Abstract
The development of criminal activities has consistently forced the evolution of investigative methods. Forensic sciences, including digital forensics, have been challenged by rapid technological developments, especially through the cloud computing revolution. Acquisition, integrity, and preservation of digital evidence is complicated in a cloud context owing to the technology's dispersed and dynamic nature. Additionally, the relationship between Cloud Service Providers (CSPs), as the incident first responders, and Law Enforcement Agencies (LEAs), who own the investigation processes, is multifaceted and highly governed by complex factors, including data protection laws.
This PhD research is unique in that it presents one of the first empirical studies to offer a better understanding of the uncertainty in the relationship between CSPs and LEAs during forensic investigations in cloud computing environments (cloud forensics). This thesis produces a holistic and heuristic framework that enables a theoretically-based description and analysis of the gap between the ideal and actual relationship between LEAs and CSPs. Moreover, this thesis addresses the need for a unified, collaborative model between LEAs and CSPs to facilitate compliant investigations.
This study, approved by the Omani National Digital Forensic Laboratory, ultimately aims to enhance trust and confidence between LEAs and local CSPs. A mixed-methods approach was conducted through a survey and focus groups that explored the perceptions of practitioners and professionals involved in corporate or national digital forensics projects as part of their roles in LEAs, CSPs, academia or industry in the Sultanate of Oman. In the first stage of the research, 118 responses were collected through an online questionnaire, 86 of which were complete and formed part of the analysis. The second stage, two focus groups, involved six practitioners and professionals. The convergence between participant responses reflects a gap manifested by the lack of laws and regulations, standard operating procedures, readiness and accountability, and anticipated cooperation between different organisations when investigations cover the cloud. This gap may affect aspects of cloud forensic investigations, including but not limited to credibility obligations under data protection laws and transparency towards CSP clients.
This PhD research is unique in that it presents one of the first empirical studies to offer a better understanding of the uncertainty in the relationship between CSPs and LEAs during forensic investigations in cloud computing environments (cloud forensics). This thesis produces a holistic and heuristic framework that enables a theoretically-based description and analysis of the gap between the ideal and actual relationship between LEAs and CSPs. Moreover, this thesis addresses the need for a unified, collaborative model between LEAs and CSPs to facilitate compliant investigations.
This study, approved by the Omani National Digital Forensic Laboratory, ultimately aims to enhance trust and confidence between LEAs and local CSPs. A mixed-methods approach was conducted through a survey and focus groups that explored the perceptions of practitioners and professionals involved in corporate or national digital forensics projects as part of their roles in LEAs, CSPs, academia or industry in the Sultanate of Oman. In the first stage of the research, 118 responses were collected through an online questionnaire, 86 of which were complete and formed part of the analysis. The second stage, two focus groups, involved six practitioners and professionals. The convergence between participant responses reflects a gap manifested by the lack of laws and regulations, standard operating procedures, readiness and accountability, and anticipated cooperation between different organisations when investigations cover the cloud. This gap may affect aspects of cloud forensic investigations, including but not limited to credibility obligations under data protection laws and transparency towards CSP clients.
Original language | English |
---|---|
Title of host publication | The proceedings of 2018 Cyber Forensic & Security International Conference |
Editors | Brian Cusack, Raymond Lutui |
Publication status | Published - Aug 2018 |
Event | 2018 Cyber Forensic and Security International Conference, Nuku’alofa, Kingdom of Tonga - Nuku’alofa, Tonga Duration: 21 Aug 2018 → 23 Aug 2018 |
Conference
Conference | 2018 Cyber Forensic and Security International Conference, Nuku’alofa, Kingdom of Tonga |
---|---|
Country/Territory | Tonga |
City | Nuku’alofa |
Period | 21/08/18 → 23/08/18 |
Keywords
- Cloud Forensics
- Law Enforcement Agencies
- Cloud Service Providers
- Investigations