Digital Forensics as a Service Implementation: A Scalable Solution for Cyber Incident Response

Digital Forensics as a Service Implementation: A Scalable Solution for Cyber Incident Response

연구 분야: Safety

학회: 2024 IST-Africa Conference (IST-Africa)

There is a rise in cyber incidents and demand for incident response and forensic investigation services. This study presents an innovative Digital Forensics as a Service (DFaaS) solution that is modelled on 'aaS service-oriented cloud-based services, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). The five-phased DFaaS framework is synthesized from two industry best practice standards namely: ISO/IEC 27037 and NIST SP 800–101. A DFaaS prototype is implemented using Python and open-source components. It is then evaluated using a staged experiment that tests a common scenario of data exfiltration using a USB flash drive. We examine whether DFaaS is a viable approach for conducting investigations on Portable Storage Media (PSM) based on three criteria of: repeatability, reproducibility, and integrity. Results show that the DFaaS approach provides a scalable solution that meets rising demands for investigative services, while yielding results like the widely accepted traditional methods. Additionally, DFaaS systematically tracks the flow of forensic procedures and provides enhanced capabilities for preserving the integrity of digital evidence.