This paper examines the design and implementation of a feasibletechnique for performing Digital Forensic Readiness (DFR) in cloudcomputing environments. The approach employs a modifiedobfuscated Non-Malicious Botnet (NMB) whose functionalityoperates as a distributed forensic Agent-Based Solution (ABS) in acloud environment with capabilities of performing forensic loggingfor DFR purposes. Under basic Service Level Agreements (SLAs), thisproactive technique allows any organization to perform DFR in thecloud without interfering with operations and functionalities of theexisting cloud architecture or infrastructure and the collected filemetadata. Based on the evaluation discussed, the effectiveness ofour approach is presented as the easiest way of conducting DFRin the cloud environment as stipulated in the ISO/IEC 27043: 2015international standard, which is a standard of information technology,security techniques and incident investigation principles andprocesses. Through this technique, digital forensic analysts are ableto maximize the potential use of digital evidence while minimizingthe cost of conducting DFR. As a result of this process, the timeand cost needed to conduct a Digital Forensic Investigation (DFI) issaved. As a consequence, the technique helps the law enforcement,forensic analysts and Digital Forensic Investigators (DFIs) duringpost-event response and in a court of law to develop a hypothesisin order to prove or disprove a fact during an investigative process,if there is an occurrence of a security incident. Experimental resultsof the developed prototype are described which conclude that thetechnique is effective in improving the planning and preparation ofpre-incident detection during digital crime investigations. In spite ofthat, a comparison with other existing forensic readiness models hasbeen conducted to show the effectiveness of the previously proposedCloud Forensic Readiness as a Service (CFRaaS) model.
展开▼
