A Cloud Forensic Readiness Model Using a Botnet as a Service

Cloud forensics has become an inexorable and a transformative discipline in the modern world. The need to share a pool of resources and to extract digital evidence from the same distributed resources to be presented in a court of law, has become a subject of focus. Forensic readiness is a pro-active process that entails digital preparedness that an organisation uses to gather, store and handle incident responsive data with the aim of reducing post-event response by digital forensics investigators. Forensic readiness in the cloud can be achieved by implementing a botnet with nonmalicious code as opposed to malicious code. The botnet still infects instances of virtual computers within the cloud, however, with good intentions as opposed to bad intentions. The botnet is, effectively, implemented as a service that harvests digital information that can be preserved as admissible and submissive potential digital evidence. In this paper, the authors‟ problem is that there are no techniques that exist for gathering information in the cloud for digital forensic readiness purposes as described in international standard for digital forensic investigations (ISO/IEC 27043). The authors proposed a model that allows digital forensic readiness to be achieved by implementing a Botnet as a service (BaaS) in a cloud environment.

[1]  Hein S. Venter,et al.  Implementing Forensic Readiness Using Performance Monitoring Tools , 2012, IFIP Int. Conf. Digital Forensics.

[2]  Sieteng Soh,et al.  Cloud forensics: Technical challenges, solutions and comparative analysis , 2015, Digit. Investig..

[4]  Jan H. P. Eloff,et al.  UML Modelling of Digital Forensic Process Models (DFPMs) , 2008, ISSA.

[5]  Robert Rowlingson,et al.  A Ten Step Process for Forensic Readiness , 2004, Int. J. Digit. EVid..

[6]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[7]  Lisa Thornton,et al.  Telecommunications law in South Africa , 2006 .

[8]  P. Mell,et al.  SP 800-145. The NIST Definition of Cloud Computing , 2011 .

[9]  Charles Doyle Privacy: An Overview of the Electronic Communications Privacy Act , 2012 .

[10]  Daleen Millard,et al.  Employers' Statutory Vicarious Liability in Terms of the Protection of Personal Information Act , 2016 .

[11]  Hari Balakrishnan,et al.  Not-a-Bot: Improving Service Availability in the Face of Botnet Attacks , 2009, NSDI.

[12]  M. Tariq Banday,et al.  Study of Botnets and Their Threats to Internet Security , 2009 .

[13]  Tillmann Werner,et al.  Proactive Botnet Countermeasures An Offensive Approach , 2009 .

[14]  Emma Webb-Hobson,et al.  QinetiQ White Papers Digital Investigations in the Cloud , 2013 .

[15]  Ram Kumar Singh,et al.  Intrusion Detection System Using Advanced Honeypots , 2009, ArXiv.

[16]  Iyatiti Mokube,et al.  Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.

[17]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[18]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[19]  Deborah A. Frincke,et al.  A Theoretical Framework for Organizational Network Forensic Readiness , 2007, J. Comput..

[20]  Brian Baskin,et al.  Securing IM and P2P Applications for the Enterprise , 2005 .

[21]  Vasilios Katos,et al.  Data Recovery Strategies for Cloud Environments , 2013 .

[22]  Dominik Birk Technical Challenges of Forensic Investigations in Cloud Computing Environments , 2011 .

[23]  Jarkko Oikarinen,et al.  Internet Relay Chat Protocol , 1993, RFC.

[24]  Hein S. Venter,et al.  Towards a Digital Forensic Readiness Framework for Public Key Infrastructure systems , 2011, 2011 Information Security for South Africa.

[25]  Mohand Tahar Kechadi,et al.  Cloud Forensics , 2011, IFIP Int. Conf. Digital Forensics.

[26]  Barbara Endicott-Popovsky,et al.  Forensic Readiness in the Cloud (FRC) : Integrating Records Management and Digital Forensics , 2012 .

[27]  Alexander Scolnik Protections for Electronic Communications: The Stored Communications Act and the Fourth Amendment , 2009 .

[28]  Kenneth Geers,et al.  The Virtual Battlefield: Perspectives on Cyber Warfare , 2009 .

[29]  Juana Coetzee Incoterms, Electronic Data Interchange, and the Electronic Communications and Transactions Act , 2003 .