A Functional Architecture for Cloud Forensic Readiness Large-Scale Potential Digital Evidence Analysis

In this paper, the authors propose a novel concept of analysing large-scale potential digital evidence (DE) through reliable, efficient and timely computation across nodes in different clusters within the cloud environment. A concern to the digital forensic (DF) community is the increase in network traffic and big data in the cloud which has become exacerbated into security threats and new and emerging vulnerabilities, which have further compromised the security of the internet. This has happened due to acute distributed network attacks moving as raw traffic in the cloud environment. Because of this, there is a dire need to forensically process and analyse potential digital evidence (PDE) for purposes of digital forensic readiness (DFR) in the cloud environment. Through this, the effort required in performing a digital forensic investigation (DFI) in the cloud environment may be minimised. The problem that this paper addresses is a lack of an easy way of timeously and efficiently computing potential large-scale evidence in the cloud for DFR purposes. Finally, a functional architecture for a Cloud Forensic Readiness Evidence Analysis System (CFREAS) that forensically reduces PDE analysis time of big evidence using MapReduce is proposed. The results may significantly be deduced efficiently at a centralised security centre.