The following briefly summarize the sets of high-level recommendations both law enforcement and CSP could learn from to establish between themselves as a mean of collaborative work initiative in combating cybercrime. At the same time to establish a firm incident response procedure and process to smoothen investigation in light of crime committed against or originated by the cloud:
• Collaborative Forensic Workflow: To establish an appropriate level of cooperation between law enforcement and cloud service provider in a shared investigation platform / process / procedure. This collaborative cooperation is paramount and should be protected legally by a standard mutual agreement between the two. …show more content…
Figure 10: Proposed Cloud Forensic Acquisition Structure
On the right side of the diagram represent the cloud infrastructure which in the earlier chapter describes different model of cloud services i.e. Private, Public and Hybrid Cloud. These cloud services offers Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS).
The middle component operates as the core forensic function where its primary objective is to interfaces with external forensic requirements such as law enforcement and other external forensic investigation agencies. This eventually will provide acquisition instructions i.e. access logs or snapshots needed for extraction by law enforcement. In other word, CSP have their own forensic staff that is capable and competent in operating forensic procedures. Having this module interfacing as an independent function could reduce direct interference with the provider’s core business …show more content…
In chapter five (5), the author [37] illustrated briefly on Provenance process and how it can be beneficial in understanding the chronological order of object metadata when it was firstly accessed, modified or deleted and how it can help investigation in mapping objects to its users. Here (referring to the same middle component), provenance could be used as a mean of forensic medium to help CSP’s forensic staff in providing law enforcement with more evidential forensic information.
Referring to the same forensic function on the diagram, apart from data provenance which is useful when it comes to cloud storage, it is also recommend to incorporate the LDF2C framework as described in chapter five (5) into use as it could help law enforcement (via the forensic function) to acquire evidence artifacts i.e. log from various layer of the cloud as explained in the same