CFRaaS: Architectural design of a Cloud Forensic Readiness as-a-Service Model using NMB solution as a forensic agent (original) (raw)

Forensic Process as a Service (FPaaS) for Cloud Computing

Cloud computing is the technology that enables individuals and businesses to utilize computing services (e.g. online file storage, social networking sites, webmail)and a shared pool of resources (e.g. data storage space, networks, user applications ) from anywhere over the Internet. Cloud computing has become popular as a cost-effective and convenient computing paradigm. However, cloud computing architecture is at its infancy stage and lacks support for security and forensic investigations. Due to the distributed and virtual nature of cloud, malicious activities can be carried out very easily and are very difficult to subsequently investigate. Cloud forensic investigators currently face challenges as they lack forensic tools and techniques in context of cloud. This highlights the need to develop the new research area of digital forensics in the cloud computing model. This paper presents a cloud forensic process that consists of (i) Identification, (ii) Collection/Acquisition and preservation, (iii) Examination/Processing and analysis, and (iv) Results dissemination phases. In addition, this paper develops the proposed forensic process as a service (FPaaS) using cloud-based Business Process Execution Language (BPEL) that combines the four phases/services into a new composite service called FPaaS.

Forensic-Enabled Security as a Service (FESaaS) -A Readiness Framework for Cloud Forensics

The ISC International Journal of Information Security, 2021

Digital forensics is a process of uncovering and exploring evidence from digital content. A growth in digital data in recent years has made it challenging for forensic investigators to uncover useful information. Moreover, the applied use of cloud computing has increased significantly in past few years and has introduced new challenges to forensic experts. Cloud forensics assist organizations who exercise due diligence and comply with the requirements related to sensitive information protection, maintain the records required for audits, and notify concerned parties when confidential information is compromised or exposed. One of the problems with cloud forensics is the limitation of cloud forensic models and guidelines. The aim of this project is to propose a new cloud forensic model that will help investigators and cloud service providers achieve digital forensic readiness within the cloud environment. To achieve this goal, we have studied and compared different forensic process models to determine their limitations. Based on results of this comparative study, a new cloud forensic framework– Forensic-enabled Security as a Service (FESaaS) is presented. The security and forensic layers are aggregated to discover evidence in the proposed framework. Compared to other cloud forensic frameworks, our framework deals with live data, reports, and logs. Thus, it is sufficient and provides the capability for rapid response. https://www.isecure-journal.com/article\_150546.html

Reference Architecture for a Cloud Forensic Readiness System

2014

The Digital Forensic science is participating to a brand new change represented by the management of incidents in the Cloud Computing Services. Due that the Cloud Computing architecture is uncontrollable because of some specific features, its use to commit crimes is becoming a very critical issue, too. Proactive Cloud Forensics becomes a matter of urgency, due to its capability of collecting critical data before crimes happen, thus saving time and money for the subsequent investigations. In this paper, a proposal for a Cloud Forensic Readiness System is presented. It is conceived as reference architecture, in order to be of general applicability, not technically constrained by any Cloud architecture. The principal aim of this work is to extend our initial proposed Cloud Forensic Readiness System reference architecture, by providing more details and an example of its application by exploiting the Open Stack Cloud Platform.

Forensic as a Service - FaaS

Proceedings of The Sixth International Conference on Forensic Computer Science, 2011

The extent to which cloud computing has become ubiquitous, we have experienced big changes in paradigms, from the time of centralized computing (mainframes) through decentralization and re-centralization interconnected via the Internet. The definition of what is cloud still causes great confusion in the industry, but the cloud is an evolution of the Internet that allows everything to be delivered as a service-Everything as a Service (EaaS, XaaS, *aaS). Our purpose is to demonstrate the use of the cloud to provide Forensic as a Service (FaaS) through flexible, elastic and dynamic platforms such as storage and processing power to "unlimited", besides demonstrating that the use of Forensic as a Service becomes an interesting alternative when working on large data sets.

FraaS: A Framework for Digital Forensic Services in a Cloud-based Environment

The International Journal of Forensic Computer Science, 2015

Digital forensics is the application of computer science to cater to legal needs. Quality digital forensic services are often encountered by various availability issues. The invention of cloud based services has now enabled researchers to build software or platform level based service channels. In this paper, a multi-tenant capacity framework where digital investigation can be provided as a service in the cloud has been proposed. One can use this service to perform forensic analysis on digital evidence. Services can be procured vide the forensic tools provided on a pay-per-use basis. This paper also suggests a proto-architecture of the proposed Forensics-as-a-Service framework along with its implementation module using SDNs. The architecture of FraaS is built around the NIST guidelines for the same.

A framework for designing cloud forensic‑enabled services (CFeS)

Cloud computing is used by consumers to access cloud services. Malicious actors exploit vulnerabilities of cloud services to attack consumers. The link between these two assumptions is the cloud service. Although cloud forensics assists in the direction of investigating and solving cloud-based cyber-crimes, in many cases the design and implementation of cloud services fall back. Software designers and engineers should focus their attention on the design and implementation of cloud services that can be investigated in a forensic sound manner. This paper presents a methodology that aims on assisting designers to design cloud forensic-enabled services. The methodology supports the design of cloud services by implementing a number of steps to make the services cloud forensic enabled. It consists of a set of cloud forensic constraints, a modeling language expressed through a conceptual model and a process based on the concepts identified and presented in the model. The main advantage of the proposed methodology is the correlation of cloud services' characteristics with the cloud investigation while providing software engineers the ability to design and implement cloud forensic-enabled services via the use of a set of predefined forensic-related tasks. Keywords Cloud forensics · Cloud forensic methodology · Cloud forensic process · Cloud forensic conceptual model · Cloud forensic constraints

Novel digital forensic readiness technique in the cloud environment

Australian Journal of Forensic Sciences, 2017

This paper examines the design and implementation of a feasible technique for performing Digital Forensic Readiness (DFR) in cloud computing environments. The approach employs a modified obfuscated Non-Malicious Botnet (NMB) whose functionality operates as a distributed forensic Agent-Based Solution (ABS) in a cloud environment with capabilities of performing forensic logging for DFR purposes. Under basic Service Level Agreements (SLAs), this proactive technique allows any organisation to perform DFR in the cloud without interfering with operations and functionalities of the existing cloud architecture or infrastructure and the collected file metadata. Based on the evaluation discussed, the effectiveness of our approach is presented as the easiest way of conducting DFR in the cloud environment as stipulated in the ISO/IEC 27043: 2015 international standard which is a standard of information technology, security techniques and incident investigation principles and processes. Through this technique, digital forensic analysts are able to maximize the potential use of digital evidence while minimizing the cost of conducting DFR. As a result of this process, the time and cost needed to conduct a Digital Forensic Investigation (DFI) is saved. As a consequence, the technique helps the law enforcement, forensic analysts and Digital Forensic Investigators (DFIs) during post-event response and in a court of law to develop a hypothesis in order to prove or disprove a fact during an investigative process, if there is an occurrence of a security incident. Experimental results of the developed prototype are described which conclude that the technique is effective in improving the planning and preparation of pre-incident detection during digital crime investigations. In spite of that, a comparison with other existing forensic readiness models has been conducted to show the effectiveness of the previously proposed Cloud Forensic Readiness as a Service (CFRaaS) model.