Abstract
AbstractA Cloud Forensic Readiness as a Service (CFRaaS) model allows an environment to preemptively accumulate relevant potential digital evidence (PDE) which may be needed during a post‐event response process. The benefit of applying a CFRaaS model in a cloud environment, is that, it is designed to prevent the modification/tampering of the cloud architectures or the infrastructure during the reactive process, which if it could, may end up having far‐reaching implications. The authors of this article present the reactive process as a very costly exercise when the infrastructure must be reprogrammed every time the process is conducted. This may hamper successful investigation from the forensic experts and law enforcement agencies perspectives. The CFRaaS model, in its current state, has not been presented in a way that can help to classify or visualize the different types of potential evidence in all the cloud deployable models, and this may limit the expectations of what or how the required PDE may be collected. To address this problem, the article presents the CFRaaS from a holistic ontology‐driven perspective, which allows the forensic experts to be able to apply the CFRaaS based on its simplicity of the concepts, relationship or semantics between different form of potential evidence, as well as how the security of a digital environment being investigated could be upheld. The CFRaaS in this context follows a fundamental ontology engineering approach that is based on the classical Resource Description Framework. The proposed ontology‐driven approach to CFRaaS is, therefore, a knowledge‐base that uses layer‐dependencies, which could be an essential toolkit for digital forensic examiners and other stakeholders in cloud‐security. The implementation of this approach could further provide a platform to develop other knowledge base components for cloud forensics and security.This article is categorized under: Digital and Multimedia Science > Cloud Forensics Digital and Multimedia Science > Cyber Threat Intelligence Digital and Multimedia Science > Multimedia Forensics
Highlights
The rapid decline in traditional digital forensics (DF) practice has enabled the field of cloud forensics to have numerous advances and most importantly, digital investigation in the cloud resources, which has been at the center of these advances
A Cloud Forensic Readiness as a Service (CFRaaS) model is presented as a novel implementation that has been deployed in a cloud environment in order to be able to achieve Digital Forensic Readiness (DFR) by maximizing the potential of using potential digital evidence (PDE) while minimizing the cost of conducting DF investigations
The huge and complex amount of digital forensic data that is collected by CFRaaS in order to forensically prepare the cloud for digital investigations need to be synthesized, so that it can be easy for digital forensic investigators, to be able to interpret what that digital data represents and the semantics that is involved
Summary
The rapid decline in traditional digital forensics (DF) practice has enabled the field of cloud forensics to have numerous advances and most importantly, digital investigation in the cloud resources, which has been at the center of these advances. A CFRaaS model is presented as a novel implementation that has been deployed in a cloud environment in order to be able to achieve Digital Forensic Readiness (DFR) by maximizing the potential of using PDE while minimizing the cost of conducting DF investigations This concept stems from the dire need for shortening the DFI process across organizations. This is followed by Virtualization Layer with VM support and implementation process that supports different instance deployment, a hypervisor that manages the cloud operating system, the operating system that supports instance creation and hardware that represents the physical processes that support cloud infrastructures This is followed by the DFR Layer that has a forensic readiness policy that ensures that the legal premise is admissible, CFRaaS approach strategy that defines the processes used to collect digital evidence through the digital evidence collection subprocess. The concurrent processes that happen simultaneously to ensure that the admissibility of potential digital shreds of evidence is maintained while the processes are being conducted
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
