A digital forensic readiness architecture for online examinations

Some institutions provide online courses to students to ease the courses’ workload. Online courses can also be convenient because the online course content management software conducts marking of tests and examinations. However, a few students could be willing to exploit such a system’s weaknesses in a bid to cheat in online examinations because invigilators are absent. Proactive measures are needed and measures have to be implemented in order to thwart unacceptable behaviour in situations where there is little control of students’ conduct. Digital Forensic Readiness (DFR) employs a proactive approach for an organisation to be forensically prepared for situations where there is little control over people. This can be achieved by gathering, storing and handling incident response data, with the aim of reducing the time and cost that would otherwise be spent in a post-event response process. The problem this paper addresses is that, at the time of writing this paper, there existed no known DFR architecture that can be used to collect relevant information for DFR purposes, specifically in the course of an online examination, as described in the standard published by the International Standards Organisation (ISO) and the International Electrotechnical Commission (IEC) (ISO/IEC 27043:2015) for incident investigation principles and processes. Due to the lack of DFR architecture, the authors propose an Online Examination Digital Forensic Readiness Architecture (OEDFRA) that can be used to achieve DFR when online examinations are conducted. This architecture employs already existing DFR techniques, discussed in the study, to help educational institutions achieve DFR in online examinations. This architecture, (OEDFRA), when implemented, will be tested in future research in order to confirm its contribution to the field of DFR.http://sacj.cs.uct.ac.zaam2019Computer Scienc

Introduction of concurrent processes into the digital forensic investigation process

Performing a digital forensic investigation requires a formalized process to be followed. It also requires that certain principles are applied, such as preserving of digital evidence and documenting actions. The need for a harmonized and standardized digital forensic investigation process has been recognized in the digital forensics community and much scientific work has been undertaken to produce digital forensic investigation process models, albeit with many disparities within the different models. The problem is that these existing models do not include any processes dealing explicitly with concurrent digital forensic principles. This leaves room for human error and omissions, as there is a lack of clear guidelines on the implementation of digital forensic principles. This paper proposes the introduction of concurrent processes into the digital forensic investigation process model. The authors define concurrent processes as the actions which should be conducted in parallel with other processes within the digital forensic investigation process, with the aim to fulfill digital forensic investigation principles. The concept of concurrent processes is a novel contribution that aims to enable more efficient and effective digital forensic investigations, while reducing the risk of human error and omissions which result in digital evidence being contaminated.http://www.tandfonline.com/loi/tajf202016-07-06hb201

Architecture for the proactive acquisition and analysis of forensic information in cloud systems

Cloud systems have to deal with massive amounts of distributed, volatile data which makes forensic investigations difficult. Using the NIST reference architecture, a system is devised to proactively capture forensic data that can be used in an investigation. The system proposes using nested virtual machines with forensic capabilities.A selection of conference proceedings: Student Symposium in Science, 29–30 October 2015, University of the Free State, South Africa.http://www.satnt.ac.za/am2017Computer Scienc

Machine-learning forensics : state of the art in the use of machine-learning techniques for digital forensic investigations within smart environments

Recently, a world-wide trend has been observed that there is widespread adoption across all fields to embrace smart environments and automation. Smart environments include a wide variety of Internet-of-Things (IoT) devices, so many challenges face conventional digital forensic investigation (DFI) in such environments. These challenges include data heterogeneity, data distribution, and massive amounts of data, which exceed digital forensic (DF) investigators’ human capabilities to deal with all of these challenges within a short period of time. Furthermore, they significantly slow down or even incapacitate the conventional DFI process. With the increasing frequency of digital crimes, better and more sophisticated DFI procedures are desperately needed, particularly in such environments. Since machine-learning (ML) techniques might be a viable option in smart environments, this paper presents the integration of ML into DF, through reviewing the most recent papers concerned with the applications of ML in DF, specifically within smart environments. It also explores the potential further use of ML techniques in DF in smart environments to reduce the hard work of human beings, as well what to expect from future ML applications to the conventional DFI process.https://www.mdpi.com/journal/applsciComputer Scienc

A comprehensive and harmonized digital forensic investigation process model

Performing a digital forensic investigation (DFI) requires a standardized and formalized process. There is currently neither an international standard nor does a global, harmonized DFI process (DFIP) exist. The authors studied existing state-of-the-art DFIP models and concluded that there are significant disparities pertaining to the number of processes, the scope, the hierarchical levels and concepts applied. This paper proposes a comprehensive model that harmonizes existing models. An effort was made to incorporate all types of processes proposed by the existing models, including those aimed at achieving digital forensic readiness. The authors introduce a novel class of processes called concurrent processes. This is a novel contribution that should, together with the rest of the model, enable more efficient and effective DFI, while ensuring admissibility of digital evidence. Ultimately, the proposed model is intended to be used for different types of DFI and should lead to standardization.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-40292016-11-30hb201

Combating mobile spam through Botnet detection using artificial immune systems

Malicious software (malware) infects large numbers of mobile devices. Once infected these mobile devices may be involved in many kinds of online criminal activity, including identity theft, unsolicited commercial SMS messages, scams and massive coordinated attacks. Until recently, mobile networks have been relatively isolated from the Internet, so there has been little need to protect them against Botnets. Mobile networks are now well integrated with the internet, so threats on the internet, such as Botnets, have started to migrate to mobile networks. This paper studies the potential threat of Botnets based on mobile networks, and proposes the use of computational intelligence techniques to detect Botnets. We then simulate mobile Bot detection by detecting anomalies using an artificial immune system implementation on an Android device.http://www.jucs.org/;internal&action=noaction&Parameter=120816403095

The architecture of a digital forensic readiness management system

A coordinated approach to digital forensic readiness (DFR) in a large organisation requires the management and monitoring of a wide variety of resources, both human and technical. The resources involved in DFR in large organisations typically include staff from multiple departments and business units, as well as network infrastructure and computing platforms. The state of DFR within large organisations may therefore be adversely affected if the myriad human and technical resources involved are not managed in an optimal manner. This paper contributes to DFR by proposing the novel concept of a digital forensic readiness management system (DFRMS). The purpose of a DFRMS is to assist large organisations in achieving an optimal level of management for DFR. In addition to this, we offer an architecture for a DFRMS. This architecture is based on requirements for DFR that we ascertained from an exhaustive review of the DFR literature. We describe the architecture in detail and show that it meets the requirements set out in the DFR literature. The merits and disadvantages of the architecture are also discussed. Finally, we describe and explain an early prototype of a DFRMS.http://www.elsevier.com/locate/cosehb201

Toward a general ontology for digital forensic disciplines

Ontologies are widely used in different disciplines as a technique for representing and reasoning about domain knowledge. However, despite the widespread ontology-related research activities and applications in different disciplines, the development of ontologies and ontology research activities are still wanting in digital forensic disciplines. This paper therefore presents the case for establishing an ontology for digital forensic disciplines. Such an ontology would enable better categorisation of digital forensic disciplines, as well as help with the development of methodologies that can offer direction in different areas of digital forensics, such as professional specialisation, certifications, development digital forensic tools, curricula and educational materials. In addition, the ontology presented in this paper can be used, for example, to better organise digital forensics domain knowledge and explicitly describe the discipline's semantics in a common way. Finally, this paper is meant to spark discussions and further research on an internationally agreed ontological distinction of the digital forensic disciplines. Digital forensic disciplines ontology is a novel approach towards organising the digital forensics domain knowledge and constitutes the main contribution of this paper.http://onlinelibrary.wiley.com/journal/10.1111/(ISSN)1556-4029hb201

FReadyPass : a digital forensic ready passport to control access to data across jurisdictional boundaries

Cloud computing offers users access to information from anywhere by duplicating and distributing information to multiple data centres around the globe. The distribution of information in such a manner presents a significant challenge if the need arises to locate a specific digital object. Such a need could stem from legislation put in place by governments or organizations concerned with the protection of sensitive information, such as the European Union’s Data Protection Directive, which states that sensitive information should not leave the jurisdiction of the European Union. In this article, the authors look at the requirements for securing sensitive information in the cloud and address many of the challenges associated with cloud forensics. The authors address a critical issue regarding sensitive information and the cloud, that of monitoring and controlling the flow of information across jurisdictional boundaries. The authors propose a model for controlling the access of information across jurisdictional boundaries, as well as for capturing the necessary provenance data to report on the traveling history of a digital object and storing this information in a digital forensic ready manner. Should that object ever be required in a digital forensic investigation, it can easily be located.The University of Pretoria, the South African National Research Foundation (NRF) and GEW Technologies.http://www.tandfonline.com/loi/tajf202019-04-05hj2018Computer Scienc

Novel digital forensic readiness technique in the cloud environment

This paper examines the design and implementation of a feasible technique for performing Digital Forensic Readiness (DFR) in cloud computing environments. The approach employs a modified obfuscated Non-Malicious Botnet (NMB) whose functionality operates as a distributed forensic Agent-Based Solution (ABS) in a cloud environment with capabilities of performing forensic logging for DFR purposes. Under basic Service Level Agreements (SLAs), this proactive technique allows any organization to perform DFR in the cloud without interfering with operations and functionalities of the existing cloud architecture or infrastructure and the collected file metadata. Based on the evaluation discussed, the effectiveness of our approach is presented as the easiest way of conducting DFR in the cloud environment as stipulated in the ISO/IEC 27043: 2015 international standard, which is a standard of information technology, security techniques and incident investigation principles and processes. Through this technique, digital forensic analysts are able to maximize the potential use of digital evidence while minimizing the cost of conducting DFR. As a result of this process, the time and cost needed to conduct a Digital Forensic Investigation (DFI) is saved. As a consequence, the technique helps the law enforcement, forensic analysts and Digital Forensic Investigators (DFIs) during post-event response and in a court of law to develop a hypothesis in order to prove or disprove a fact during an investigative process, if there is an occurrence of a security incident. Experimental results of the developed prototype are described which conclude that the technique is effective in improving the planning and preparation of pre-incident detection during digital crime investigations. In spite of that, a comparison with other existing forensic readiness models has been conducted to show the effectiveness of the previously proposed Cloud Forensic Readiness as a Service (CFRaaS) model.The work was supported by National Research Foundation (Grant No. UID85794).The National Research Foundation (Grant No. UID85794)http://www.tandfonline.com/loi/tajf202018-01-31hb2017Computer Scienc