Understanding Issues and Challenges of DFR Implementation in SDN Platform

Software-Defined Networking (SDN) is an evolutionary networking paradigm that offers simplified and agile network configuration and management capabilities. However, embracing this new and futuristic paradigm requires the understanding of Digital Forensics (DF) limitations that it presents. Studies show that the dynamism of SDN architecture impedes the preservation of Potential Digital Evidence (PDE) during a Digital Forensic Readiness (DFR) process. Therefore, the identification and acquisition of viable PDE in SDN platforms largely depends on the thorough understanding of the issues and challenges affecting the application of DFR in SDN platforms. For this reason, this study leverages a case study research methodology to empirically underline the forensic limitations and provide level of specificity with which these limitations affect the DFR process. The results of the case study combined with existing literature are used to expose the issues and challenges in a typical SDN testbed. The knowledge acquired from the state-of-the-art with respect to conducting DFR in an SDN platform addresses the knowledge gap of understanding these limitations

Real-time monitoring as a supplementary security component of vigilantism in modern network environments

© 2020, The Author(s). The phenomenon of network vigilantism is autonomously attributed to how anomalies and obscure activities from adversaries can be tracked in real-time. Needless to say, in today’s dynamic, virtualized, and complex network environments, it has become undeniably necessary for network administrators, analysts as well as engineers to practice network vigilantism, on traffic as well as other network events in real-time. The reason is to understand the exact security posture of an organization’s network environment at any given time. This is driven by the fact that modern network environments do, not only present new opportunities to organizations but also a different set of new and complex cybersecurity challenges that need to be resolved daily. The growing size, scope, complexity, and volume of networked devices in our modern network environments also makes it hard even for the most experienced network administrators to independently provide the breadth and depth of knowledge needed to oversee or diagnose complex network problems. Besides, with the growing number of Cyber Security Threats (CSTs) in the world today, many organisations have been forced to change the way they plan, develop and implement cybersecurity strategies as a way to reinforce their ability to respond to cybersecurity incidents. This paper, therefore, examines the relevance of Real-Time Monitoring (RTM) as a supplementary security component of vigilantism in modern network environments, more especially for proper planning, preparedness, and mitigation in case of a cybersecurity incident. Additionally, this paper also investigates some of the key issues and challenges surrounding the implementation of RTM for security vigilantism in our modern network environments

Ontology‐driven perspective of CFRaaS

A Cloud Forensic Readiness as a Service (CFRaaS) model allows an environment to preemptively accumulate relevant potential digital evidence (PDE) which may be needed during a post‐event response process. The benefit of applying a CFRaaS model in a cloud environment, is that, it is designed to prevent the modification/tampering of the cloud architectures or the infrastructure during the reactive process, which if it could, may end up having far‐reaching implications. The authors of this article present the reactive process as a very costly exercise when the infrastructure must be reprogrammed every time the process is conducted. This may hamper successful investigation from the forensic experts and law enforcement agencies perspectives. The CFRaaS model, in its current state, has not been presented in a way that can help to classify or visualize the different types of potential evidence in all the cloud deployable models, and this may limit the expectations of what or how the required PDE may be collected. To address this problem, the article presents the CFRaaS from a holistic ontology‐driven perspective, which allows the forensic experts to be able to apply the CFRaaS based on its simplicity of the concepts, relationship or semantics between different form of potential evidence, as well as how the security of a digital environment being investigated could be upheld. The CFRaaS in this context follows a fundamental ontology engineering approach that is based on the classical Resource Description Framework. The proposed ontology‐driven approach to CFRaaS is, therefore, a knowledge‐base that uses layer‐dependencies, which could be an essential toolkit for digital forensic examiners and other stakeholders in cloud‐security. The implementation of this approach could further provide a platform to develop other knowledge base components for cloud forensics and security

Quantifying the need for supervised machine learning in conducting live forensic analysis of emergent configurations (ECO) in IoT environments

© 2020 The Author(s) Machine learning has been shown as a promising approach to mine larger datasets, such as those that comprise data from a broad range of Internet of Things devices, across complex environment(s) to solve different problems. This paper surveys existing literature on the potential of using supervised classical machine learning techniques, such as K-Nearest Neigbour, Support Vector Machines, Naive Bayes and Random Forest algorithms, in performing live digital forensics for different IoT configurations. There are also a number of challenges associated with the use of machine learning techniques, as discussed in this paper

Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring

An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. The prototype is deployed and executed in cloud instances hosted on OpenStack: the operational cloud environment. The experiments performed in this study show that it is viable to attain DFR in an operational cloud platform. Further observations show that the prototype is capable of harvesting digital data from cloud instances and store the data in a forensic sound database. The prototype also prepares the operational cloud environment to be forensically ready for digital forensic investigations without alternating the functionality of the OpenStack cloud architecture by leveraging the ISO/IEC 27043 guidelines on security monitoring.https://wileyonlinelibrary.com/journal/spy2Computer Scienc

Towards a digital policing in developing nations : the Nigerian context

Technology-assisted living is a growing trend in most developing nations, particularly for young-aged demographic countries, as it presents a platform for personal development and knowledge management. However, this societyscaping trend has also introduced the myriad opportunity for the formation of complex crime, which is often beyond the (immediate) capability of the policing entity in developing nations. To address this lingering and futuristic problem, particularly in Nigeria, this study developed a context-based digital policing framework for the enhancement of the Nigerian Police. This Nigerian-context framework presents the viability and relevance of the digital policing mechanism in addressing challenges ravaging society. Furthermore, it also presents a modality for improving and enhancing the policing apparatus of the Nigerian society, as a model for other developing nations. The knowledge from the Nigerian-context of digital policing has both research and societal implications. In terms of research, it opens the community of security researchers into the contextual characteristics of digital policing as well as the probable research direction required to implement digital policing in developing nations. With respect to society, knowledge provides a substratum for the integration of the community-policing model.https://www.ijitee.orgpm2020Computer Scienc

Real-time monitoring as a supplementary security component of vigilantism in modern network environments

The phenomenon of network vigilantism is autonomously attributed to how anomalies and obscure activities from adversaries can be tracked in realtime. Needless to say, in today dynamic, virtualized, and complex network environments, it has become undeniably necessary for network administrators, analysts as well as engineers to practice network vigilantism, on traffic as well as other network events in real-time. The reason is to understand the exact security posture of an organization network environment at any given time. This is driven by the fact that modern network environments do, not only present new opportunities to organizations but also a different set of new and complex cybersecurity challenges that need to be resolved daily. The growing size, scope, complexity, and volume of networked devices in our modern network environments also makes it hard even for the most experienced network administrators to independently provide the breadth and depth of knowledge needed to oversee or diagnose complex network problems. Besides, with the growing number of Cyber Security Threats in the world today, many organizations have been forced to change the way they plan, develop and implement cybersecurity strategies as a way to reinforce their ability to respond to cybersecurity incidents. This paper, therefore, examines the relevance of RealTime Monitoring (RTM) as a supplementary security component of vigilantism in modern network environments, more especially for proper planning, preparedness, and mitigation in case of a cybersecurity incident. Additionally, this paper also investigates some of the key issues and challenges surrounding the implementation of RTM for security vigilantism in our modern network environments.Comment: 13 page

Realising a Push Button Modality for Video-Based Forensics

Complexity and sophistication among multimedia-based tools have made it easy for perpetrators to conduct digital crimes such as counterfeiting, modification, and alteration without being detected. It may not be easy to verify the integrity of video content that, for example, has been manipulated digitally. To address this perennial investigative challenge, this paper proposes the integration of a forensically sound push button forensic modality (PBFM) model for the investigation of the MP4 video file format as a step towards automated video forensic investigation. An open-source multimedia forensic tool was developed based on the proposed PBFM model. A comprehensive evaluation of the efficiency of the tool against file alteration showed that the tool was capable of identifying falsified files, which satisfied the underlying assertion of the PBFM model. Furthermore, the outcome can be used as a complementary process for enhancing the evidence admissibility of MP4 video for forensic investigation.Validerad;2021;Nivå 2;2021-04-12 (alebob)</p

Research Challenges and Opportunities in Drone Forensics Models

The emergence of unmanned aerial vehicles (also referred to as drones) has transformed the digital landscape of surveillance and supply chain logistics, especially in terrains where such was previously deemed unattainable. Moreover, the adoption of drones has further led to the proliferation of diverse drone types and drone-related criminality, which has introduced a myriad of security and forensics-related concerns. As a step towards understanding the state-of-the-art research into these challenges and potential approaches to mitigation, this study provides a detailed review of existing digital forensic models using the Design Science Research method. The outcome of this study generated in-depth knowledge of the research challenges and opportunities through which an effective investigation can be carried out on drone-related incidents. Furthermore, a potential generic investigation model has been proposed. The findings presented in this study are essentially relevant to forensic researchers and practitioners towards a guided methodology for drone-related event investigation. Ultimately, it is important to mention that this study presents a background for the development of international standardization for drone forensics.Validerad;2021;Nivå 2;2021-06-28 (alebob)</p