Forensic storage framework development using composite logic method

Increasing number of information technology users allows possibility for crimes to take advantage of information technology to continue increasing either directly and indirectly. Criminals often use computer devices to commit crimes. This is a major concern so that the need for handling digital evidences becomes significantly urgent. Therefore, a forensic storage framework is required for managing digital evidences. This framework is designed by applying the composite logic method to determine role model of each variable or the initial pattern of the stages to be collaborated. Composite logic produces a role model that is to generate patterns in order to achieve the same goal. This method collaborates framework for handling the pre-existing hdd, ssd, and vmware to be in turn combined into a forensic storage framework. Based on the results of the test, this study proposes a new framework called forensic storage framework which comprises of four main stages, namely preparation, collection, analysis and report. The advantage of this framework is that it can be used to handle digital evidences in four storages which are SSD, HDD, VmWare, and cloud

Cloud Forensics Investigations Relationship: A Model And Instrument

Cloud computing is one of the most important advances in computing in recent history. cybercrime has developed side by side and rapidly in recent years. Previous studies had confirmed the existing gap between cloud service providers (CSPs) and law enforcement agencies (LEAs), and LEAs cannot work without the cooperation of CSPs. Their relationship is influenced by legal, organisational and technical dimensions, which affect the investigations. Therefore, it is essential to enhance the cloud forensics relationship between LEAs and CSPs. This research addresses the need for a unified collaborative model to facilitate proper investigations and explore and evaluate existing different models involved in the relationship between Omani LEAs and local CSPs as a participant in investigations. Further, it proposes a validated research instrument that can be cloud forensics survey. It can also be used as an evaluation tool to identify, measure, and manage cloud forensic investigations

A Revised Forensic Process for Aligning the Investigation Process with the Design of Forensic-Enabled Cloud Services

© Springer Nature Switzerland AG 2020. The design and implementation of cloud services, without taking under consideration the forensic requirements and the investigation process, makes the acquisition and examination of data, complex and demanding. The evidence gathered from the cloud may not become acceptable and admissible in the court. A literature gap in supporting software engineers so as to elicit and model forensic-related requirements exists. In order to fill the gap, software engineers should develop cloud services in a forensically sound manner. In this paper, a brief description of the cloud forensic-enabled framework is presented (adding some new elements) so as to understand the role of the design of forensic-enabled cloud services in a cloud forensic investigation. A validation of the forensic requirements is also produced by aligning the stages of cloud forensic investigation process with the framework’s forensic requirements. In this way, on one hand, a strong relationship is built between these two elements and emphasis is given to the role of the forensic requirements and their necessity in supporting the investigation process. On the other hand, the alignment assists towards the identification of the degree of the forensic readiness of a cloud service against a forensic investigation

Cloud Forensic: Issues, Challenges and Solution Models

Cloud computing is a web-based utility model that is becoming popular every day with the emergence of 4th Industrial Revolution, therefore, cybercrimes that affect web-based systems are also relevant to cloud computing. In order to conduct a forensic investigation into a cyber-attack, it is necessary to identify and locate the source of the attack as soon as possible. Although significant study has been done in this domain on obstacles and its solutions, research on approaches and strategies is still in its development stage. There are barriers at every stage of cloud forensics, therefore, before we can come up with a comprehensive way to deal with these problems, we must first comprehend the cloud technology and its forensics environment. Although there are articles that are linked to cloud forensics, there is not yet a paper that accumulated the contemporary concerns and solutions related to cloud forensic. Throughout this chapter, we have looked at the cloud environment, as well as the threats and attacks that it may be subjected to. We have also looked at the approaches that cloud forensics may take, as well as the various frameworks and the practical challenges and limitations they may face when dealing with cloud forensic investigations.Comment: 23 pages; 6 figures; 4 tables. Book chapter of the book titled "A Practical Guide on Security and Privacy in Cyber Physical Systems Foundations, Applications and Limitations", World Scientific Series in Digital Forensics and Cybersecurit

IoT forensics: A state-of-the-art review, callenges and future directions

The IoT is capable of communicating and connecting billions of things at the same time. The concept offers numerous benefits for consumers that alters how users interact with the technology. With this said, however, such monumental growth within IoT development also gives rise to a number of legal and technical challenges in the field of IoT forensics. Indeed, there exist many issues that must be overcome if effective IoT investigations are to be carried out. This paper presents a review of the IoT concept, digital forensics and the state-of-the-art on IoT forensics. Furthermore, an exploration of the possible solutions proposed in recent research and IoT forensics challenges that are identified in the current research literature are examined. Picks apart the challenges facing IoT forensics which have been established in recent literature. Overall, this paper draws attention to the obvious problems – open problems which require further efforts to be addressed properly.N/

Frameup: An Incriminatory Attack on Storj: A Peer to Peer Blockchain Enabled Distributed Storage System

In this work we present a primary account of frameup, an incriminatory attack made possible because of existing implementations in distributed peer to peer storage. The frameup attack shows that an adversary has the ability to store unencrypted data on the hard drives of people renting out their hard drive space. This is important to forensic examiners as it opens the door for possibly framing an innocent victim. Our work employs Storj as an example technology, due to its popularity and market size. Storj is a blockchain enabled system that allows people to rent out their hard drive space to other users around the world by employing a cryptocurrency token that is used to pay for the services rendered. It uses blockchain features like a transaction ledger, public/private key encryption, and cryptographic hash functions – but this work is not centered around blockchain. Our work discusses two frameup attacks, a preliminary and an optimized attack, both of which take advantage of Storj\u27s implementation. Results illustrate that Storj allows a potential adversary to store incriminating unencrypted files, or parts of files that are viewable on people\u27s systems when renting out their unused hard drive space. We offer potential solutions to mitigate our discovered attacks, a developed tool to review if a person has been a victim of a frameup attack, and a mechanism for showing that the files were stored on a hard drive without the renter\u27s knowledge. Our hope is that this work will inspire future security and forensics research directions in the exploration of distributed peer to peer storage systems that embrace blockchain and cryptocurrency tokens

Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring

An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. The prototype is deployed and executed in cloud instances hosted on OpenStack: the operational cloud environment. The experiments performed in this study show that it is viable to attain DFR in an operational cloud platform. Further observations show that the prototype is capable of harvesting digital data from cloud instances and store the data in a forensic sound database. The prototype also prepares the operational cloud environment to be forensically ready for digital forensic investigations without alternating the functionality of the OpenStack cloud architecture by leveraging the ISO/IEC 27043 guidelines on security monitoring.https://wileyonlinelibrary.com/journal/spy2Computer Scienc

A model for digital evidence admissibility assessment

Riding on the tide of the current development in computing and internet technologies, criminals have transitioned to the use of computer systems and digital channels to commit crimes. This transformation of crime requires criminal justice actors to investigate, produce and present digital evidence through a process that is scientifically proven and legally admissible, but also capable of securing successful prosecutions. Even though previous efforts by criminal justice practitioners and researchers have contributed to the standardisation of digital forensics in a manner that has consolidated the scientificity1 of digital forensics as a forensic science, these approaches, processes and techniques have not addressed adequately the issue of admissibility of digital evidence in judicial proceedings. In other words, existing models and standards are generally investigative-focused, which has significantly ensured that digital forensics processes follow a specific scientific order. Despite these advances, the existing techno-legal dilemma pertaining to the admissibility of digital evidence in judicial proceedings remains unresolved. In order to address this techno-legal dilemma, the thesis presents a Harmonised Model for Digital Evidence Admissibility Assessment (HM-DEAA), a model that integrates both technical and legal determinants to establish digital evidence admissibility in judicial proceedings. In order to operationalise the HM-DEAA, this research introduces an algorithm to assess digital evidence admissibility and to determine the evidential weight of a piece of digital evidence, which is tendered in a court of law. This algorithm has been tested on both hypothetical and real cases as part of the HM-DEAA’s evaluation for its potential use in legal proceedings. In addition, an expert system has been introduced to automate the operationalization of the HM-DEAA. In practice, the HM-DEAA framework is expected to provide a harmonised techno-legal foundation for assessing digital evidence admissibility in the criminal justice sector. The model is expected to be used primarily by judges as a judicial tool in legal proceedings. The expert system is also expected to serve as an assessment tool for investigators, prosecutors and defence lawyers to evaluate digital evidence with regard to its potential use in court.Thesis (PhD)--University of Pretoria, 2018.Computer SciencePhDUnrestricte

A Framework for Cloud Forensic Readiness in Organizations

Many have argued that cloud computing is one of the fastest growing and most transformative technologies in the history of computing. It has radically changed the way in which information technologies can manage, access, deliver and create services. It has also brought numerous benefits to end-users and organizations. However, this rapid growth in cloud computing adoption has also seen it become a new arena for cybercrime. This has, in turn, led to new technical, legal and organizational challenges. In addition to the large number of attacks which affect cloud computing and the decentralized nature of data processing in the cloud, many concerns have been raised. One of these concerns is how to conduct a proper digital investigation in cloud environments and be ready to collect data proactively before an incident occurs in order to save time, money and effort. This paper proposes the technical, legal and organizational factors that influence digital forensic readiness for Infrastructure as a Service consumers