CFRaaS : architectural design of a cloud forensic readiness as-a-service model using NMB solution as a forensic agent

Abstract

The proliferation of cloud resources among organizations has had numerous benefits with regard to how business processes are conducted. However, despite the benefits, the cloud has not been very resilient due to how it is distributed and its open nature. Due to this, there have been numerous reports on how the security of organizational information has been compromised. In any organization, Digital Forensic Readiness (DFR) is employed as a pre-incident phase whose aim is to maximize the use of Potential Digital Evidence (PDE) while minimizing the cost of performing a Digital Forensic Investigation (DFI). Therefore, it is on this premise that this paper makes a contribution to the architectural design of a Cloud Forensic Readiness as-a-Service (CFRaaS) that uses a Non-Malicious Botnet (NMB) solution as a forensic agent. The authors argue that the architectural design of a CFRaaS is an important aspect, which brings out the requirements that are needed in order for the cloud to be forensically ready for digital investigations when a modified NMB acting as an Agent-Based Solution (ABS) is used. To support this claim, the authors have identified important dependencies and indicators that will provide a synergistic relationship while coming up with CFRaaS design decisions. The main objective of this paper is to present the requirements, design and implementation for achieving DFR in the cloud using a CFRaaS. This study complies with the ISO/IEC 27043: 2015 international standard which presents guidelines for Information Technology, Security Techniques and Incident Investigation Principles and Processes. The result of the study has indicated that it is possible to achieve DFR in the cloud environment using a botnet with modified functionalities.