Research Area:  Digital Forensics
During post-event response, proactive forensics is of critical importance in any organisation when conducting digital forensic investigations in cloud environments. However, there exist no reliable event reconstruction processes in the cloud that can help in analysis and examination of Digital Evidence (DE) aspects, during Digital Forensic Readiness (DFR) process, as defined in the standard of ISO/IEC 27043:2015. The problem that this paper addresses is the lack of an easy way of performing digital event reconstruction process when the cloud is forensically ready in preparation of a Digital Forensic Investigation (DFI). During DFR approaches, event reconstruction helps in examination and pre-analysis of the characteristics of potential security incidents. As a result, the authors have proposed an Enhanced Cloud Forensic Readiness (ECFR) process model with event reconstruction process that can support future investigative technologies with a degree of certainty. We also propose an algorithm that shows the methodology that is used to reconstruct events in the ECFR. The main focus of this work is to examine the addition of event reconstruction to the initially proposed Cloud Forensic Readiness (CFR) model, by providing a more enhanced and detailed cloud forensic readiness model.
Author(s) Name:   Victor R. Kebande; H.S. Venter
Conferrence name:  Information Security for South Africa (ISSA)
Publisher name:  IEEE
Paper Link:   https://ieeexplore.ieee.org/document/7335050