  • Kebande VR , Venter HS . Towards a model for characterizing potential digital evidence in the cloud environment during digital forensic readiness process. Iccsm 2015d-The Proceedings of the 3rd International Conference on Cloud Security and Management. Academic Conferences Limited; 2015.
  • Kebande VR , Venter HS . Obfuscating a cloud-based botnet towards digital forensic readiness. Iccws 2015c-The Proceedings of the 10th International Conference on Cyber Warfare and Security. Academic Conferences Limited; 2015. p. 434
  • Kebande VR , Venter HS . Requirements for achieving digital forensic readiness in the cloud environment using an NMB solution. 11th International Conference on Cyber Warfare and Security: ICCWS2016. Academic Conferences and publishing limited; 2016 Jan 1. p. 399.
  • Gong, C , Liu, J , Zhang, Q , Chen, H , Gong, Z . The characteristics of cloud computing. 2010 39th International Conference on Parallel Processing Workshops. IEEE; 2010, September. p. 275-279.
  • Risk equation . International Charter [Internet]. Available from: http://www.icharter.org/articles/risk_equation.html
  • CSIRT . Computer security incident response team [Internet]. Available from: https://www.csirt.org/
  • Bevel T , Gardner RM . Bloodstain pattern analysis with an introduction to crime scene reconstruction. 3rd ed. CRC Press; 2008 Apr 8.10.1201/CRCPACFINVE
  • Carrier BD , Spafford EH . Defining event reconstruction of digital crime scenes. J Forensic Sci. 2004 Nov 1;49(6): 1291–1298. JFS2004127-8.
  • Valjarevic A , Venter HS . Introduction of concurrent processes into the digital forensic investigation process. Aust J Forensic Sci. 2015:1–19.
  • Baryamureeba V , Tushabe F . The enhanced digital investigation process model. Proceedings of the Fourth Digital Forensic Research Workshop; 2004 Aug 7. p. 1-9.
  • ISO/IEC 27037 . Information technology – Security techniques – Guidelines for identification, collection, acquisition and preservation of digital evidence [Internet]; 2012. Available from: http://www.iso.org/iso/catalogue_detail?csnumber=44381
  • ISO/IEC 10118-2 . Information technology – Security techniques – Hash-functions – Part 2: Hash-functions using an n-bit block cipher [Internet]; 2010. Available from: http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=44737
  • Do Q , Martini B , Choo KKR . A forensically sound adversary model for mobile devices. PloS one. 2015;10(9):e0138449.10.1371/journal.pone.0138449
  • Azfar, A , Choo, KKR , Liu, L . An android social app forensics adversary model. 2016 49th Hawaii International Conference on System Sciences (HICSS). IEEE; 2016, January. p. 5597-5606.
  • Ab Rahman NH , Choo K-KR . Integrating digital forensic practices in cloud incident handling: A conceptual cloud incident handling model. In: Ko R , Choo K-KR , editors, Cloud security ecosystem. Syngress, an Imprint of Elsevier; 2015. p. 383–400.
  • Cahyani NDW , Ab Rahman NH , Glisson WB , Choo K-KR . Cloud incident handling and forensic-by-design: Cloud storage as a case study. Mobile Netw Appl. 2016.
  • Feldman, ER , and O’Connor EC . Criteria for admissibility of expert opinion testimony under Daubert and its progeny. Tech. rep, Cozen O’Connor; 2001.
  • Shropshire J . Securing cloud infrastructure: unobtrusive techniques for detecting hypervisor compromise. ICCSM2015-3rd International Conference on Cloud Security and Management: ICCSM2015. Academic Conferences and publishing limited; 2015 Oct 1. p. 86.
  • Hooper C , Martini B , Choo KKR . Cloud computing and its implications for cybercrime investigations in Australia. Compur Law Secur Rev. 2013;29(2):152–163.10.1016/j.clsr.2013.01.006
  • Choo KKR . Cloud computing: challenges and future directions. Trends Issues Crime Crim Just. 2010;400:1–6.
  • Gellman R . Privacy in the clouds: risks to privacy and confidentiality from cloud computing [Internet]; 2009. Available from: http://www.worldprivacyforum.org/pdf/WPF_Cloud_Privacy_Report.pdf

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.