Proactive forensics: Keystroke logging from the cloud as potential digital evidence for forensic readiness purposes

Document Type

Conference Proceeding

Publication Title

Proceeding of the 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies

First Page


Last Page





Security Research Institute / School of Science




Makura, S. M., Venter, H. S., Ikuesan, R. A., Kebande, V. R., & Karie, N. M. (2020, February). Proactive Forensics: Keystroke Logging from the Cloud as Potential Digital Evidence for Forensic Readiness Purposes. In 2020 IEEE International Conference on Informatics, IoT, and Enabling Technologies (ICIoT) (pp. 200-205). IEEE. https://doi.org/10.1109/ICIoT48696.2020.9089494


© 2020 IEEE. The relationship between negative and positive connotations with regard to malware in the cloud is rarely investigated according to the prevailing literature. However, there is a significant relationship between the use of positive and negative connotations. A clear distinction between the two emanates when we use the originally considered malicious code, for positive connotation like in the case of capturing keystrokes in a proactive forensic purpose. This is done during the collection of digital evidence for Digital Forensic Readiness (DFR) purposes, in preparation of a Digital Forensic Investigation (DFI) process. The paper explores the problem of having to use the keystrokes for positive reasons as a piece of potential evidence through extraction and digitally preserving it as highlighted in ISO/IEC 27037: 2012 (security approaches) and ISO/IEC 27043: 2015 (legal connotations). In this paper, therefore, the authors present a technique of how DFR can be achieved through the collection of digital information from the originally considered malicious code. This is achieved without modifying the cloud operations or the infrastructure thereof, while preserving the integrity of digital information and possibly maintain the chain of custody at the same time. The paper proposes that the threshold of malicious code intrusion in the cloud can be transformed to an efficacious process of DFR through logical acquisition and digitally preserving keystrokes. The experiment-tested keystrokes have shown a significant approach that could achieve proactive forensics.



Access Rights

subscription content