A Revised Forensic Process for Aligning the Investigation Process with the Design of Forensic-Enabled Cloud Services

© Springer Nature Switzerland AG 2020. The design and implementation of cloud services, without taking under consideration the forensic requirements and the investigation process, makes the acquisition and examination of data, complex and demanding. The evidence gathered from the cloud may not become acceptable and admissible in the court. A literature gap in supporting software engineers so as to elicit and model forensic-related requirements exists. In order to fill the gap, software engineers should develop cloud services in a forensically sound manner. In this paper, a brief description of the cloud forensic-enabled framework is presented (adding some new elements) so as to understand the role of the design of forensic-enabled cloud services in a cloud forensic investigation. A validation of the forensic requirements is also produced by aligning the stages of cloud forensic investigation process with the framework’s forensic requirements. In this way, on one hand, a strong relationship is built between these two elements and emphasis is given to the role of the forensic requirements and their necessity in supporting the investigation process. On the other hand, the alignment assists towards the identification of the degree of the forensic readiness of a cloud service against a forensic investigation

Adding Digital Forensic Readiness as a Security Component to the IoT Domain

The unique identities of remote sensing, monitoring, self-actuating, self–adapting and self-configuring “things” in Internet of Things (IoT) has come out as fundamental building blocks for the development of “smart environments”. This experience has begun to be felt across different IoT-based domains like healthcare, surveillance, energy systems, home appliances, industrial machines, smart grids and smart cities. These developments have, however, brought about a more complex and heterogeneous environment which is slowly becoming a home to cyber attackers. Digital Forensic Readiness (DFR) though can be employed as a mechanism for maximizing the potential use of digital evidence while minimizing the cost of conducting a digital forensic investigation process in IoT environments in case of an incidence. The problem addressed in this paper, therefore, is that at the time of writing this paper, there still exist no IoT architectures that have a DFR capability that is able to attain incident preparedness across IoT environments as a mechanism of preparing for post-event response process. It is on this premise, that the authors are proposing an architecture for incorporating DFR to IoT domain for proper planning and preparing in the case of security incidents. It is paramount to note that the DFR mechanism in IoT discussed in this paper complies with ISO/IEC 27043: 2015, 27030:2012 and 27017: 2015 international standards. It is the authors’ opinion that the architecture is holistic and very significant in IoT forensics

Calm before the storm: the challenges of cloud computing in digital forensics

Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed