Abstract:
Currently, about half of all global enterprises are adopting and using some form of cloud computing services. In cloud computing, potential digital evidence is distributed across multiple isolated virtual machine instances. Investigating deleted or inactive virtual instances of a cloud is a challenge to digital forensics, and the traditional methods of digital forensics are inadequate to address such digital forensic investigation. Users of the public cloud (whether a potential victim of a cyberattack, a cybercriminal or a digital forensic investigator) inherently communicate using natural human language in the form of sentences and semantics in document messaging such as texts, emails or instant messages. Consequently, natural human language interaction provides a unique identifier for cloud users. This study leverages the natural human language as an identifier to develop a novel digital forensic readiness (DFR) framework for cloud computing to detect cybercrime. The DFR framework comprises the integration of natural language processing techniques in designing a process that mimics a near real-time approach towards cybercrime detection in a cloud environment. Natural language understanding techniques are used to analyse textdata of users in the public cloud and textdata of reported cybercrimes to develop a DFR framework. In the preliminary formation of the DFR framework, the output shows that cybercrime attacks that are in progress in the form of textdata such as online documents, instant messages or emails within an organizational cloud domain can be identified, and potentially investigated swiftly, using the unique signature of users as identifiers. When adopted, the proposed DFR framework can minimize the time lapses in incident identification and reduce the subsequent investigation time of cybercrimes in the public cloud domain.