Preview

Forensic Readiness High Level Recommendation Analysis

Good Essays
Open Document
Open Document
807 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Forensic Readiness High Level Recommendation Analysis
6.1 Forensic Readiness High Level Recommendation
The following briefly summarize the sets of high-level recommendations both law enforcement and CSP could learn from to establish between themselves as a mean of collaborative work initiative in combating cybercrime. At the same time to establish a firm incident response procedure and process to smoothen investigation in light of crime committed against or originated by the cloud:

• Collaborative Forensic Workflow: To establish an appropriate level of cooperation between law enforcement and cloud service provider in a shared investigation platform / process / procedure. This collaborative cooperation is paramount and should be protected legally by a standard mutual agreement between the two.
…show more content…
Figure 10: Proposed Cloud Forensic Acquisition Structure
On the right side of the diagram represent the cloud infrastructure which in the earlier chapter describes different model of cloud services i.e. Private, Public and Hybrid Cloud. These cloud services offers Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).

The middle component operates as the core forensic function where its primary objective is to interfaces with external forensic requirements such as law enforcement and other external forensic investigation agencies. This eventually will provide acquisition instructions i.e. access logs or snapshots needed for extraction by law enforcement. In other word, CSP have their own forensic staff that is capable and competent in operating forensic procedures. Having this module interfacing as an independent function could reduce direct interference with the provider’s core business
…show more content…
In chapter five (5), the author [37] illustrated briefly on Provenance process and how it can be beneficial in understanding the chronological order of object metadata when it was firstly accessed, modified or deleted and how it can help investigation in mapping objects to its users. Here (referring to the same middle component), provenance could be used as a mean of forensic medium to help CSP’s forensic staff in providing law enforcement with more evidential forensic information.

Referring to the same forensic function on the diagram, apart from data provenance which is useful when it comes to cloud storage, it is also recommend to incorporate the LDF2C framework as described in chapter five (5) into use as it could help law enforcement (via the forensic function) to acquire evidence artifacts i.e. log from various layer of the cloud as explained in the same

You May Also Find These Documents Helpful

  • Good Essays

    RLG206

    • 540 Words
    • 2 Pages

    Refers to the relationship b/w objects, is important in crime scene investigation and in determination of forensic significance what is context?…

    • 540 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Forensics2E Lab02 AW

    • 256 Words
    • 2 Pages

    In this lab, you acted as a forensic specialist assisting the lead forensics investigator at the Cyber…

    • 256 Words
    • 2 Pages
    Satisfactory Essays
  • Satisfactory Essays

    The evidence collection process is very extensive and must be accurately recorded and preserved. First there should be a plan of action. This includes making sure everyone at the scene knows how the evidence will be documented. If not all are on the same course of action important evidence could be damaged or removed. For example if an investigator walks on a footprint that was left by the suspect it probably won’t be able to get an accurate picture of the evidence and it is lost.…

    • 673 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    The BTK Killer

    • 654 Words
    • 3 Pages

    In the case of the BTK killer the metadata that the forensic examiner was able to uncover was the fact that the user account of the computer being used was named “Dennis” and it gave specific details about the location of the computer. The computers that were used were identified as one at public library and a computer at the church. All of this information was located in the “properties” section of the document. The details the metadata provided about the church then prompted the investigators to conduct an internet search on church and found that there was a Dennis Raider on staff. Additionally the metadata was able to provide the date the file was created, the date that the file was modified, and the date that the file was printed. Metadata is used in all forms of digital media to include documents, web pages, videos, images and much more. The metadata in this case was created automatically by the Microsoft Office application and was saved even though Dennis Raider deleted the file from the disk.…

    • 654 Words
    • 3 Pages
    Good Essays
  • Good Essays

    Crime scene investigators oversee a myriad of complex crime scenes such as armed robberies, home invasions, homicides, sexual assaults, and other property crimes. The CSI created a crime scene perimeter before investigating. CSI is responsible for collecting, documenting, securing, and properly storing all of the evidence found at a crime scene. Processing a crime scene can be a tedious process that takes several hours, and CSIs must pay careful attention to every detail to avoid overlooking critical evidence. The entire scene can and will be photographed, either by the CSI, as the evidence is collected. CSIs must follow strict protocols for collecting trace evidence such as hair, fibers, glass, paint, or dirt in order to maintain integrity of the chain of evidence. They record each item that found, including its location and any other pertinent information, and catalog and seal the item for transportation to the lab.…

    • 822 Words
    • 4 Pages
    Good Essays
  • Satisfactory Essays

    Week 5 Assignment

    • 349 Words
    • 1 Page

    A computer forensic investigation has three phases. List what they are and describe the activities that happen in each phase. The three phases of computer forensic investigations are; acquire the evidence, authenticate the evidence, and analyze the evidence. In acquiring the evidence the data is collected. Authenticating the evidence a chain of custody is used for the evidence to ensure its trustworthiness. Finally in analyzing the evidence the data is viewed and if need be a copy of the evidence can be created.…

    • 349 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    Lab 1

    • 414 Words
    • 2 Pages

    1. What is the main purpose of a software tool like WinAudit in computer forensics?…

    • 414 Words
    • 2 Pages
    Satisfactory Essays
  • Good Essays

    1.06 Review

    • 379 Words
    • 2 Pages

    2. Why do you think forensic science has been increasingly used by the criminal justice system?…

    • 379 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    Unit One Text Questions

    • 338 Words
    • 1 Page

    2. Why do you think forensic science has been increasingly used by the criminal justice system?…

    • 338 Words
    • 1 Page
    Satisfactory Essays
  • Satisfactory Essays

    After the preservation phase, forensics are required to locate and identify any evidence that can be used to aid the crime case. There are several locations where evidence are usually found such as in the hard drive on the user’s personal computer, laptop, smart phone or tablet (ACPO, 2012). It is also critical that forensics are aware of the intention of the particular investigation. This aids in the forensics' efforts of locating digital evidences that are relevant to the case. For example, in the case of a server intrusion, forensics should look out for signs such as a rootkit installation, analyze configuration files, logs files and etc. These are possible locations and processes where traces of evidence can be picked out from (Carrier and Spafford, 2003).…

    • 257 Words
    • 2 Pages
    Satisfactory Essays
  • Powerful Essays

    Forensic science is a separate entity from the police; although a large portion of the work is obtains through law enforcement. Forensic science is a recognizable component of policing during criminal investigation. The successful resolution from a crime scene involves preventing the site from being contaminated. This helps assures a great deal of gathering and interpreting evidence that could lead to an accurate interpretation of the event. The advances in technology are being applied to forensic science; a field in which technical is achieved by many factors such as including training, experience, continued education, and scientific methodology (NYSP, 2007).…

    • 1454 Words
    • 6 Pages
    Powerful Essays
  • Better Essays

    Dr Zakaria Erzinçlioglu (2006, p. 14) states that “the techniques of forensic science are the techniques of reconstructing the past.” The ability to reconstruct the past enables the jury and the judge to properly establish the guilt or innocence of the accused with supporting evidence.…

    • 1467 Words
    • 6 Pages
    Better Essays
  • Good Essays

    This paper will identify two forensic settings and two external dimensions of forensic treatments. It will explain similarities and differences terms of external dimensions of forensic treatment settings. It will reveal a conclusion of insight that was gained as a result.…

    • 475 Words
    • 2 Pages
    Good Essays
  • Satisfactory Essays

    The different types of services described in the Figure 1.2, description of each service in the cloud computing described in next section.…

    • 475 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    During a crime scene investigation, evidence are the most important aspects to solve the crime. The evidence left on or around the scene can be used to investigate and identify the perpetrator. “Once the crime scene has been thoroughly documented and the locations of the evidence noted, then the collection process can begin. The collection process will usually start with the collection of the most fragile or most easily lost evidence. Special consideration can also be given to any evidence or objects which need to be moved. Collection can then continue along the crime scene trail or in some other logical manner.” (Schiro, n.d.)…

    • 1311 Words
    • 6 Pages
    Better Essays