A Framework for Cloud Forensic Readiness in Organizations

Many have argued that cloud computing is one of the fastest growing and most transformative technologies in the history of computing. It has radically changed the way in which information technologies can manage, access, deliver and create services. It has also brought numerous benefits to end-users and organizations. However, this rapid growth in cloud computing adoption has also seen it become a new arena for cybercrime. This has, in turn, led to new technical, legal and organizational challenges. In addition to the large number of attacks which affect cloud computing and the decentralized nature of data processing in the cloud, many concerns have been raised. One of these concerns is how to conduct a proper digital investigation in cloud environments and be ready to collect data proactively before an incident occurs in order to save time, money and effort. This paper proposes the technical, legal and organizational factors that influence digital forensic readiness for Infrastructure as a Service consumers.

[1]  Hein S. Venter,et al.  Digital forensic readiness in the cloud , 2013, 2013 Information Security for South Africa.

[2]  Raouf Boutaba,et al.  Cloud computing: state-of-the-art and research challenges , 2010, Journal of Internet Services and Applications.

[3]  Mladen A. Vouk,et al.  Cloud computing — Issues, research and implementations , 2008, ITI 2008 - 30th International Conference on Information Technology Interfaces.

[4]  Exploring Cloud Incidents , 2016 .

[5]  Sebastiaan H. von Solms,et al.  A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations , 2010, 2010 International Conference on Availability, Reliability and Security.

[6]  Victor R. Kebande,et al.  A Cloud Forensic Readiness Model Using a Botnet as a Service , 2014 .

[7]  Gary B. Wills,et al.  An exploratory study for investigating the critical success factors for cloud migration in the Saudi Arabian higher education context , 2017, Telematics Informatics.

[8]  George Sibiya,et al.  Digital forensic readiness in a cloud environment , 2013, 2013 Africon.

[9]  Rajkumar Buyya,et al.  Article in Press Future Generation Computer Systems ( ) – Future Generation Computer Systems Cloud Computing and Emerging It Platforms: Vision, Hype, and Reality for Delivering Computing as the 5th Utility , 2022 .

[10]  Moniphia Orlease Hewling Digital forensics : an integrated approach for the investigation of cyber/computer related crimes , 2013 .

[11]  Kim-Kwang Raymond Choo,et al.  Forensic-by-Design Framework for Cyber-Physical Cloud Systems , 2016, IEEE Cloud Computing.

[12]  Ahmed Nour Moussa,et al.  Conceptual forensic readiness framework for infrastructure as a service consumers , 2014, 2014 IEEE Conference on Systems, Process and Control (ICSPC 2014).

[13]  Andrew Lonie,et al.  Digital forensic readiness: Expert perspectives on a theoretical framework , 2015, Comput. Secur..

[14]  Sriram Raghavan,et al.  Digital forensic research: current state of the art , 2012, CSI Transactions on ICT.

[15]  Fang Liu,et al.  NIST Cloud Computing Reference Architecture , 2011, 2011 IEEE World Congress on Services.

[16]  ElyasMohamed,et al.  Digital forensic readiness , 2015 .

[17]  Hein S. Venter,et al.  Implementation guidelines for a harmonised digital forensic investigation readiness process model , 2013, 2013 Information Security for South Africa.

[18]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[19]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[20]  Andrew Lonie,et al.  Towards A Systemic Framework for Digital Forensic Readiness , 2014, J. Comput. Inf. Syst..

[21]  Issa Traoré,et al.  The Proactive and Reactive Digital Forensics Investigation Process: A Systematic Literature Review , 2011, ISA.

[22]  M. Tahar Kechadi,et al.  Cloud Forensic Readiness: Foundations , 2013, ICDF2C.

[23]  Mpho Percy Makutsoane,et al.  A conceptual framework to determine the digital forensic readiness of a Cloud Service Provider , 2014, Proceedings of PICMET '14 Conference: Portland International Center for Management of Engineering and Technology; Infrastructure and Service Integration.

[24]  Tahar Kechadi,et al.  Survey on Cloud Forensics and Critical Criteria for Cloud Forensic Capability: A Preliminary Analysis , 2011 .

[25]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .