Abstract:
The need to perform digital investigations has over the years led to the exponential growth of
the field of Digital Forensics (DF). However, quite a number of challenges face the act of
proving – for purposes of Digital Forensic Readiness (DFR) – that an electronic event has
occurred in cyberspace. The problem that this research addresses involves the challenges
faced when an Agent-Based Solution (ABS) is used in the cloud to extract Potential Digital
Evidence (PDE) for DFR purposes. Throughout the paper the authors have modified the
functionality of an initially malicious botnet to act as a distributed forensic agent to conduct
this process. The paper focuses on the general, technical and operational challenges that are
encountered when trying to achieve DFR in the cloud environment. The authors finally
propose a contribution by assessing the possible solutions from a general, technical and
operational point of view.