The general problem addressed in the present study was that traditional digital forensic processes are not designed to be applied to cloud computing environments. Increased case complexity, longer investigation completion times, and increased financial expenses are compounded by the lack of specific technical solutions to resolve cloud forensic cases. No present research supports the efficacy of existing tools, techniques, and procedures, and the present study addresses this gap in the literature by interviewing digital forensic investigators with experience analyzing cloud-based data. The present study was guided by a single research question that asked: What are the specific, technical critical success factors used by investigators at private sector companies that decrease time delays when analyzing digital forensic data stored in cloud computing environments? The present study was conducted using a qualitative multiple-case study methodology to uncover possible improvements in policies, processes, and procedures by exploring the practices of investigators in the field. A combination of several types of nonprobability sampling methods, purposeful, snowball, and convenience were utilized to select 21 participants that each represented a single case. The participants selected for this study were senior forensic examiners with at least three years of practical experience and specific familiarity with cloud forensic investigations. Four distinct themes emerged during the data analysis process, and each of the four themes exposed critical success factors used by the investigators to resolve the challenges they faced working with cloud-based data. Supported by narrative quotes, the themes were further bolstered through triangulation with contemporary academic literature and artifacts provided by the participants. The present study identified several significant findings, the first of which was that cloud investigations remain challenging, even for experienced forensic investigators. Additionally, the second finding was that the volume of data stored in cloud environments is increasing. The third finding was that new features provided by cloud service providers often interfere with forensic investigations. Finally, the fourth finding was that Office 365 and webmail are prevalent cloud data sources. As a result of the participants’ responses, a digital analysis of cloud investigation factors (DACIF) model was designed to help practitioners conduct more effective investigations. The DACIF model illustrates the process for reducing the time needed to complete forensic investigations when data resides in cloud environments.
|Commitee:||Lowrey, Kimberly, Li, Susan|
|Department:||School of Business and Technology|
|School Location:||United States -- Minnesota|
|Source:||DAI-A 81/4(E), Dissertation Abstracts International|
|Subjects:||Information Technology, Criminology|
|Keywords:||Cloud, Cost-reduction, Critical Success Factors, DACIF Model, Forensics, Investigation|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be