| Abstrakt: |
Investigating digital crimes in cloud service environments is complex due to the decentralized nature of these services, posing challenges in data collection and presenting credible evidence in court. While existing research focuses more on external investigators, Cloud Service Providers (CSPs) have less responsibilities. To address this gap, a new framework named Microservices Forensics as a Service (MsFaaS) is introduced, aiming to ensure the reliable presentation of evidence. MsFaaS integrates international law enforcement, assigning responsibility to CSPs validated by local authorities where incidents occur. The framework consolidates existing literature, tackling unresolved challenges like legality, standardization, and data collection through the collection of diverse data types and the use of event reconstruction techniques to construct a comprehensive crime scene in both real-time and postmortem scenarios. Blockchain secures collected data against tampering, while hash functions and public key cryptography validate Microservices workflows against man-in-the-middle attacks. Machine learning enables proactive response actions to incidents. Moreover, MsFaaS facilitates auditing and recording of both internal and external cloud traffic, producing evidence reports certified by local authorities. By addressing the limitations of traditional digital forensics, MsFaaS enhances investigation reliability and effectiveness, offering services for internal CSP auditing and maintaining Chain of Custody integrity critical for trial decision-making. [ABSTRACT FROM AUTHOR] |
