Digital Forensic Model for a Cloud Environment
Cloud computing is a relatively new computing paradigm that builds upon virtualisation technologies to provide hardware, platforms and software as services over the Internet. The cloud can be deployed in four basic deployment models namely private cloud, community cloud, public cloud and hybrid c...
| Main Author: | |
|---|---|
| Other Authors: | |
| Language: | en |
| Published: |
2015
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/2263/50434 Sibiya, MG 2015, Digital Forensic Model for a Cloud Environment, PhD Thesis, University of Pretoria, Pretoria, viewed yymmdd <http://hdl.handle.net/2263/50434> |
| id |
ndltd-netd.ac.za-oai-union.ndltd.org-up-oai-repository.up.ac.za-2263-50434 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-netd.ac.za-oai-union.ndltd.org-up-oai-repository.up.ac.za-2263-504342017-07-20T04:12:21Z Digital Forensic Model for a Cloud Environment Sibiya, Mhlupheki George Venter, Hein S. gsibiya@csir.co.za UCTD Cloud computing is a relatively new computing paradigm that builds upon virtualisation technologies to provide hardware, platforms and software as services over the Internet. The cloud can be deployed in four basic deployment models namely private cloud, community cloud, public cloud and hybrid cloud. Private cloud is owned and utilised by a single organisation and may be hosted internally and by a third party. The community clouds is meant for organisations with similar business interests, while the public cloud is accessible to the general public over the Internet. The hybrid cloud is a combination of any of the other cloud deployment models.All the cloud deployment models are characterised by multi-tenancy, namely data belonging to multiple users reside on the same physical host. Powering off a multi-tenant host would disrupt co-hosted services in a physical host which would then affect their availability. This affects other tenants that are not related to an incident. The cloud is distributed and often spans multiple jurisdictions. Its distributed nature also prevents conventional procedures for collecting evidence data and preservation. New approaches in conducting digital forensic investigations are required. In this thesis, different dimensions of digital forensic challenges brought by the advent of cloud computing are presented. The extent to which traditional digital forensic approaches address the issue of digital forensics in cloud environments are also presented. Digital forensic standards are considered important in this thesis as they are an aspect that can contribute positively to investigating cloud environments when multi-jurisdictional collaboration is required. Standards can also enhance acceptability of digital forensic evidence gathered from cloud environments. As a solution towards addressing issues of digital forensic investigation in cloud environments, in this thesis the author presents standard procedures that can be used to conduct a digital forensic investigation in cloud environments. To enable execution of these procedures, a cloud forensic service model is presented that guides digital forensic investigators through a standardised collaborative process of investigating cloud environments. Both proposed digital forensic procedures and the service mentioned above were evaluated in a private cloud environment. Evaluation results have shown that a collaborative environment can be used to investigated cloud-based incident scenes in a standardised and cost efficient manner. Thesis (PhD)--University of Pretoria, 2015. tm2015 Computer Science PhD Unrestricted 2015-11-12T11:11:10Z 2015-11-12T11:11:10Z 2015 2015 Thesis http://hdl.handle.net/2263/50434 Sibiya, MG 2015, Digital Forensic Model for a Cloud Environment, PhD Thesis, University of Pretoria, Pretoria, viewed yymmdd <http://hdl.handle.net/2263/50434> S2015 en © 2015 University of Pretoria. All rights reserved. The copyright in this work vests in the University of Pretoria. No part of this work may be reproduced or transmitted in any form or by any means, without the prior written permission of the University of Pretoria. |
| collection |
NDLTD |
| language |
en |
| sources |
NDLTD |
| topic |
UCTD |
| spellingShingle |
UCTD Sibiya, Mhlupheki George Digital Forensic Model for a Cloud Environment |
| description |
Cloud computing is a relatively new computing paradigm that builds upon virtualisation
technologies to provide hardware, platforms and software as services over the
Internet. The cloud can be deployed in four basic deployment models namely private
cloud, community cloud, public cloud and hybrid cloud. Private cloud is owned and
utilised by a single organisation and may be hosted internally and by a third party.
The community clouds is meant for organisations with similar business interests, while
the public cloud is accessible to the general public over the Internet. The hybrid cloud
is a combination of any of the other cloud deployment models.All the cloud deployment
models are characterised by multi-tenancy, namely data belonging to multiple
users reside on the same physical host. Powering off a multi-tenant host would disrupt
co-hosted services in a physical host which would then affect their availability. This
affects other tenants that are not related to an incident. The cloud is distributed and
often spans multiple jurisdictions. Its distributed nature also prevents conventional
procedures for collecting evidence data and preservation. New approaches in conducting
digital forensic investigations are required. In this thesis, different dimensions of
digital forensic challenges brought by the advent of cloud computing are presented.
The extent to which traditional digital forensic approaches address the issue of digital
forensics in cloud environments are also presented. Digital forensic standards are considered
important in this thesis as they are an aspect that can contribute positively to
investigating cloud environments when multi-jurisdictional collaboration is required.
Standards can also enhance acceptability of digital forensic evidence gathered from
cloud environments. As a solution towards addressing issues of digital forensic investigation
in cloud environments, in this thesis the author presents standard procedures
that can be used to conduct a digital forensic investigation in cloud environments. To enable execution of these procedures, a cloud forensic service model is presented
that guides digital forensic investigators through a standardised collaborative process
of investigating cloud environments. Both proposed digital forensic procedures and
the service mentioned above were evaluated in a private cloud environment. Evaluation
results have shown that a collaborative environment can be used to investigated
cloud-based incident scenes in a standardised and cost efficient manner. === Thesis (PhD)--University of Pretoria, 2015. === tm2015 === Computer Science === PhD === Unrestricted |
| author2 |
Venter, Hein S. |
| author_facet |
Venter, Hein S. Sibiya, Mhlupheki George |
| author |
Sibiya, Mhlupheki George |
| author_sort |
Sibiya, Mhlupheki George |
| title |
Digital Forensic Model for a Cloud Environment |
| title_short |
Digital Forensic Model for a Cloud Environment |
| title_full |
Digital Forensic Model for a Cloud Environment |
| title_fullStr |
Digital Forensic Model for a Cloud Environment |
| title_full_unstemmed |
Digital Forensic Model for a Cloud Environment |
| title_sort |
digital forensic model for a cloud environment |
| publishDate |
2015 |
| url |
http://hdl.handle.net/2263/50434 Sibiya, MG 2015, Digital Forensic Model for a Cloud Environment, PhD Thesis, University of Pretoria, Pretoria, viewed yymmdd <http://hdl.handle.net/2263/50434> |
| work_keys_str_mv |
AT sibiyamhluphekigeorge digitalforensicmodelforacloudenvironment |
| _version_ |
1718500256953401344 |