9 research outputs found
Functional Requirements for Adding Digital Forensic Readiness as a Security Component in IoT Environments
For every contact made on a digital device, a trace is left behind; this means that every digital device contains some form of electronic evidence that may be associated to the behaviour of the users in a given environment. This evidence can be used to prove or disprove facts if a cyber-incident is detected. However, the world has seen a shift on how devices communicate and connect as a result of increased devices and connectivity, which has led to the creation of “smart environments” where the Internet of Things (IoT) plays a key role. Still, we can harness this proliferation of digital devices and smart environments to Digital Forensic (DF) technology which might help to solve the puzzle of how proactive strategies can help to minimise the time and cost needed to conduct a digital investigation. This article introduces the Functional Requirements (FRs) and processes needed when Digital Forensic Readiness (DFR) process is employed as a security component in the IoT-based environment. The paper serves as a continuation of the initially proposed architecture for adding DFR as a security component to IoT environment. The aspects and claims presented in this paper can be used as basic building blocks for implementing DFR technologies that guarantee security in the IoT-based environment. It is worth noting again that the processes that have been defined in this paper comply with the ISO/IEC 27043: 2015 International Standard
On digital forensic readiness in the cloud using a distributed agent-based solution : issues and challenges
The need to perform digital investigations has over the years led to the exponential growth of
the field of Digital Forensics (DF). However, quite a number of challenges face the act of
proving – for purposes of Digital Forensic Readiness (DFR) – that an electronic event has
occurred in cyberspace. The problem that this research addresses involves the challenges
faced when an Agent-Based Solution (ABS) is used in the cloud to extract Potential Digital
Evidence (PDE) for DFR purposes. Throughout the paper the authors have modified the
functionality of an initially malicious botnet to act as a distributed forensic agent to conduct
this process. The paper focuses on the general, technical and operational challenges that are
encountered when trying to achieve DFR in the cloud environment. The authors finally
propose a contribution by assessing the possible solutions from a general, technical and
operational point of view.National Research Foundation [grant number UID85794].http://www.tandfonline.com/loi/tajf202017-06-30hb2016Computer Scienc
Novel digital forensic readiness technique in the cloud environment
This paper examines the design and implementation of a feasible
technique for performing Digital Forensic Readiness (DFR) in cloud
computing environments. The approach employs a modified
obfuscated Non-Malicious Botnet (NMB) whose functionality
operates as a distributed forensic Agent-Based Solution (ABS) in a
cloud environment with capabilities of performing forensic logging
for DFR purposes. Under basic Service Level Agreements (SLAs), this
proactive technique allows any organization to perform DFR in the
cloud without interfering with operations and functionalities of the
existing cloud architecture or infrastructure and the collected file
metadata. Based on the evaluation discussed, the effectiveness of
our approach is presented as the easiest way of conducting DFR
in the cloud environment as stipulated in the ISO/IEC 27043: 2015
international standard, which is a standard of information technology,
security techniques and incident investigation principles and
processes. Through this technique, digital forensic analysts are able
to maximize the potential use of digital evidence while minimizing
the cost of conducting DFR. As a result of this process, the time
and cost needed to conduct a Digital Forensic Investigation (DFI) is
saved. As a consequence, the technique helps the law enforcement,
forensic analysts and Digital Forensic Investigators (DFIs) during
post-event response and in a court of law to develop a hypothesis
in order to prove or disprove a fact during an investigative process,
if there is an occurrence of a security incident. Experimental results
of the developed prototype are described which conclude that the
technique is effective in improving the planning and preparation of
pre-incident detection during digital crime investigations. In spite of
that, a comparison with other existing forensic readiness models has
been conducted to show the effectiveness of the previously proposed
Cloud Forensic Readiness as a Service (CFRaaS) model.The work was supported by National Research Foundation (Grant No. UID85794).The National Research Foundation (Grant No. UID85794)http://www.tandfonline.com/loi/tajf202018-01-31hb2017Computer Scienc
Functional requirements for adding digital forensic readiness as a security component in IoT environments
For every contact made on a digital device, a trace is left behind; this means that every digital device contains some form of
electronic evidence that may be associated to the behaviour of the users in a given environment. This evidence can be used to prove or
disprove facts if a cyber-incident is detected. However, the world has seen a shift on how devices communicate and connect as a result
of increased devices and connectivity, which has led to the creation of “smart environments” where the Internet of Things (IoT) plays
a key role. Still, we can harness this proliferation of digital devices and smart environments to Digital Forensic (DF) technology which
might help to solve the puzzle of how proactive strategies can help to minimise the time and cost needed to conduct a digital
investigation. This article introduces the Functional Requirements (FRs) and processes needed when Digital Forensic Readiness
(DFR) process is employed as a security component in the IoT-based environment. The paper serves as a continuation of the initially
proposed architecture for adding DFR as a security component to IoT environment. The aspects and claims presented in this paper
can be used as basic building blocks for implementing DFR technologies that guarantee security in the IoT-based environment. It is
worth noting again that the processes that have been defined in this paper comply with the ISO/IEC 27043: 2015 International
Standard.http://ijaseit.insightsociety.orgam2018Computer Scienc
Adding digital forensic readiness as a security component to the IoT domain
The unique identities of remote sensing, monitoring, self-actuating, self–adapting and self-configuring “things” in Internet
of Things (IoT) has come out as fundamental building blocks for the development of “smart environments”. This experience has
begun to be felt across different IoT-based domains like healthcare, surveillance, energy systems, home appliances, industrial
machines, smart grids and smart cities. These developments have, however, brought about a more complex and heterogeneous
environment which is slowly becoming a home to cyber attackers. Digital Forensic Readiness (DFR) though can be employed as a
mechanism for maximizing the potential use of digital evidence while minimizing the cost of conducting a digital forensic investigation
process in IoT environments in case of an incidence. The problem addressed in this paper, therefore, is that at the time of writing this
paper, there still exist no IoT architectures that have a DFR capability that is able to attain incident preparedness across IoT
environments as a mechanism of preparing for post-event response process. It is on this premise, that the authors are proposing an
architecture for incorporating DFR to IoT domain for proper planning and preparing in the case of security incidents. It is
paramount to note that the DFR mechanism in IoT discussed in this paper complies with ISO/IEC 27043: 2015, 27030:2012 and
27017: 2015 international standards. It is the authors’ opinion that the architecture is holistic and very significant in IoT forensics.http://ijaseit.insightsociety.orgam2018Computer Scienc
Mapping digital forensic application requirement specification to an international standard
A potential security incident may go unsolved if standardized forensic approaches are not applied during lawful investigations. This paper highlights the importance of mapping the digital forensic application requirement specification to an international standard, precisely ISO/IEC 27043. The outcome of this work is projected to contribute to the problem of secure DF tool creation, and in the process address Software Requirements Specification (SRS) as a process of digital evidence admissibility.http://www.elsevier.com/locate/fsirhj2021Computer Scienc
Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring
An increase in the use of cloud computing technologies by organizations has
led to cybercriminals targeting cloud environments to orchestrate malicious
attacks. Conversely, this has led to the need for proactive approaches through
the use of digital forensic readiness (DFR). Existing studies have attempted to
develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to
address this limitation and further evaluate the degree of PDE relevance in an
operational platform, this study sought to develop a prototype in an operational
cloud environment to achieve DFR in the cloud. The prototype is deployed and
executed in cloud instances hosted on OpenStack: the operational cloud environment. The experiments performed in this study show that it is viable to attain
DFR in an operational cloud platform. Further observations show that the prototype is capable of harvesting digital data from cloud instances and store the data
in a forensic sound database. The prototype also prepares the operational cloud
environment to be forensically ready for digital forensic investigations without
alternating the functionality of the OpenStack cloud architecture by leveraging
the ISO/IEC 27043 guidelines on security monitoring.https://wileyonlinelibrary.com/journal/spy2Computer Scienc
A Novel Cloud Forensic Readiness Service Model
The ubiquity of the cloud has accelerated an abundance of modern Information and Communication Technology (ICT)-based technologies to be built based on the cloud infrastructures. This has increased the number of internet users, and has led to a substantial increase in the number of incidents related to information security in the recent past, in both the private and public sectors. This is mainly because criminals have increasingly used the cloud as an attack vector due to its prevalence, scalability and open nature. Such attacks have made it necessary to perform regular digital forensics analysis in cloud computing environments. Digital Forensics (DF) plays a significant role in information security by providing a scientific way of uncovering and interpreting evidence from digital sources that can be used in criminal, civil or corporate cases. It is mainly concerned with the investigation of crimes that are supported by digital evidence. Furthermore, DF is conducted for purposes of uncovering a potential security incident through Digital Forensic Investigations (DFIs).
There is always some degree of uncertainty when cyber-security incidents occur in an organisation. This is because the investigation of cyber-security incidents, as compared to the investigation of physical crimes, is generally still in its infancy. Unless there are proper post-incident response and investigating strategies in place, there will always be questions about the level of trust and the integrity of digital forensic evidence in the cloud environment. The impact of cyber-security incidents can be enormous. Much damage has already been experienced in many organisations and a disparity between cyber-security incidents and digital investigations lies at the origin of where an incident is detected. Organisations need to reach a state of Digital Forensic Readiness (DFR), which implies that digital forensic planning, preparation must be in place, and that organisations can implement proper post-incident response mechanisms.
However, research study on science and theories focused on the legal analysis of cloud computing has come under scrutiny because there are several constitutional and statutory provisions with regard to how digital forensic evidence can be acquired from Cloud Service Providers (CSPs). Nevertheless, for Digital Forensic Evidence (DFE) to satisfy admissibility conditions during legal proceedings in a court of law, acceptable DF processes should be systematically followed. Similarly, to enable digital forensic examination in cloud computing environments, it is paramount to understand the technology that is involved and the issues that relate to electronic discovery. At the time when this research thesis was being written, no forensic readiness model existed yet that focused on the cloud environment and that could help cloud-computing environments to plan and prepare to deal with cyber-security-related incidents.
The aim of this research study is therefore to determine whether it is possible to achieve DFR in the cloud environment without necessarily having to modify the functionality and/or infrastructure of existing cloud architecture and without having to impose far-reaching architectural changes and incur high implementation costs. Considering the distributed and elastic nature of the cloud, there is a need for an easy way of conducting DFR by employing a novel software application as a prototype. In this research thesis, therefore, the researcher proposes a Cloud Forensic Readiness as a Service (CFRaaS) model and develops a CFRaaS software application prototype. The CFRaaS model employs the functionality of a malicious botnet, but its functionalities are modified to harvest digital information in the form of potential evidence from the cloud. The model digitally preserves such information and stores it in a digital forensic database for DFR purposes.
The experiments conducted in this research thesis showed promising results because both the integrity of collected digital information and the constitutional and statutory conditions for digital forensic evidence acquisition have been maintained. Nevertheless, the CFRaaS software application prototype is important because it maximises the use of digital evidence while reducing the time and the cost needed to perform a DFI. The guidelines that have been used while conducting this process comply with ISO/IEC 27043:2015, namely Information Technology - Security techniques - Incident investigation principles and processes. The ISO/IEC 27043 international standard was used in this context to set the guidelines for common incident investigation processes. Based on this premise, the researcher was able to prove that DFR can be achieved in the cloud environment using this novel model.
Nevertheless, the proposed CFRaaS concept prepares the cloud to be forensically ready for digital forensic investigations, without having to change the functionality and/or infrastructure of the existing cloud architecture. Several CFRaaS prototype implementation challenges have been discussed in this research thesis from a general, technical and operational point of view. Additionally, the researcher could relate the challenges to existing literature and eventually contributed by proposing possible high-level solutions for each associated challenge.Thesis (PhD)--University of Pretoria, 2017.University of Pretoria-UP Postgraduate Doctoral Research AwardUP Research SupportSpecial International Research AwardComputer SciencePhDUnrestricte
Conceptual model for crowd-sourcing digital forensic evidence
COVID-19 scourge has made it challenging to combat digital crimes due to the complexity of attributing potential security incidents to perpetrators. Existing literature does not accurately pinpoint relevant models/frameworks that can be leveraged for crowd-sourcing digital forensic evidence. This paper suggests using feature engineering approaches for crowd-sourcing digital evidence to profile potential security incidents, for example, in a COVID-19 scenario. The authors have proposed a conceptual Crowd-sourcing (CRWD) model with three main components: Forensic data collection, feature engineering and the application of machine learning approaches, and also assessment with standardized reporting. This contribution is significantly poised to solve future investigative capabilities for forensic practitioners and computer security researchers.http://www.springer.com/series/151792023-03-03hj2022Computer Scienc