Victor R. Kebande

Adding event reconstruction to a Cloud Forensic Readiness model

During post-event response, proactive forensics is of critical importance in any organisation when conducting digital forensic investigations in cloud environments. However, there exist no reliable event reconstruction processes in the cloud that can help in analysis and examination of Digital Evidence (DE) aspects, during Digital Forensic Readiness (DFR) process, as defined in the standard of ISO/IEC 27043:2015. The problem that this paper addresses is the lack of an easy way of performing digital event reconstruction process when the cloud is forensically ready in preparation of a Digital Forensic Investigation (DFI). During DFR approaches, event reconstruction helps in examination and pre-analysis of the characteristics of potential security incidents. As a result, the authors have proposed an Enhanced Cloud Forensic Readiness (ECFR) process model with event reconstruction process that can support future investigative technologies with a degree of certainty. We also propose an algorithm that shows the methodology that is used to reconstruct events in the ECFR. The main focus of this work is to examine the addition of event reconstruction to the initially proposed Cloud Forensic Readiness (CFR) model, by providing a more enhanced and detailed cloud forensic readiness model.

On digital forensic readiness in the cloud using a distributed agent-based solution: issues and challenges

The need to perform digital investigations has, over the years, led to the exponential growth of the field of Digital Forensics (DF). However, quite a number of challenges face the act of proving – for purposes of Digital Forensic Readiness (DFR) – that an electronic event has occurred in cyberspace. The problem that this research addresses involves the challenges faced when an Agent-Based Solution (ABS) is used in the cloud to extract Potential Digital Evidence (PDE) for DFR purposes. Throughout the paper the authors have modified the functionality of an initially malicious botnet to act as a distributed forensic agent to conduct this process. The paper focuses on the general, technical and operational challenges that are encountered when trying to achieve DFR in the cloud environment. The authors finally propose a contribution by assessing the possible solutions from a general, technical and operational point of view.

Novel digital forensic readiness technique in the cloud environment

Abstract This paper examines the design and implementation of a feasible technique for performing Digital Forensic Readiness (DFR) in cloud computing environments. The approach employs a modified obfuscated Non-Malicious Botnet (NMB) whose functionality operates as a distributed forensic Agent-Based Solution (ABS) in a cloud environment with capabilities of performing forensic logging for DFR purposes. Under basic Service Level Agreements (SLAs), this proactive technique allows any organization to perform DFR in the cloud without interfering with operations and functionalities of the existing cloud architecture or infrastructure and the collected file metadata. Based on the evaluation discussed, the effectiveness of our approach is presented as the easiest way of conducting DFR in the cloud environment as stipulated in the ISO/IEC 27043: 2015 international standard, which is a standard of information technology, security techniques and incident investigation principles and processes. Through this technique, digital forensic analysts are able to maximize the potential use of digital evidence while minimizing the cost of conducting DFR. As a result of this process, the time and cost needed to conduct a Digital Forensic Investigation (DFI) is saved. As a consequence, the technique helps the law enforcement, forensic analysts and Digital Forensic Investigators (DFIs) during post-event response and in a court of law to develop a hypothesis in order to prove or disprove a fact during an investigative process, if there is an occurrence of a security incident. Experimental results of the developed prototype are described which conclude that the technique is effective in improving the planning and preparation of pre-incident detection during digital crime investigations. In spite of that, a comparison with other existing forensic readiness models has been conducted to show the effectiveness of the previously proposed Cloud Forensic Readiness as a Service (CFRaaS) model.

Building Ontologies for Digital Forensic Terminologies

Digital forensics (DF) is a relatively new discipline with a lot of technical and non-technical terminologies that can be hard to comprehend. During a timeintensive digital forensic investigation process, for example, investigators may at times encounter several new terminologies. In such a scenario, the time required to unearth and analyse the root cause of a potential security incident might be influenced by the complexity involved in resolving the meaning of new terminologies encountered. The difficulty lies in the lack of an approach in DF that can help investigators in resolving the meaning of terminologies or even how these terminologies are perceived by individuals especially when used in their domain of expertise. If existing digital forensic tools, for example, were to be designed in such a way as to allow investigators to automatically resolve or incorporate the meaning of new terminologies used or encountered during investigations, then the time required to unearth and analyse the root cause of a security incident might be reduced extensively. The main problem addressed in this paper therefore, is that, there exists no approaches in DF that have the ability to help investigators in reasoning with regard to the perceived meaning of different digital forensic terminologies encountered during a digital forensics investigation process. Existing tools thus needs to incorporate new approaches that can help in resolving or clarifying the meaning of new terminologies used during investigation processes. For this reason, this paper examines the concept of building ontologies for digital forensic terminologies and proposes an ontological approach to resolve the meaning of different digital forensic terminologies. Besides, ontologies are known to provide a form of knowledge in a given discipline of interest. In the authors’ opinion, thus, building ontologies for digital forensic terminologies can support the development of future investigative tools as well as new techniques to a degree of certainty.

A Framework for Integrating Multimodal Biometrics with Digital Forensics

Multimodal biometrics represents various categories of morphological and intrinsic aspects with two or more computerized biological characteristics such as facial structure, retina, keystrokes dynamics, voice print, retinal scans, and patterns for iris, facial recognition, vein structure, scent, hand geometry, and signature recognition. The objectives of Digital Forensics (DF), on the other hand, is to inspect digital media in a forensically sound manner with the essence of identifying, discovering, recovering, analysing the artifacts and presenting facts and suggestions about the discovered information to any court of law or civil proceedings. Because the accuracy of biometric indicators may rarely be investigated during a digital forensic investigation processes, integrating digital forensics with multimodal biometrics can enable effective digital forensic investigations on multiple captured physiological and behavioural characteristics. This paper, therefore, presents a self-adaptive approach for integrating digital forensics with multimodal biometrics. This is motivated by the fact that, as of the time of writing this paper, there is lack of effective and standardised methods for performing digital investigation across multimodal biometric indicators. In addition, there are also no proper digital forensic biometric management strategies in place. For this reason, to enable effective digital investigations on multiple captured physiological and behavioural characteristics, this paper aims at proposing a framework that is meant to facilitate the integration of DF and multimodal biometrics. The framework is also meant to enhance the analysis of potential digital evidence during investigations. Integrating multimodal biometrics and digital forensics using the proposed framework gives a promising approach to add value especially in enforcing security measures in different systems as well as a restricting factor to unauthorized access key discoveries. The integration of digital forensics with multimodal biometrics is the main focus of this paper.

Towards an e-government framework for the Republic of Uganda

The growth experienced in Internet usage has had a great impact on how government institutions execute tasks and how information is shared information amongst them. For this matter, different governments from different countries have adopted the usage of Information and Communication Technology (ICT) platforms in order to ease the delivery and to enhance effective delivery of services to their nationals through the use Electronic-government (eGovernment) frameworks. Many countries have benefited tremendously from using eGovernment structures and service delivery in certain areas of the economy has greatly improved. However, this kind of development is yet to reach the Republic of Uganda at the time of writing this paper. Therefore, the problem this paper addresses is that, there still exists no eGovernment framework in the Republic of Uganda (Rep. of Ug) at the time of writing this research paper. Due to lack of such a framework, service delivery and communication between nationals and their elected government officials is very poor and slow. The authors of this paper propose an eGovernment framework that has a possibility of being incorporated in the Rep. of Uganda. With this, the authors of this paper believe that the conclusions drawn from this paper can be used in the development and formulation of a more detailed and cutting-edge eGovernment framework not just for the Rep. of Ug but also those other countries that are yet to adopt this kind of framework. Also, this framework can be used to draw attention of the Rep. of Ugandas government officials responsible for making future plans of the country.

A proposed digital forensic investigation framework for an eGovernment structure for Uganda

So much research that has been done concerning eGovernment (eGov) frameworks. However, little focus has been put towards the use of Digital Forensics (DF) to conduct a proper Digital Forensic Investigation (DFI) in eGovernment frameworks. One reason for this may be because current DF tools were not developed to handle different eGov frameworks and their setup specifically. Therefore, gathering, examining and the general analysis of potential digital evidence when presented in courts of law becomes a great challenge to law enforcement officers/agencies and DF investigators (DFi). The problem addressed in this paper is, at the time of writing this paper, there exists no properly acceptable DFI framework that can be used to carry out a standard DFI in an eGovernment platform specifically for the case of the Republic of Uganda. Therefore, the author of this paper proposes a digital forensic investigation framework for eGov structure specifically focussing on Uganda. The proposed framework is based on the international standard for digital forensic investigation ISO/lEC 27043:2015. The author of this paper is of the belief that in future, the proposed framework can easily be incorporated into future DF tools development thereby facilitating the design of effective DFI tools in eGov platforms. Also, this research is meant to capture the attention of government officials in Uganda so as to fully develop and adopt a standard eGov forensic investigation process for Uganda.

Onto-Engineering: A Conceptual framework for Integrating Requirement Engineering Process with scientifically tuned Digital Forensics Ontologies

A framework for integrating Requirement Engineering (RE) with scientifically tuned Digital Forensics Ontologies (SDFO) envisages a semantic web-driven approach that is able to provide a shared understanding of unifying RE techniques coupled with digital investigation techniques that are tuned from an ontological perspective. In the context of this paper, RE has been portrayed as a discipline that can not only be able to validate, specify, analyse and provide elicitation of the requirements but also to manage them effectively. Nevertheless, SDFO have been employed as bodies of knowledge that provides a shared understanding of knowledge or discipline within the Digital Forensic (DF) domain that helps to solve some given problems. Mainly, this requires the mapping/integrating of RE processes to DF tuned ontologies. The objective of the work presented in this paper, therefore, is to show how RE can be integrated into SDFO with the aim of identifying the most effective scientific approaches using an OntoTuning Matcher (OTM) that has been proposed in this paper. This paper was able to represent a scientifically tuned approach using the Automatic Semantic Mapping of Ontologies (ASMOV) approach. ASMOV provides an approach that is able to align ontologies with other systems such that inconsistencies are eliminated and the accuracy is increased. The contribution of the paper is presented in two folds: Firstly, the author identifies a high-level Onto-Engineered framework for integrating RE and SDFO, thereafter, a more detailed Onto-Engineered framework is discussed. The Onto-Engineered framework that has been discussed in this paper will help to clarify different diversification aspects that exists between RE and SDFO.

A generic Digital Forensic Readiness model for BYOD using honeypot technology

Proliferation and mobility trends on digital devices has seen a significant realization of Bring Your Own Device (BYOD) which is a phenomenon that allows employees in an organizational enterprise network to access computing resources through their personal mobile devices irrespective of their location. This technology has enabled cost effectiveness in organizations through increased accessibility of digital devices in daily business activities. However, the development of this technology faces a number of security challenges due to lack of effective proactive security model with digital forensic capability that is able to plan and prepare before potential security incidents occur in an organization that has allowed BYOD. It is on this premise that the authors have proposed a generic Digital Forensic Readiness (DFR) model that uses honeypot technology to detect and trap potential security incidents. In this paper, therefore, a significant security model with DFR capability has been proposed. The model is aimed at harvesting, encrypting and digitally preserving potential digital evidence (PDE) based on the DFR processes and guidelines that have been highlighted in the ISO/IEC 27043: 2015 international standard for information technology, security techniques, incident investigation principles and processes. Finally, the proposed model is meant to reduce the effort required to conduct Digital Forensic Investigation (DFI) by capturing potential digital evidence and make it available when needed by digital forensic investigators which eventually saves cost and time. A generic DFR model for BYOD using honeypot technology is the main focus of this paper.