Assessment instrument for cloud forensic readiness in organisations
Assessment instrument for cloud forensic readiness in organisations
Cloud computing has drastically altered how information technologies can be delivered to consumers as a service. It has given rise to multiple benefits for consumers and organisations. However, its rapid adoption has led to the cloud becoming an arena for cybercrime and new technical, legal and organisational challenges. As well as multiple attacks affecting both cloud computing and decentralised data processing in the cloud, there have been many concerns raised, including about how to conduct a proper digital investigation in this environment and how to prepared by gathering data ahead of time, before an incident happens. This can reduce the cost, time and effort expended after an attack. Several cloud forensic challenges have not been sufficiently investigated, so this research is motivated by a specific gap in the research on what facilitates forensic readiness in organisations that use the Infrastructure-as-a-Service (IaaS) model. This research proposes a framework with which to investigate these factors of an organisation’s cloud forensic readiness: technological; legal; and organisational factors. It was constructed by critically reviewing published studies and performing an in-depth examination of the relevant industrial standards. To obtain reliable results, triangulation in three steps was employed: a literature review; an expert review; and a survey. This technique helps researchers to paint a comprehensive picture of the research topic and confirm the results. The cloud forensic readiness factors were comprehensively studied and extracted from the literature, then analysed and any duplicates removed, and finally categorised and synthesised to produce the framework. Once the framework was developed, an exploratory study was carried out with digital forensic and security experts to review the proposed framework. The results showed that all the proposed factors were important, moreover suggested two new factors. After revising the framework accordingly, a survey was distributed to cloud forensics practitioners in various organisations to verify the framework that the experts had confirmed. Its results were analysed via a one-sample ttest, and its data integrity analysed using Cronbach’s alpha, showing that all the factors are significant. As a result, the cloud forensic readiness framework is based on a literature review and expert reviews, and is supported by a practitioner survey. Based on the confirmed framework, the Cloud Forensic Readiness Instrument (CFRI) was constructed using a Goal Question Metrics (GQM) approach. It measures an organisation’s cloud forensic readiness. The surveyed experts agreed that not all the factors are of equal importance; some are more crucial than others, so the Analytic Hierarchy Process (AHP) was adopted to prioritise and weight them. To validate the frameworks’ accuracy in the real world, the CFRI was used in three organisations. Subsequently, interviews and an evaluation survey were conducted with practitioners and information technology managers working in each organisation to obtain their feedback on the usefulness and practicality of the CFRI before it is widely disseminated. The contributions of this study are that it proposes a cloud forensic readiness framework that has confirmed by expert review and is supported by a practitioner survey. This was extended by means of the research instrument, the CFRI, to measure organisations’ forensic readiness.
University of Southampton
Alenezi, Ahmed Mershed A
121c053f-ddf0-404f-b1cb-460b542ebed9
January 2020
Alenezi, Ahmed Mershed A
121c053f-ddf0-404f-b1cb-460b542ebed9
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0
Alenezi, Ahmed Mershed A
(2020)
Assessment instrument for cloud forensic readiness in organisations.
University of Southampton, Doctoral Thesis, 287pp.
Record type:
Thesis
(Doctoral)
Abstract
Cloud computing has drastically altered how information technologies can be delivered to consumers as a service. It has given rise to multiple benefits for consumers and organisations. However, its rapid adoption has led to the cloud becoming an arena for cybercrime and new technical, legal and organisational challenges. As well as multiple attacks affecting both cloud computing and decentralised data processing in the cloud, there have been many concerns raised, including about how to conduct a proper digital investigation in this environment and how to prepared by gathering data ahead of time, before an incident happens. This can reduce the cost, time and effort expended after an attack. Several cloud forensic challenges have not been sufficiently investigated, so this research is motivated by a specific gap in the research on what facilitates forensic readiness in organisations that use the Infrastructure-as-a-Service (IaaS) model. This research proposes a framework with which to investigate these factors of an organisation’s cloud forensic readiness: technological; legal; and organisational factors. It was constructed by critically reviewing published studies and performing an in-depth examination of the relevant industrial standards. To obtain reliable results, triangulation in three steps was employed: a literature review; an expert review; and a survey. This technique helps researchers to paint a comprehensive picture of the research topic and confirm the results. The cloud forensic readiness factors were comprehensively studied and extracted from the literature, then analysed and any duplicates removed, and finally categorised and synthesised to produce the framework. Once the framework was developed, an exploratory study was carried out with digital forensic and security experts to review the proposed framework. The results showed that all the proposed factors were important, moreover suggested two new factors. After revising the framework accordingly, a survey was distributed to cloud forensics practitioners in various organisations to verify the framework that the experts had confirmed. Its results were analysed via a one-sample ttest, and its data integrity analysed using Cronbach’s alpha, showing that all the factors are significant. As a result, the cloud forensic readiness framework is based on a literature review and expert reviews, and is supported by a practitioner survey. Based on the confirmed framework, the Cloud Forensic Readiness Instrument (CFRI) was constructed using a Goal Question Metrics (GQM) approach. It measures an organisation’s cloud forensic readiness. The surveyed experts agreed that not all the factors are of equal importance; some are more crucial than others, so the Analytic Hierarchy Process (AHP) was adopted to prioritise and weight them. To validate the frameworks’ accuracy in the real world, the CFRI was used in three organisations. Subsequently, interviews and an evaluation survey were conducted with practitioners and information technology managers working in each organisation to obtain their feedback on the usefulness and practicality of the CFRI before it is widely disseminated. The contributions of this study are that it proposes a cloud forensic readiness framework that has confirmed by expert review and is supported by a practitioner survey. This was extended by means of the research instrument, the CFRI, to measure organisations’ forensic readiness.
Text
Final thesis - Alenezi
Restricted to Repository staff only until 31 December 2024.
Text
Permission to deposit thesis - form 2020
Restricted to Repository staff only
More information
Published date: January 2020
Identifiers
Local EPrints ID: 447648
URI: http://eprints.soton.ac.uk/id/eprint/447648
PURE UUID: c8636df1-a4d4-47d3-bfab-62c0437da33b
Catalogue record
Date deposited: 17 Mar 2021 17:37
Last modified: 17 Mar 2024 02:43
Export record
Contributors
Author:
Ahmed Mershed A Alenezi
Thesis advisor:
Gary Wills
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics