University Of Pretoria Computer Science Department

PhD oral presentation: Victor Kebande

Posted by mriekert on Mon 29 Jan 2018, 14:31:27 Mon 29 Jan 2018, 14:31:27

Title: A Novel Cloud Forensic Readiness Service Model.
Venue: IT 4-66
Time: 10:00
Date: 1 February 2018

The ubiquity of the cloud has accelerated an abundance of modern Information and Communication Technology (ICT)-based technologies to be built based on the cloud infrastructures. This has increased the number of internet users, and has led to a substantial increase in the number of incidents related to information security in the recent past, in both the private and public sectors. This is mainly because criminals have increasingly used the cloud as an attack vector due to its prevalence, scalability and open nature. Such attacks have made it necessary to perform regular digital forensics analysis in cloud computing environments. Digital Forensics (DF) plays a significant role in information security by providing a scientific way of uncovering and interpreting evidence from digital sources that can be used in criminal, civil or corporate cases.
The aim of this research study is therefore to determine whether it is possible to achieve Digital Forensic Readiness (DFR) in the cloud environment without necessarily having to modify the functionality and/or infrastructure of existing cloud architecture and without having to impose far-reaching architectural changes and incur high implementation costs. Considering the distributed and elastic nature of the cloud, there is a need for an easy way of conducting DFR without employing a novel software application as a prototype.
In this research thesis, therefore, the researcher proposes a Cloud Forensic Readiness as a Service (CFRaaS) model and develops a CFRaaS software prototype. The CFRaaS model employs the functionality of a malicious botnet, but its functionalities are modified to harvest digital information in the form of potential evidence from the cloud. The model digitally preserves such information and stores it in a digital forensic database for DFR purposes.
Nevertheless, the CFRaaS software prototype is important because it maximises the use of digital evidence while reducing the time and the cost needed to perform a DFI in the cloud. The guidelines that have been used while conducting this process comply with ISO/IEC 27043:2015, namely Information Technology - Security techniques - Incident investigation principles and processes. Based on this premise, the researcher was able to show that DFR can be achieved in the cloud environment using this novel model.

All content copyright © Department of Computer Science, School of IT, University of Pretoria, South Africa