Integrating digital forensic practices in cloud incident handling

Rahman, Nurul Hidayah Ab; Choo, Kim‐Kwang Raymond

doi:10.1016/b978-0-12-801595-7.00017-3

Cited by 9 publications

(6 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…More specifically, including digital forensic practices will provide an in‐depth understanding of an incident, help identify perpetrators and potentially their motives, and identify appropriate response actions as well as improving the response strategy for rapid actions. This echoed the observations of Ab Rahman and Choo . For example, using forensic tools allowed us to recover data of forensic interest from the databases of apps, etc., which could be used to reconstruct the event.…”

Section: Discussionmentioning

confidence: 53%

See 1 more Smart Citation

Cloud incident handling and forensic‐by‐design: cloud storage as a case study

Rahman

Cahyani

Choo

2016

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

Summary Information security incident handling strategies or models are important to ensure the security of organisations, particularly in cloud and big data environments. However, existing strategies or models may not adequate as cloud data are generally virtualised, geographically distributed and ephemeral, presenting both technical and jurisdictional challenges. We present an integrated cloud incident handling and forensic‐by‐design model. We then seek to validate the model using a set of controlled experiments on a cloud‐related incident. Three popular cloud storage applications were deployed namely, Dropbox, Google Drive, and OneDrive. This study demonstrates the utility of the model for organisational cloud users to undertake incident investigations (e.g. collect and analyse residual data from cloud storage applications). Copyright © 2016 John Wiley & Sons, Ltd.

show abstract

Section: Discussionmentioning

confidence: 53%

“…In this study, we adapt our previously published models and present a refined model which integrates both cloud incident handling and forensic‐by‐design principles. We then demonstrate the utility of our model using a set of controlled experiments.…”

Section: Introductionmentioning

confidence: 99%

Cloud incident handling and forensic‐by‐design: cloud storage as a case study

Rahman

Cahyani

Choo

2016

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

show abstract

“…One potential future work is to develop and validate a cloud incident handling and forensic readiness model such as the model of Ab Rahman and Choo (Rahman and Choo, 2015b).…”

Section: Discussionmentioning

confidence: 99%

“…This concept of forensic readiness is important because not only does it facilitate digital investigations but it allows these activities to proceed with minimal interruption or cost to the business (Pangalos et al, 2010) (Rahman and Choo, 2015b). This concept of forensic readiness is important because not only does it facilitate digital investigations but it allows these activities to proceed with minimal interruption or cost to the business (Pangalos et al, 2010) (Rahman and Choo, 2015b).…”

mentioning

confidence: 99%

Cloud security and forensic readiness

Vidal

Choo

2015

The Cloud Security Ecosystem

Self Cite

View full text Add to dashboard Cite

“…In an extra effort in a recent work, to respond to the increased volume of forensic data and the sophisticated attacks targeting cloud services, the model was later enhanced to a cloud incident handling and forensics-by-design model. The efficacy of the model was then demonstrated by using Google Drive, Dropbox, and OneDrive [57][58][59][60].…”

Section: Cloud Forensics Process Modelsmentioning

confidence: 99%

CFaaS: bilaterally agreed evidence collection

2018

View full text Add to dashboard Cite

A common cloud forensic model proposed by researchers is 'Cloud-Forensic-as-a-Service' where consumers have to access it as a service to collect forensic data from cloud environments. The 'Cloud-Forensic-as-a-Service' model raises the question of how it collects digital evidence pertaining to an incident which occurred in the cloud. Currently, types of 'Cloud-Forensic-as-a-Service' systems in the literature show that the system is controlled and implemented by the cloud provider, where they unilaterally define the type of evidence that can be collected by the system. A serious limitation of this approach is that it does not offer the consumer sufficient means of performing reasonableness checks to verify that the provider is not accidentally or maliciously contaminating the evidence. To address the problem, the paper proposes a conceptual bilateral Cloud-Forensic-as-a-Service model where both consumers and providers can independently collect, verify the equity of the forensic analysis process and try to resolve potential disputes emerging from the independently collected results. The authors have developed a cloud forensic process model to lead common and significant aspects of a bilateral Cloud-Forensics-as-a-Service model. The paper explicitly discusses the concept of a bilateral Cloud-Forensic-asa-Service model.

show abstract

Integrating digital forensic practices in cloud incident handling

Cited by 9 publications

References 27 publications

Cloud incident handling and forensic‐by‐design: cloud storage as a case study

Cloud incident handling and forensic‐by‐design: cloud storage as a case study

Cloud security and forensic readiness

CFaaS: bilaterally agreed evidence collection

Contact Info

Product

Resources

About