The University of Southampton
University of Southampton Institutional Repository

Assessment instrument for cloud forensic readiness in organisations

Assessment instrument for cloud forensic readiness in organisations
Assessment instrument for cloud forensic readiness in organisations
Cloud computing has drastically altered how information technologies can be delivered to
consumers as a service. It has given rise to multiple benefits for consumers and organisations.
However, its rapid adoption has led to the cloud becoming an arena for cybercrime and new
technical, legal and organisational challenges. As well as multiple attacks affecting both cloud
computing and decentralised data processing in the cloud, there have been many concerns raised,
including about how to conduct a proper digital investigation in this environment and how to
prepared by gathering data ahead of time, before an incident happens. This can reduce the cost,
time and effort expended after an attack. Several cloud forensic challenges have not been
sufficiently investigated, so this research is motivated by a specific gap in the research on what
facilitates forensic readiness in organisations that use the Infrastructure-as-a-Service (IaaS) model.
This research proposes a framework with which to investigate these factors of an organisation’s
cloud forensic readiness: technological; legal; and organisational factors. It was constructed by
critically reviewing published studies and performing an in-depth examination of the relevant
industrial standards. To obtain reliable results, triangulation in three steps was employed: a
literature review; an expert review; and a survey. This technique helps researchers to paint a
comprehensive picture of the research topic and confirm the results. The cloud forensic readiness
factors were comprehensively studied and extracted from the literature, then analysed and any
duplicates removed, and finally categorised and synthesised to produce the framework.
Once the framework was developed, an exploratory study was carried out with digital forensic and
security experts to review the proposed framework. The results showed that all the proposed
factors were important, moreover suggested two new factors. After revising the framework
accordingly, a survey was distributed to cloud forensics practitioners in various organisations to
verify the framework that the experts had confirmed. Its results were analysed via a one-sample ttest, and its data integrity analysed using Cronbach’s alpha, showing that all the factors are
significant. As a result, the cloud forensic readiness framework is based on a literature review and
expert reviews, and is supported by a practitioner survey.
Based on the confirmed framework, the Cloud Forensic Readiness Instrument (CFRI) was
constructed using a Goal Question Metrics (GQM) approach. It measures an organisation’s cloud
forensic readiness. The surveyed experts agreed that not all the factors are of equal importance;
some are more crucial than others, so the Analytic Hierarchy Process (AHP) was adopted to
prioritise and weight them. To validate the frameworks’ accuracy in the real world, the CFRI was
used in three organisations. Subsequently, interviews and an evaluation survey were conducted
with practitioners and information technology managers working in each organisation to obtain
their feedback on the usefulness and practicality of the CFRI before it is widely disseminated.
The contributions of this study are that it proposes a cloud forensic readiness framework that has
confirmed by expert review and is supported by a practitioner survey. This was extended by means
of the research instrument, the CFRI, to measure organisations’ forensic readiness.
University of Southampton
Alenezi, Ahmed Mershed A
121c053f-ddf0-404f-b1cb-460b542ebed9
Alenezi, Ahmed Mershed A
121c053f-ddf0-404f-b1cb-460b542ebed9
Wills, Gary
3a594558-6921-4e82-8098-38cd8d4e8aa0

Alenezi, Ahmed Mershed A (2020) Assessment instrument for cloud forensic readiness in organisations. University of Southampton, Doctoral Thesis, 287pp.

Record type: Thesis (Doctoral)

Abstract

Cloud computing has drastically altered how information technologies can be delivered to
consumers as a service. It has given rise to multiple benefits for consumers and organisations.
However, its rapid adoption has led to the cloud becoming an arena for cybercrime and new
technical, legal and organisational challenges. As well as multiple attacks affecting both cloud
computing and decentralised data processing in the cloud, there have been many concerns raised,
including about how to conduct a proper digital investigation in this environment and how to
prepared by gathering data ahead of time, before an incident happens. This can reduce the cost,
time and effort expended after an attack. Several cloud forensic challenges have not been
sufficiently investigated, so this research is motivated by a specific gap in the research on what
facilitates forensic readiness in organisations that use the Infrastructure-as-a-Service (IaaS) model.
This research proposes a framework with which to investigate these factors of an organisation’s
cloud forensic readiness: technological; legal; and organisational factors. It was constructed by
critically reviewing published studies and performing an in-depth examination of the relevant
industrial standards. To obtain reliable results, triangulation in three steps was employed: a
literature review; an expert review; and a survey. This technique helps researchers to paint a
comprehensive picture of the research topic and confirm the results. The cloud forensic readiness
factors were comprehensively studied and extracted from the literature, then analysed and any
duplicates removed, and finally categorised and synthesised to produce the framework.
Once the framework was developed, an exploratory study was carried out with digital forensic and
security experts to review the proposed framework. The results showed that all the proposed
factors were important, moreover suggested two new factors. After revising the framework
accordingly, a survey was distributed to cloud forensics practitioners in various organisations to
verify the framework that the experts had confirmed. Its results were analysed via a one-sample ttest, and its data integrity analysed using Cronbach’s alpha, showing that all the factors are
significant. As a result, the cloud forensic readiness framework is based on a literature review and
expert reviews, and is supported by a practitioner survey.
Based on the confirmed framework, the Cloud Forensic Readiness Instrument (CFRI) was
constructed using a Goal Question Metrics (GQM) approach. It measures an organisation’s cloud
forensic readiness. The surveyed experts agreed that not all the factors are of equal importance;
some are more crucial than others, so the Analytic Hierarchy Process (AHP) was adopted to
prioritise and weight them. To validate the frameworks’ accuracy in the real world, the CFRI was
used in three organisations. Subsequently, interviews and an evaluation survey were conducted
with practitioners and information technology managers working in each organisation to obtain
their feedback on the usefulness and practicality of the CFRI before it is widely disseminated.
The contributions of this study are that it proposes a cloud forensic readiness framework that has
confirmed by expert review and is supported by a practitioner survey. This was extended by means
of the research instrument, the CFRI, to measure organisations’ forensic readiness.

Text
Final thesis - Alenezi
Restricted to Repository staff only until 17 March 2023.
Available under License University of Southampton Thesis Licence.
Text
Permission to deposit thesis - form 2020
Restricted to Repository staff only

More information

Published date: January 2020

Identifiers

Local EPrints ID: 447648
URI: http://eprints.soton.ac.uk/id/eprint/447648
PURE UUID: c8636df1-a4d4-47d3-bfab-62c0437da33b
ORCID for Gary Wills: ORCID iD orcid.org/0000-0001-5771-4088

Catalogue record

Date deposited: 17 Mar 2021 17:37
Last modified: 23 Jul 2022 01:40

Export record

Contributors

Author: Ahmed Mershed A Alenezi
Thesis advisor: Gary Wills ORCID iD

Download statistics

Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.

View more statistics

Atom RSS 1.0 RSS 2.0

Contact ePrints Soton: eprints@soton.ac.uk

ePrints Soton supports OAI 2.0 with a base URL of http://eprints.soton.ac.uk/cgi/oai2

This repository has been built using EPrints software, developed at the University of Southampton, but available to everyone to use.

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we will assume that you are happy to receive cookies on the University of Southampton website.

×