An improved forensic-by-design framework for cloud computing with systems engineering standard compliance

Abstract

“Forensic-by-design” is an emergent and ambitious paradigm that extends the Digital Forensic Readiness (DFR) perspective. Similar to Security-by-design, this new vision advocates the integration of Forensic requirements into the system's design and development stages to get “Forensic-ready” systems. While it seems promising, we hypothesize that: (a) this new alternative is not effective for some open boundaries systems, and (b) this strategy is not fully aligned with the Systems and software Engineering (SE) standards. A six phases research methodology based on systematic literature review, mapping, and analysis was adopted. Our results confirm indeed the stated hypothesis, identify missing key factors, and point out potential omissions. A new System and software Engineering driven Forensic-by-design framework, with an emphasis on Cloud computing systems, is therefore proposed.