Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A Novel Cloud Forensic Readiness Service Model
Thesis (PhD)--University of Pretoria, 2017.
Saved in:
| Other Authors: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
University of Pretoria
2018
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613695690932224 |
|---|---|
| access_status_str | Open Access |
| author2 | Venter, Hein S. |
| author_browse | Venter, Hein S. |
| author_facet | Venter, Hein S. |
| collection | Thesis |
| dc_rights_str_mv | © 2018 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. |
| description | Thesis (PhD)--University of Pretoria, 2017. |
| format | Thesis |
| id | oai:repository.up.ac.za:2263/66140 |
| institution | University of Pretoria (South Africa) |
| language | English |
| last_indexed | 2026-06-10T12:40:14.504Z |
| license_str | Other — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UPSpace — University of Pretoria Institutional Repository |
| publishDate | 2018 |
| publishDateRange | 2018 |
| publishDateSort | 2018 |
| publisher | University of Pretoria |
| publisherStr | University of Pretoria |
| record_format | dspace |
| source_str | UPSpace — University of Pretoria Institutional Repository |
| spelling | oai:repository.up.ac.za:2263/66140 A Novel Cloud Forensic Readiness Service Model Venter, Hein S. vickkebande@gmail.com Kebande, Victor Rigworo UCTD Cloud forensics Digital forensics Cybersecurity Forensic readiness Engineering, built environment and information technology theses SDG-09 Engineering, built environment and information technology theses SDG-16 Thesis (PhD)--University of Pretoria, 2017. The ubiquity of the cloud has accelerated an abundance of modern Information and Communication Technology (ICT)-based technologies to be built based on the cloud infrastructures. This has increased the number of internet users, and has led to a substantial increase in the number of incidents related to information security in the recent past, in both the private and public sectors. This is mainly because criminals have increasingly used the cloud as an attack vector due to its prevalence, scalability and open nature. Such attacks have made it necessary to perform regular digital forensics analysis in cloud computing environments. Digital Forensics (DF) plays a significant role in information security by providing a scientific way of uncovering and interpreting evidence from digital sources that can be used in criminal, civil or corporate cases. It is mainly concerned with the investigation of crimes that are supported by digital evidence. Furthermore, DF is conducted for purposes of uncovering a potential security incident through Digital Forensic Investigations (DFIs). There is always some degree of uncertainty when cyber-security incidents occur in an organisation. This is because the investigation of cyber-security incidents, as compared to the investigation of physical crimes, is generally still in its infancy. Unless there are proper post-incident response and investigating strategies in place, there will always be questions about the level of trust and the integrity of digital forensic evidence in the cloud environment. The impact of cyber-security incidents can be enormous. Much damage has already been experienced in many organisations and a disparity between cyber-security incidents and digital investigations lies at the origin of where an incident is detected. Organisations need to reach a state of Digital Forensic Readiness (DFR), which implies that digital forensic planning, preparation must be in place, and that organisations can implement proper post-incident response mechanisms. However, research study on science and theories focused on the legal analysis of cloud computing has come under scrutiny because there are several constitutional and statutory provisions with regard to how digital forensic evidence can be acquired from Cloud Service Providers (CSPs). Nevertheless, for Digital Forensic Evidence (DFE) to satisfy admissibility conditions during legal proceedings in a court of law, acceptable DF processes should be systematically followed. Similarly, to enable digital forensic examination in cloud computing environments, it is paramount to understand the technology that is involved and the issues that relate to electronic discovery. At the time when this research thesis was being written, no forensic readiness model existed yet that focused on the cloud environment and that could help cloud-computing environments to plan and prepare to deal with cyber-security-related incidents. The aim of this research study is therefore to determine whether it is possible to achieve DFR in the cloud environment without necessarily having to modify the functionality and/or infrastructure of existing cloud architecture and without having to impose far-reaching architectural changes and incur high implementation costs. Considering the distributed and elastic nature of the cloud, there is a need for an easy way of conducting DFR by employing a novel software application as a prototype. In this research thesis, therefore, the researcher proposes a Cloud Forensic Readiness as a Service (CFRaaS) model and develops a CFRaaS software application prototype. The CFRaaS model employs the functionality of a malicious botnet, but its functionalities are modified to harvest digital information in the form of potential evidence from the cloud. The model digitally preserves such information and stores it in a digital forensic database for DFR purposes. The experiments conducted in this research thesis showed promising results because both the integrity of collected digital information and the constitutional and statutory conditions for digital forensic evidence acquisition have been maintained. Nevertheless, the CFRaaS software application prototype is important because it maximises the use of digital evidence while reducing the time and the cost needed to perform a DFI. The guidelines that have been used while conducting this process comply with ISO/IEC 27043:2015, namely Information Technology - Security techniques - Incident investigation principles and processes. The ISO/IEC 27043 international standard was used in this context to set the guidelines for common incident investigation processes. Based on this premise, the researcher was able to prove that DFR can be achieved in the cloud environment using this novel model. Nevertheless, the proposed CFRaaS concept prepares the cloud to be forensically ready for digital forensic investigations, without having to change the functionality and/or infrastructure of the existing cloud architecture. Several CFRaaS prototype implementation challenges have been discussed in this research thesis from a general, technical and operational point of view. Additionally, the researcher could relate the challenges to existing literature and eventually contributed by proposing possible high-level solutions for each associated challenge. University of Pretoria-UP Postgraduate Doctoral Research Award UP Research Support Special International Research Award bs2026 Computer Science PhD Unrestricted SDG-09: Industry, innovation and infrastructure SDG-16: Peace, justice and strong institutions 2018-08-14T11:04:54Z 2018-08-14T11:04:54Z 2018 2017 Thesis Kebande, VR 2017, A Novel Cloud Forensic Readiness Service Model, PhD Thesis, University of Pretoria, Pretoria, viewed yymmdd <http://hdl.handle.net/2263/66140> A2018 http://hdl.handle.net/2263/66140 en © 2018 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. application/pdf University of Pretoria |
| spellingShingle | UCTD Cloud forensics Digital forensics Cybersecurity Forensic readiness Engineering, built environment and information technology theses SDG-09 Engineering, built environment and information technology theses SDG-16 A Novel Cloud Forensic Readiness Service Model |
| title | A Novel Cloud Forensic Readiness Service Model |
| title_full | A Novel Cloud Forensic Readiness Service Model |
| title_fullStr | A Novel Cloud Forensic Readiness Service Model |
| title_full_unstemmed | A Novel Cloud Forensic Readiness Service Model |
| title_short | A Novel Cloud Forensic Readiness Service Model |
| title_sort | novel cloud forensic readiness service model |
| topic | UCTD Cloud forensics Digital forensics Cybersecurity Forensic readiness Engineering, built environment and information technology theses SDG-09 Engineering, built environment and information technology theses SDG-16 |
| url | http://hdl.handle.net/2263/66140 |