Document Type
Journal Article
Publication Title
Security and Privacy
Volume
4
Issue
e149
Publisher
Wiley
School
School of Science / ECU Security Research Institute
RAS ID
35482
Abstract
An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. The prototype is deployed and executed in cloud instances hosted on OpenStack: the operational cloud environment. The experiments performed in this study show that it is viable to attain DFR in an operational cloud platform. Further observations show that the prototype is capable of harvesting digital data from cloud instances and store the data in a forensic sound database. The prototype also prepares the operational cloud environment to be forensically ready for digital forensic investigations without alternating the functionality of the OpenStack cloud architecture by leveraging the ISO/IEC 27043 guidelines on security monitoring.
DOI
10.1002/spy2.149
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License
Comments
Makura, S., Venter, H. S., Kebande, V. R., Karie, N. M., Ikuesan, R. A., & Alawadi, S. (2021). Digital forensic readiness in operational cloud leveraging ISO/IEC 27043 guidelines on security monitoring. Security and Privacy, 4(3), article e149. https://doi.org/10.1002/spy2.149