A comparative analysis of digital forensic readiness models using CFRaaS as a baseline

Abstract

AbstractDigital forensic readiness (DFR) aims at maximizing the potential of conducting a digital forensic investigation while minimizing the cost of conducting postevent processes when a potential security incident is detected. Conducting digital forensic investigation (DFI) process and changing the functionality of software architectures and/or infrastructures while conducting these processes is a costly exercise; however, the availability of DFR processes can shorten and save the cost of these processes. A comparative analysis of the DFR process models is given that makes a strict comparison with the cloud forensic readiness as a service (CFRaaS) model. The main reason the CFRaaS model has been used as a basis for comparison is because it has been constructed by modifying the functionality of initially considered malicious botnets to allow the removal of potential digital evidence from the cloud without changing the architecture or the infrastructure of the cloud while conducting digital forensic processes. It is worth to note that the CFRaaS processes have been carefully developed based on the guidelines of ISO/IEC 27043:2015 international standards for information technology, security techniques, incident investigation principles and processes. Nevertheless, additional postevent response processes have also been incorporated in the CFRaaS like the reconstruction of the events and the Incident Response Procedures processes. The outcome of the comparison has shown promising results worth exploring.This article is categorized under: Digital and Multimedia Science > Cloud Forensics Digital and Multimedia Science > Cyber Threat Intelligence MoDigital and Multimedia Science > Forensic Visualization