Research on Digital Forensic Readiness Design in a Cloud Computing-Based Smart Work Environment

Abstract

Recently, the work environments of organizations have been in the process of transitioning into smart work environments by applying cloud computing technology in the existing work environment. The smart work environment has the characteristic of being able to access information assets inside the company from outside the company through cloud computing technology, share information without restrictions on location by using mobile terminals, and provide a work environment where work can be conducted effectively in various locations and mobile environments. Thus, in the cloud computing-based smart work environment, changes are occurring in terms of security risks, such as an increase in the leakage risk of an organization’s information assets through mobile terminals which have a high risk of loss and theft and increase the hacking risk of wireless networks in mobile environments. According to these changes in security risk, the reactive digital forensic method, which investigates digital evidence after the occurrence of security incidents, appears to have a limit which has led to a rise in the necessity of proactive digital forensic approaches wherein security incidents can be addressed preemptively. Accordingly, in this research, we design a digital forensic readiness model at the level of preemptive prevention by considering changes in the cloud computing-based smart work environment. Firstly, we investigate previous research related to the cloud computing-based smart work environment and digital forensic readiness and analyze a total of 50 components of digital forensic readiness. In addition, through the analysis of the corresponding preceding research, we design seven detailed areas, namely, outside the organization environment, within the organization guideline, system information, terminal information, user information, usage information, and additional function. Then, we design a draft of the digital forensic readiness model in the cloud computing-based smart work environment by mapping the components of digital forensic readiness to each area. To verify the draft of the designed model, we create a survey targeting digital forensic field-related professionals, analyze their validity, and deduce a digital forensic readiness model of the cloud computing-based smart work environment consisting of seven detailed areas and 44 components. Finally, through an analytic hierarchy process analysis, we deduce the areas that should be emphasized compared to the existing work environment to heighten the forensic readiness in the cloud computing-based smart work environment. As a result, the weightings of the terminal information Universal Subscriber Identity Module(USIM) card, collect/gain virtual machine image, etc.), user information (user account information analysis, analysis of user’s used service, etc.), and usage information (mobile OS artifact timeline analysis, action analysis through timeline, etc.) appear to be higher than those of the existing work environment. This is analyzed for each organization to preemptively prepare for the components of digital forensic readiness in the corresponding areas.