Skip to main content

Advances, Systems and Applications

Table 3 Expert reviews of the technological factors

From: Experts reviews of a cloud forensic readiness framework for organizations

Factor

Expert

Comment

Cloud infrastructure

C

In order to facilitate potential digital investigations and be forensically ready, organizations should prepare the underlying infrastructure to support digital forensics”.

B

Infrastructure has a direct impact on forensic readiness, so cloud infrastructure should correspond to digital forensics requirements”.

H

“It is important to prepare the infrastructure, but it is very difficult to amend it to fulfil forensics requirements”.

I

Historically, security and forensics by design have proved to be efficient and necessary approaches to provide sound forensics services”.

F

This is important to consider because of the chain of custody: it’s necessary to trace every location of evidence”.

Cloud architecture

B

Excellent architecture means excellent readiness for forensics”.

D

Correct architecture is required, as the digital forensic operator may not be involved and this piece is provided by the relevant ICT structure within the organization”.

C

Cloud architecture is required to facilitate extra information (e.g., logs, flows) to corroborate findings”.

J

The architecture has to support the running of processes”.

K

Correct architecture is important, as it standardizes the data flow, which means that it is far easier to track and retrieve”.

Forensic technologies

C

Although a good analyst can make do with existing tools, up-to-date forensics technologies are very important”.

J

The type of technology we choose determines if we can get credible evidence or not”.

K

Without cutting-edge gadgets, the forensics process is going to be difficult to conduct”.

E

I believe that forensic technologies are very important since those technologies will be the enablers of cloud forensic readiness”.

I

Given the distributed nature and massive computing technology, forensics technologies need to be designed in a way that takes advantage of the computing power and encapsulates intelligence to serve forensic acquisition, examination and analysis”.

Cloud security

B

Security is a very important part, specifically for a forensics team, as it can provide them with a secure environment in which to conduct their investigation”.

E

Obviously, security is still important because security measures are often more proactive than digital forensics measures”.

C

Security helps eliminate false positives if properly configured, understood, and monitored”.

H

Forensics and security bodies need to work together to gather evidence in a secure and forensic manner”.

G

When security and forensics teams work together, it can assist in evidence correlation and integration between incident handling and digital forensics practices”.