• DocumentCode
    3544270
  • Title

    Guidelines for procedures of a harmonised digital forensic process in network forensics

  • Author

    Sibiya, George ; Venter, H.S. ; Ngobeni, Sipho ; Fogwill, Thomas

  • Author_Institution
    Meraka Inst., Council for Sci. & Ind. Res. (CSIR), Pretoria, South Africa
  • fYear
    2012
  • fDate
    15-17 Aug. 2012
  • Firstpage
    1
  • Lastpage
    7
  • Abstract
    Cloud computing is a new computing paradigm that presents fresh research issues in the field of digital forensics. Cloud computing builds upon virtualisation technologies and is distributed in nature. Depending on its implementation, the cloud can span across numerous countries. Its distributed nature and virtualisation introduces digital forensic research issues that include among others difficulty in identifying and collecting forensically sound evidence. Even if the evidence may be identified and essential tools for collecting the evidence are acquired, it may be illegal to access computer data residing beyond the jurisdiction of a forensic investigator. The investigator needs to acquire a search warrant that can be executed in a specific foreign country - which may not be a single country due to the distributed nature of the cloud. Obtaining warrants for numerous countries at once may be costly and time consuming. Some countries may also fail to comply with the demands of cloud forensics. Since the field of digital forensics is itself still in its infancy, it lacks standardised forensic processes and procedures. Thus, digital forensic investigators are able to collect evidence, but often fail in following a valid investigation process that is acceptable in a court of law. In addressing digital forensic issues such as the above, the authors are writing a series of papers that are aimed at providing guidelines for digital forensic procedures in a cloud environment. Live forensics and network forensics constitute an integral part of cloud forensics. A paper that deals with guidelines for digital forensic procedures in live forensics was submitted elsewhere. The current paper is therefore the second in a series where the authors propose and present guidelines for digital forensic procedures in network forensics. The authors eventually aim to have guidelines for digital forensic procedures in a cloud environment as the last paper in the series.
  • Keywords
    cloud computing; computer forensics; virtualisation; cloud computing; cloud forensics; computer data access; computing paradigm; digital forensic procedures; distributed nature; forensic investigator; harmonised digital forensic process; network forensics; search warrant; sound evidence; virtualisation technologies; Cloud computing; Computers; Digital forensics; Documentation; Guidelines; Planning; cloud computing; network forensics; procedures and processes;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Security for South Africa (ISSA), 2012
  • Conference_Location
    Johannesburg, Gauteng
  • Print_ISBN
    978-1-4673-2160-0
  • Type

    conf

  • DOI
    10.1109/ISSA.2012.6320451
  • Filename
    6320451
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3544270