Experts reviews of a cloud forensic readiness framework for organizations

Alenezi, Ahmed; Atlam, Hany F.; Wills, Gary

doi:10.1186/s13677-019-0133-z

Cited by 29 publications

(16 citation statements)

References 32 publications

(34 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CSP and client/investigator trust relationships are required at the highest level so that CSPs can provide specific information on request [51]. The authors of [52][53][54][55][56] have discussed using multiple layers of trust to allow customers and investigators to gather evidence, including VM images, network logs, processes and information. Both of these solutions seek to address the lack of transparency between CSPs and clients, which is why they build a relationship of trust.…”

Section: The Trust Model and Trust Cloudmentioning

confidence: 99%

“…Both of these solutions seek to address the lack of transparency between CSPs and clients, which is why they build a relationship of trust. However, as the authors of [51] point out, the level of dependence on the control aircraft is essential for the reliability model [53,54]. These solutions are also targeted at IaaS and PaaS models and cannot be successfully implemented in the SaaS model.…”

Section: The Trust Model and Trust Cloudmentioning

confidence: 99%

“…Cloud Forensic Readiness Framework [54] • Time, money and efforts have been reduced by thorough digital investigation and collection of data before the crime incidence.…”

Section: Collection and Preservation Stagesmentioning

confidence: 99%

“…Distributed Denial of Services (DDoS) and Malware Attacks [43]; 15. Dependencies due to service providers [43]; 16. In the public Cloud deployment model, consumers do not have physical access to the infrastructure, and their data privacy is much lower than those in the private cloud [54]; 17. Client computers in Cloud environments can provide minimal evidence due to the storage of real data on the CSP side [54];…”

Section: Open Problemsmentioning

confidence: 99%

See 3 more Smart Citations

Cloud and Edge Computing-Based Computer Forensics: Challenges and Open Problems

et al. 2021

View full text Add to dashboard Cite

In recent years, there has been a dramatic change in attitude towards computers and the use of computer resources in general. Cloud and Edge computing have emerged as the most widely used technologies, including fog computing and the Internet of Things (IoT). There are several benefits in exploiting Cloud and Edge computing paradigms, such as lower costs and higher efficiency. It provides data computation and storage where data are processed, enables better data control, faster understanding and actions, and continuous operation. However, though these benefits seem to be appealing, their effects on computer forensics are somewhat undesirable. The complexity of the Cloud and Edge environments and their key features present many technical challenges from multiple stakeholders. This paper seeks to establish an in-depth understanding of the impact of Cloud and Edge computing-based environmental factors. Software and hardware tools used in the digital forensic process, forensic methods for handling tampered sound files, hidden files, image files, or images with steganography, etc. The technical/legal challenges and the open design problems (such as distributed maintenance, multitasking and practicality) highlight the various challenges for the digital forensics process.

show abstract

Section: The Trust Model and Trust Cloudmentioning

confidence: 99%

Section: The Trust Model and Trust Cloudmentioning

confidence: 99%

“…Cloud Forensic Readiness Framework [54] • Time, money and efforts have been reduced by thorough digital investigation and collection of data before the crime incidence.…”

Section: Collection and Preservation Stagesmentioning

confidence: 99%

Section: Open Problemsmentioning

confidence: 99%

See 2 more Smart Citations

Cloud and Edge Computing-Based Computer Forensics: Challenges and Open Problems

et al. 2021

View full text Add to dashboard Cite

show abstract

“…While it is important to acknowledge that these models have offered very significant insights towards the development of IIRM, we put across one core advantage that IIRM holds. IIRM is able to cover pre-incident preparation that has explicitly been presented at a readiness phase [3], this phase not only is able to shorten the process of conducting an investigation in databases but also it saves time due to the availability of forensic evidence when needed [52][53]. As far as IIRM is concerned this would be executed by implementing security policies as was mentioned and highlighted previously in Figure 3.…”

Section: Recovering Database Operationsmentioning

confidence: 99%

Towards the Development of an Integrated Incident Response Model for Database Forensic Investigation Field

et al. 2020

View full text Add to dashboard Cite

For every contact that is made in a database, a digital trace will potentially be left and most of the database breaches are mostly aimed at defeating the major security goals (Confidentiality, Integrity, and Authenticity) of data that reside in the database. In order to prove/refute a fact during litigation, it is important to identify suitable investigation techniques that can be used to link a potential incident/suspect to the digital crime. As a result, this paper has proposed suitable steps of constructing and Integrated Incident Response Model (IIRM) that can be relied upon in the database forensic investigation field. While developing the IIRM, design science methodology has been adapted and the outcome of this study has shown significant and promising approaches that could be leveraged by digital forensic experts, legal practitioners and law enforcement agencies. This is owing to the fact, that IIRM construction has followed incident investigation principles that are stipulated in ISO guidelines. INDEX TERMS Database security, database forensics investigation, database incident, pre-incident response, during-incident response, post-incident response.

show abstract