A Model to Facilitate Collaborative Digital Forensic Investigations for Law Enforcement: The Royal Oman Police as a Case Study

Younis Al-Husaini, Haider Al-Khateeb, Matthew Warren, Lei Pan

Research output: Chapter in Book/Published conference outputConference publication

Abstract

The development of criminal activities has consistently forced the evolution of investigative methods. Forensic sciences, including digital forensics, have been challenged by rapid technological developments, especially through the cloud computing revolution. Acquisition, integrity, and preservation of digital evidence is complicated in a cloud context owing to the technology's dispersed and dynamic nature. Additionally, the relationship between Cloud Service Providers (CSPs), as the incident first responders, and Law Enforcement Agencies (LEAs), who own the investigation processes, is multifaceted and highly governed by complex factors, including data protection laws.

This PhD research is unique in that it presents one of the first empirical studies to offer a better understanding of the uncertainty in the relationship between CSPs and LEAs during forensic investigations in cloud computing environments (cloud forensics). This thesis produces a holistic and heuristic framework that enables a theoretically-based description and analysis of the gap between the ideal and actual relationship between LEAs and CSPs. Moreover, this thesis addresses the need for a unified, collaborative model between LEAs and CSPs to facilitate compliant investigations.

This study, approved by the Omani National Digital Forensic Laboratory, ultimately aims to enhance trust and confidence between LEAs and local CSPs. A mixed-methods approach was conducted through a survey and focus groups that explored the perceptions of practitioners and professionals involved in corporate or national digital forensics projects as part of their roles in LEAs, CSPs, academia or industry in the Sultanate of Oman. In the first stage of the research, 118 responses were collected through an online questionnaire, 86 of which were complete and formed part of the analysis. The second stage, two focus groups, involved six practitioners and professionals. The convergence between participant responses reflects a gap manifested by the lack of laws and regulations, standard operating procedures, readiness and accountability, and anticipated cooperation between different organisations when investigations cover the cloud. This gap may affect aspects of cloud forensic investigations, including but not limited to credibility obligations under data protection laws and transparency towards CSP clients.
Original languageEnglish
Title of host publicationThe proceedings of 2018 Cyber Forensic & Security International Conference
EditorsBrian Cusack, Raymond Lutui
Publication statusPublished - Aug 2018
Event2018 Cyber Forensic and Security International Conference, Nuku’alofa, Kingdom of Tonga - Nuku’alofa, Tonga
Duration: 21 Aug 201823 Aug 2018

Conference

Conference2018 Cyber Forensic and Security International Conference, Nuku’alofa, Kingdom of Tonga
Country/TerritoryTonga
CityNuku’alofa
Period21/08/1823/08/18

Keywords

  • Cloud Forensics
  • Law Enforcement Agencies
  • Cloud Service Providers
  • Investigations

Fingerprint

Dive into the research topics of 'A Model to Facilitate Collaborative Digital Forensic Investigations for Law Enforcement: The Royal Oman Police as a Case Study'. Together they form a unique fingerprint.

Cite this