Universiti Teknologi Malaysia Institutional Repository

Enhanced forensic process model in cloud environment

Moussa, Ahmed Nour (2018) Enhanced forensic process model in cloud environment. PhD thesis, Universiti Teknologi Malaysia, Faculty of Engineering - School of Computing.

[img]
Preview
PDF
388kB

Official URL: http://dms.library.utm.my:8080/vital/access/manage...

Abstract

Digital forensics practitioners have used conventional digital forensics process models to investigate cloud security incidents. Presently, there is a lack of an agreed upon or a standard process model in cloud forensics. Besides, literature has shown that there is an explicit need for consumers to collect evidence for due-diligence or legal reasons. Furthermore, a consumer oriented cloud forensics process model is yet to be found in the literature. This has created a lack of consumer preparedness for cloud incident investigations and dependency on providers for evidence collection. This research addressed these limitations by developing a cloud forensic process model. A design science research methodology was employed to develop the model. A set of requirements believed to be solutions for the challenges reported in three survey papers were applied in this research. These requirements were mapped to existing cloud forensic process models to further explicate the weaknesses. A set of process models suitable for the extraction of necessary processes was selected based on the requirements, and these selected models constituted the cloud forensic process model. The processes were consolidated and the model was proposed to alleviate dependency on the provider problem. In this model, three digital forensic types including forensic readiness, live forensics and postmortem forensic investigations were considered. Besides, a Cloud-Forensic-as-a-Service model that produces evidence trusted by both consumers and providers through a conflict resolution protocol was also designed. To evaluate the utility and usability of the model, a plausible case scenario was investigated. For validation purposes, the cloud forensic process model together with its implementation in the case scenario and set of requirements were presented to a group of experts for evaluation. Effectiveness of the requirements was rated positive by the experts. The findings of the research indicated that the model can be used for cloud investigation and is rated easy to be used and adopted by consumers.

Item Type:Thesis (PhD)
Uncontrolled Keywords:cloud forensics, consumers, process models, investigations
Subjects:H Social Sciences > H Social Sciences (General)
Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Divisions:Computing
ID Code:98251
Deposited By: Yanti Mohd Shah
Deposited On:23 Nov 2022 08:21
Last Modified:23 Nov 2022 08:21

Repository Staff Only: item control page