Advances, Systems and Applications
From: Experts reviews of a cloud forensic readiness framework for organizations
Factor | Expert | Comment |
---|---|---|
Cloud infrastructure | C | “In order to facilitate potential digital investigations and be forensically ready, organizations should prepare the underlying infrastructure to support digital forensics”. |
B | “Infrastructure has a direct impact on forensic readiness, so cloud infrastructure should correspond to digital forensics requirements”. | |
H | “It is important to prepare the infrastructure, but it is very difficult to amend it to fulfil forensics requirements”. | |
I | “Historically, security and forensics by design have proved to be efficient and necessary approaches to provide sound forensics services”. | |
F | “This is important to consider because of the chain of custody: it’s necessary to trace every location of evidence”. | |
Cloud architecture | B | “Excellent architecture means excellent readiness for forensics”. |
D | “Correct architecture is required, as the digital forensic operator may not be involved and this piece is provided by the relevant ICT structure within the organization”. | |
C | “Cloud architecture is required to facilitate extra information (e.g., logs, flows) to corroborate findings”. | |
J | “The architecture has to support the running of processes”. | |
K | “Correct architecture is important, as it standardizes the data flow, which means that it is far easier to track and retrieve”. | |
Forensic technologies | C | “Although a good analyst can make do with existing tools, up-to-date forensics technologies are very important”. |
J | “The type of technology we choose determines if we can get credible evidence or not”. | |
K | “Without cutting-edge gadgets, the forensics process is going to be difficult to conduct”. | |
E | “I believe that forensic technologies are very important since those technologies will be the enablers of cloud forensic readiness”. | |
I | “Given the distributed nature and massive computing technology, forensics technologies need to be designed in a way that takes advantage of the computing power and encapsulates intelligence to serve forensic acquisition, examination and analysis”. | |
Cloud security | B | “Security is a very important part, specifically for a forensics team, as it can provide them with a secure environment in which to conduct their investigation”. |
E | “Obviously, security is still important because security measures are often more proactive than digital forensics measures”. | |
C | “Security helps eliminate false positives if properly configured, understood, and monitored”. | |
H | “Forensics and security bodies need to work together to gather evidence in a secure and forensic manner”. | |
G | “When security and forensics teams work together, it can assist in evidence correlation and integration between incident handling and digital forensics practices”. |