Article

Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

With the rapid growth of global cloud adoption in private and public sectors, cloud computing environments is becoming a new battlefield for cyber crime. In this paper, the researcher presents the results and analysis of a survey that was widely circulated among digital forensic experts and practitioners internationally on cloud forensics and critical criteria for cloud forensic capability in order to better understand the key fundamental issues of cloud forensics such as its definition, scope, challenges, opportunities as well as missing capabilities based on the 257 collected responses.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Cloud forensics is extending the application of Digital forensics, which oversees the crime committed over the cloud and investigates on it [9,10]. A survey by Ruan [10] on critical criteria and definitions for cloud forensics publishes the results of a survey conducted across 257 forensic experts and practitioners. ...
... Cloud forensics is extending the application of Digital forensics, which oversees the crime committed over the cloud and investigates on it [9,10]. A survey by Ruan [10] on critical criteria and definitions for cloud forensics publishes the results of a survey conducted across 257 forensic experts and practitioners. This survey focuses on fundamental questionnaires regarding cloud forensics such as its definition, challenges, usage, significance, opportunities, required criteria, etc. ...
... 9. Validation of forensic image-Ensure integrity of the image captured for analysis. 10. Authentication and access control-Access control approach and policies in the cloud environment. ...
Article
Full-text available
In today’s digital world, it is hard to imagine the Information Technology field without cloud computing as it saves millions of dollars every year and enables it to focus on its core business rather than on managing complex computing infrastructure. However, the adoption of the cloud opens the window for cloud crimes. Hence, cloud forensics is the need of the hour. Law Enforcement Agencies (LEAs) have to depend on Cloud Service Providers (CSPs) for investigating cloud crimes. Unfortunately, the LEAs are not aware of the forensic procedures implemented by the CSPs, nor are the details corresponding to forensic procedures are properly documented by the CSPs. This paper aims to study the forensic readiness of the leading CSPs and present their forensic workflow. We also compared these CSPs against various parameters based on the cloud services provisioned by them for forensics. The recent research published in this domain lists the challenges of cloud forensics and describes the proposed solutions. However, the current forensic procedures implemented by the leading CSPs have not been detailed in any of these papers. Thus, we believe that this survey would help the LEAs, forensic experts, security analysts, and first incident responders with an insight on the current forensic procedures implemented by the leading CSPs and help them in their investigation, designing standard operating procedures, etc.
... The term cloud in cloud computing is the group of networks like in conventional clouds, the cloud is the pool of water molecules [26]. According to National Institute of Standards and Technology (NIST)," cloud computing is a model that enables convenient and on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage applications and services) that can easily be managed and utilized with minimum management efforts or cloud service provider interaction" [3]. It is the state-of-the-art information system procedure that offers dynamically shared resources over the Internet and provide economic benefits. ...
... So, even can a lay man having basic concepts of cloud environment should be also able to understand the phenomena that happened in cloud, which is our objective for writing this survey. Figure 8, showing broad picture related to the concepts of cloud environment services and constraints [3]. ...
... The main concerned for the adoption of cloud computing security factor plays a key role to the user's perspective[8], because of following reasons:  Loss of control [9] -transfers the security management to third party source without the knowledge of stored data location and adopted security parameters to access the data.  Multi-tenancy[3][6][10]-different tenants working in same umbrella with respect to logical and/or physical medium  SLA [11] -level of expectation at service level agreement should meet with the availability of access of stored data at any time. ...
Article
Full-text available
In the recent years, cloud computing has become a widely utilized revolution in the field of data modernization due to its favorable circumstances like high processing power, less expense of administrations, elite adaptability, unwavering quality and accessibility. It is an integral tool that improves the cost of equipment, controllability and utility to share the information and so forth numerous organizations are turning their applications and administrations on the cloud. It offers secure and versatile administrations but in every case there exists some cloud security and protection issues when information has sent from a focal stockpiling worker to an alternate cloud, individual and private information augment the danger of information secrecy, respectability, accessibility, and verification before one pick a merchant in the cloud or pick the cloud and move services in the cloud. In this research, paper several articles are reviewed that deals with the security issues and the remedial actions and responses that have been taken by researchers and organizations in the field of cloud computing. This analysis provides insight to future research opportunities to students, researchers, publishers and experts and help them to study current research trend and security issues related to cloud computing.
... The device or the system that stores such data can then be attacked by cybercriminals for a variety of malicious reasons such as financial gain (Quick and Choo, 2018;Huang, 2016) and terrorism. For instance, cybercriminals will be able to turn IoT nodes into zombies (using malicious software), carry out distributed denial of service (DDoS) attacks (engineered through botnets), and create and distribute malware aimed at specific appliances (such as those affecting VoIP devices and smart vehicles) (Montasari, 2019;Caviglione et al., 2017;Lillis et al., 2016;Jang-Jaccard, J. and Nepal, S. 2014;Ruan et al., 2013). Therefore, attacks as such requires carrying out assiduous and thorough examination of the compromised IoT device or system, highlighting the need for robust Digital Forensic Investigations (DFI) methodologies. ...
... By exploiting the IoT technology, cybercriminals, for instance, will be able to turn IoT nodes into zombies (using malicious software), carry out distributed denial of service (DDoS) attacks (engineered through botnets), and create and distribute malware aimed at specific appliances (such as those affecting VoIP devices and smart vehicles) (Montasari, 2019;Caviglione et al., 2017;Lillis et al., 2016;Jang-Jaccard, J. and Nepal, S. 2014;Ruan et al., 2013). Cybercriminals can also turn IoT devices into bots, forcing them to follow commands to carry out attacks, such as mining cryptocurrency, as part of a botnet. ...
... They have servers across the globe to host customer data. When a cybercrime occurs, legal jurisdiction and the laws governing the region throw unique challenges [11]. A court order issued in a jurisdiction where a data centre is residing likely will not apply to the jurisdiction for a different host in another country. ...
Article
Digital forensics is the science of finding evidence to digital crimes and attacks. Cloud Forensics is a part of Digital Forensics that watches over the crime that has taken place over the cloud and carries out an investigation on it. Cloud computing is an evolutionary technology based on a huge network, which spreads globally. Hence, Cloud Forensics is a part of Network Forensics, which in turn is a part of Digital Forensics. Cloud organizations along with the providers of cloud service and customers that uses cloud service, are still awaiting the establishment of an explicit forensic revolution. Without the much-needed forensic capability, they will not be able to safeguard the robustness of their system and suitability of their services that assist criminal and cybercrime investigations. In this paper, we review the forensic process, challenges in cloud forensics, and its impact on digital forensics.
... The term "cloud forensics" describes investigations that are concentrated on crimes that primarily involve the cloud. Cloud forensics combines conventional computer forensics, small-scale digital device forensics, and network forensics [1]. The Cloud forensics process [2] involves the following phases 1. Event identification, 2. Evidence identification, 3. Collection of evidence, 4. Analysis of evidence, 5. Interpret evidence, 6. Present in the court of law as shown in Fig 1. ...
Article
Full-text available
A Cloud is a platform that allows for quick application deployment and dynamic scaling. The cloud differs from on-premise software and data storage in terms of cost, security, scalability, recovery, and mobility which makes more businesses are switching from on-premise to cloud solutions every year. Although cloud computing models have several benefits over on-site models, they are nonetheless vulnerable to both internal and external threats. Even malicious operations can be carried out on the cloud with ease because of the flexible environment. Forensic investigations require the extraction of evidence, and analysis of a cloud system after an intrusion or break-in. It enables investigators to find and retrieve data from a variety of sources in the cloud environment. It is very challenging to find proof of a crime since the distributed nature of the cloud prevents evidence from being retained on a specific physical machine and instead disperses the data over various regions. This paper focuses on current forensic investigation tools used in the Cloud environment and highlights the need for the development of efficient cloud forensic tools.
... However, cloud forensics provides a new way of digital investigation, incident response, and evidence preservation. The application of digital forensics in a cloud environment consists of a hybrid forensics science approach, such as thin-client, thick-client, remote, virtual, etc., towards the age of digital evidence collection and examination (Ruan et al., 2013). Cloud forensics is a cross-discipline between digital forensics and cloud computing that mainly focuses on the collection of digital forensics information (evidence). ...
... Legal, organizational, and technical categories can be employed to classify cloud forensics [7]. To ensure that digital forensics techniques do not infringe on laws and regulations, the legal component is responsible for establishing agreements and guidelines. ...
... However, cloud forensics provides a new way of digital investigation, incident response, and evidence preservation. The application of digital forensics in a cloud environment consists of a hybrid forensics science approach, such as thin-client, thick-client, remote, virtual, etc., towards the age of digital evidence collection and examination (Ruan et al., 2013). Cloud forensics is a cross-discipline between digital forensics and cloud computing that mainly focuses on the collection of digital forensics information (evidence). ...
Article
Nowadays, cloud computing has gained popularity because it provides a platform for pay-as-you-go services, including hardware, software, and operating environment. However, technological resources cannot only be shared, but allocated on-demand to various users. With the emerged rate of inevitable vulnerabilities and network crime activities all over the globe, cybercriminals targets cloud environments. So, the demand for digital investigation is increased drastically. These extreme challenges pose serious issues for the cloud investigation. It has an impact on the researcher community of digital forensics as well. The cloud service providers and customers have yet to establish adequate forensics capacity and support digital forensics investigations on cybercrime activities in the cloud. In this paper, we present a digital forensics-enabled cloud investigation framework. In addition, we survey previous related works based on existing cloud forensics practices, fog forensics, edge forensics, and law and highlight the significant role of cloud computing in digital forensics. Finally, we discuss the technical challenges and limitations along with the future directions.
... The study of Ruan et al. (2013) explained some opportunities and challenges faced by digital forensics investigations in cloud environments. Figure 6 presents opportunities and findings of cloud forensics. ...
Article
Full-text available
Organizations are increasingly turning to cloud computing, which offers convenience and provides services based on virtualization technology. Some benefits of cloud computing include accessibility, availability, flexibility, vast storage capacity, speed, flexibility, and on-demand network connectivity. Significant potential security dangers are associated with this new technology, and digital forensics cannot keep up with the rapid adoption of cloud computing solutions. This study gives an overview of cloud forensics to offer better prospects, highlighting the existing problems and difficulties. It also suggests actions that can be taken to address these difficulties.
... Tounsi and Rais (2018) focused on technical threat analysis in their article, where they proposed appropriate strategies for its implementation and also analyzed the software market for the availability of appropriate analysis tools. Ruan et al. (2013) presented the results of a survey conducted among digital experts regarding cloud forensics, its features, problems, implementation opportunities, etc. Kolodenker et al. (2017, April) developed the PayBreak anti-ransomware system that collects files of cybercrime victims and helps decrypt and recover files without paying a ransom to the criminals. Huang et al. (2014, November) consider other aspects of the impact of cyber threats, such as social. ...
Article
The main purpose of this study is to conduct a dynamic and bibliometric analysis of the main terms that identify the system for combating financial and fraud to identify trends in the formation of social and scientific thought. The review of the scientific literature indicates an increase in the number of scientific publications over the past ten years. It was revealed that the most cited works cover the problems associated with cyber threats in everyday life, among which are botnets, cyber bullying, as well as financial fraud implemented through cryptocurrencies, smart contracts, and the black market on the Internet. Cloud forensics, technical and intellectual analysis are proposed as countermeasures. The research tools were a dynamic analysis of global network user requests, implemented using Google Trends, and a bibliometric analysis of scientific publications by the world’s leading scientists, performed using the VOSviewer analytical package. The search terms “Fraud”, “Finance Fraud”, “Cyber Fraud”, “Finance Cyber Fraud”, “Money Laundering”, “Anti-Money Laundering” and “Anti-Fraud” for the period from 08/07/2017 to 08/07/2022. For bibliometric analysis, two datasets with a length of 2,000 observations were formed based on queries in the Scopus database regarding the terms “Cyber Crime” and “Anti-money Laundering”. The results of the dynamic analysis revealed a decrease in the level of interest in fraud and financial fraud since the beginning of 2021, while the trend of cyber fraud is increasing. This led to the conclusion that there was an impact of the pandemic, which caused an increase in cybercrime. The results of the analysis of requests for “Fraud” and “Finance Fraud” by geographical distribution showed that they interested users belonging to countries with a significant difference in economic development. That is, representatives of poor countries are potential cyber fraudsters, and developed countries are potential victims of fraud. Conducting a bibliometric analysis made it possible to obtain clusters of promising areas of scientific research in the field of cybercrimes, among which mathematical and network tools for combating them, general concepts, digitalization and digital forensics, cyber protection, data protection, authentication and encryption of data, etc. are highlighted. At the same time, the focus of research is shifting towards methods of countering cybercrimes. Promising directions in the field of Money Laundering are mathematical methods and information technologies, cryptocurrencies and blockchains, corruption, financial terrorism, etc. The greatest potential belongs to money laundering through cryptocurrencies and blockchains. The lessons learned can be useful for improving the strategy of combating financial and cybercrimes and forming an analytical basis for the scientific community and practitioners.
... providers, consumers, brokers, carriers, auditors) interacting with each other. Legally, multi-jurisdictional and multi-tenant situations are generally referred to as multi-jurisdictional. (Ruan et al., 2013). ...
Chapter
Digital forensic methods for cybercrime investigation in a cloud computing environment (i.e., cloud forensic) is a broad term that encompasses a number of different fields, including digital forensics and cloud computing. The authors hope to gain a better understanding of cloud computing and identify challenges and opportunities in forensic science. They present research that may be used to establish strategies for the creation of measures, standards, and technological research to minimise the issues that cannot be solved with current technology and methodologies. Among the topics covered in this chapter are cloud computing, digital forensics, cybercrimes, and cloud forensics. Also covered are an overview and principles of cloud computing as well as digital forensics, cybercrimes, and challenges, as well as opportunities in the field of cloud forensics. The state of the art in the cloud forensic domain is also presented, as is a literature review on related work to digital forensics techniques in the cloud computing environment.
... Today, this includes storage space on the Internet as a matter of course. The trend toward relocating entire IT systems to remote and software-abstract virtual machines seems irreversible 18 . This development means that less and less data is stored locally on the user's premises and physical data carriers contain fewer data relevant to evidence. ...
Article
Full-text available
Cloud services and cloud storage solutions are special challenges in digital forensic investigations. Cloud services allow their users, with relatively little technical knowledge, store, manage and share content with others. At the same time investigators are faced with a wide range of technical, legal and organizational issues. Unfortunately, evidence acquisition for such services still follows the traditional way of collecting artefacts on a client device. In this article, first, an overview of the state of research is given. Next, technical and legal challenges related to the forensically sound acquisition of cloud data are presented. Since accessing these data is highly challenging, basic techniques for acquiring data from the cloud are discussed and compared, using the example of 30 cloud storage services. We introduce the concept of an API-based evidence acquisition for cloud services that utilize the officially supported API of the service. We show how well this approach applies to most current cloud drive services in the survey context. We present the first glance of a proof-of-concept acquisition framework called CLOUDxTRACT, which can acquire evidence from selected cloud service providers.
... Digital forensics is a process of collection, examination, analysis, and reporting of digital evidence [4] post the occurrence of an incident such that evidence is admissible in the court of law. Cloud forensics is the application of digital forensics on cloud [5]. NIST technical report [6] has listed challenges in cloud forensics. ...
Article
Full-text available
In cloud forensics, ensuring the integrity of the evidence such that it is admissible in a court of law is essential. There is always a possibility that multiple stakeholders involved in the investigation of cloud incidents can collude to tamper with the evidence for their benefit. To ensure the integrity of evidence in the cloud, most researchers in this domain have proposed applying blockchain to cloud forensic artifacts. These artifacts include cloud logs, the chain of custody, and the metadata of files on the cloud. Most of the proposed solutions are computing the hash value of the forensic artifacts and pushing the hash value to the blockchain. Later, these hash values verify the integrity of the forensic artifact. In this paper, along with ensuring the integrity of evidence by using hash values, we propose an investigation model that provides tamper-proof and transparent investigation across the stakeholders involved in the investigation of the cloud virtual machines. Also, using blockchain technology in the proposed investigation model ensures the availability of evidence for analysis throughout the investigation to all participating stakeholders. We validated the proposed model using a case study for the proof of concept and evaluated its performance using Hyperledger Caliper.
... Digital forensics (DF) is formally defined by the National Institute of Standards and Technology (NIST) as the application of science to the identification, collection, examination, and analysis, of data while preserving the integrity of the information and maintaining a strict chain of custody for the data [15]. Under this definition, many subfields exist such as cloud forensics [31], software forensics [37], and network forensics [14]. Digital forensics and its subfields come with continuously evolving policies and procedures that protect the forensic soundness of digital data during investigations. ...
Conference Paper
Full-text available
AI Forensics is a novel research field that aims at providing techniques, mechanisms, processes, and protocols for an AI failure investigation. In this paper, we pave the way towards further exploring a sub-domain of AI forensics, namely AI model forensics, and introduce AI model ballistics as a subfield inspired by forensic ballistics. AI model forensics studies the forensic investigation process, including where available evidence can be collected, as it applies to AI models and systems.We elaborate on the background and nature of AI model development and deployment, and highlight the fact that these models can be replaced, trojanized, gradually poisoned, or fooled by adversarial input.The relationships and the dependencies of our newly proposed sub-domain draws from past literature in software, cloud, and network forensics. Additionally, we share a use-case mini-study to explore the peculiarities of AI model forensics in an appropriate context. Blockchain is discussed as a possible solution for maintaining audit trails. Finally, the challenges of AI model forensics are discussed. KeywordsDigital forensicsArtificial IntelligenceAI forensics
... The data mentioned in the definition refers to a variety of digital information. Under this definition, many subfields exist such as cloud forensics [30], software forensics [36], and network forensics [15]. Digital forensics and its subfields come with continuously evolving policies and procedures that protect the forensic soundness of digital data during investigations. ...
Preprint
Full-text available
AI Forensics is a novel research field that aims at providing techniques , mechanisms, processes, and protocols for an AI failure investigation. In this paper, we pave the way towards further establishing a sub-domain of AI forensics, namely AI model forensics, and introduce AI model ballistics as a subfield inspired by forensic ballistics. AI model forensics studies the forensic investigation process, including where available evidence can be collected, as it applies to AI models and systems. We elaborate on the background and nature of AI model development and deployment and highlight the fact that these models can be replaced, trojanized, gradually poisoned, or fooled by adversarial input. We explore the relationships and the dependencies of our newly proposed sub-domain with the literature work from software forensics, cloud forensics, and network forensics We provide a use-case mini-study to show the peculiarities of AI model foren-sics in an appropriate context. We discuss Blockchain as a possible solution in the long term for supporting AI model forensics. We introduce AI model ballistics as a subfield under AI model forensics. Finally, we discuss the challenges of AI model forensics and call for feedback from the digital forensics community. Our work is a first step towards establishing AI model forensics as an interesting and fascinating sub-domain under the umbrella of AI forensics, as well as introducing the new subfield AI model ballistics.
... The challenges identified by the authors in cloud forensics are unknown physical location, decentralized data, data duplication, jurisdiction, encryption, preservation, dependence on CSP, chain of custody, evidence segregation, distributed storage, data volatility and integrity. Similar to the works of Khanafseh et al. and Pichan et al., the authors in [28] also identified the challenges in cloud forensics and analyzed them on the basis of their significance. Park et al. [29] discussed the different challenges within cloud forensic investigations highlighting the relevance of proactive models, and discussing the integration of smart environments to enhance the robustness of forensic investigations. ...
Article
Full-text available
Due to its critical role in cybersecurity, digital forensics has received significant attention from researchers and practitioners alike. The ever increasing sophistication of modern cyberattacks is directly related to the complexity of evidence acquisition, which often requires the use of several technologies. To date, researchers have presented many surveys and reviews on the field. However, such articles focused on the advances of each particular domain of digital forensics individually. Therefore, while each of these surveys facilitates researchers and practitioners to keep up with the latest advances in a particular domain of digital forensics, the global perspective is missing. Aiming to fill this gap, we performed a qualitative review of all the relevant reviews in the field of digital forensics, determined the main topics on digital forensics topics and identified their main challenges. Despite the diversity of topics and methods, there are several common problems that are faced by almost all of them, with most of them residing in evidence acquisition and pre-processing due to counter analysis methods and difficulties of collecting data from devices, the cloud etc. Beyond pure technical issues, our study highlights procedural issues in terms of readiness, reporting and presentation, as well as ethics, highlighting the European perspective which is traditionally stricter in terms of privacy. Our extensive analysis paves the way for closer collaboration among researcher and practitioners among different topics of digital forensics.
... One of these frameworks is presented in [26], where the main contribution for the proposed model is defining the difference between the evidence collection stage and the preservation stage, since many frameworks are merged between the two stages. In [42], a new framework for cloud computing with a fundamental change in the stages of conventional frameworks is illustrated. The change affects the proposed model of the identification and collection stages, and the rest of the stages did not change. ...
... Still, it blurs the view of the event. Cloud forensics can be categorized into three categories: Legal, Organizational, and Technical [9]. The legal dimension takes care of the development of agreements and regulations to ascertain that digital forensics methods do not breach regulations and laws. ...
Chapter
Full-text available
The rapid technological advancement has led the entire world to shift towards digital domain. However, this transition has also result in the emergence of cybercrimes and security breach incidents that threatens the privacy and security of the users. Therefore, this chapter aimed at examining the use of digital forensics in countering cybercrimes, which has been a critical breakthrough in cybersecurity. The chapter has analyzed the most recent trends in digital forensics, which include cloud forensics, social media forensics, and IoT forensics. These technologies are helping the cybersecurity professionals to use the digital traces left by the data storage and processing to keep data safe, while identifying the cybercriminals. However, the research has also observed specific threats to digital forensics, which include technical, operational and personnel-related challenges. The high complexity of these systems, large volume of data, chain of custody, the integrity of personnel, and the validity and accuracy of digital forensics are major threats to its large-scale use. Nevertheless, the chapter has also observed the use of USB forensics, intrusion detection and artificial intelligence as major opportunities for digital forensics that can make the processes easier, efficient, and safe.
... The popular "aaS" or "as a Service" model has made its way to DF as well, as seen in [45]. Work on DF frameworks for cloud computing has has also been explored [4,19,41,42,44]. However, these do not provide the necessary research tools that the experts need to generate goal-directed algorithms. ...
... The challenges identified by the authors in cloud forensics are unknown physical location, decentralized data, data duplication, jurisdiction, encryption, preservation, dependence on CSP, chain of custody, evidence segregation, distributed storage, data volatility and integrity. Similar to the works of Khanafseh et al. and Pichan et al., the authors in [28] also identified the challenges in cloud forensics and analyzed them on the basis of their significance. Park et al. [29] discussed the different challenges within cloud forensic investigations highlighting the relevance of proactive models, and discussing the integration of smart environments to enhance the robustness of forensic investigations. ...
Preprint
Full-text available
Due to its critical role in cybersecurity, digital forensics has received much focus from researchers and practitioners. The ever increasing sophistication of modern cyberattacks is directly related to the complexity of evidence acquisition, which often requires the use of different technologies. To date, researchers have presented many surveys and reviews in the field. However, such works focused on the advances of each domain of digital forensics individually. Therefore, while each of these surveys facilitates researchers and practitioners to keep up with the latest advances in a particular domain of digital forensics, the overall picture is missing. By following a sound research methodology, we performed a qualitative meta-analysis of the literature in digital forensics. After a thorough analysis of such literature, we identified key issues and challenges that spanned across different domains and allowed us to draw promising research lines, facilitating the adoption of strategies to address them.
... For example, in the case of cloud forensics, identifying useful network events and recording the minimum representative attributes for each event remains a significant challenge [30]. Lack of international collaboration and legislative frameworks in cross-nation data access/exchange and the increased number of mobile devices accessing the cloud are also significant challenges in cloud forensics [37]. Arguably the most critical problem in digital forensics is the validity and trustworthiness of the evidence itself (safeguarding the chain of custody for the data related to a case), particularly when multiple stakeholders are involved in the overall forensics process. ...
Chapter
As the digitization of information-intensive processes gains momentum in nowadays, the concern is growing about how to deal with the ever-growing problem of cybercrime. To this end, law enforcement officials and security firms use sophisticated digital forensics techniques for analysing and investigating cybercrimes. However, multi-jurisdictional mandates, interoperability issues, the massive amount of evidence gathered (multimedia, text, etc.) and multiple stakeholders involved (law enforcement agencies, security firms, etc.) are just a few among the various challenges that hinder the adoption and implementation of sound digital forensics schemes. Blockchain technology has been recently proposed as a viable solution for developing robust digital forensics mechanisms. In this chapter, we provide an overview and classification of the available blockchain-based digital forensic tools, and we further describe their main features. We also offer a thorough analysis of the various benefits and challenges of the symbiotic relationship between blockchain technology and the current digital forensics approaches, as proposed in the available literature. Based on the findings, we identify various research gaps, and we suggest future research directions that are expected to be of significant value both for academics and practitioners in the field of digital forensics.
... Cloud forensic is conducted through the stepwise stages of identification, data collection, preservation, examination, interpretation, and reporting of digital evidence [17,18]. Cloud forensics is considered as one of the most significant fields in the evolving world of cloud computing. ...
Article
Full-text available
The software-defined networking (SDN) paradigm has recently emerged as a trend to build various protocols, develop more reliable networks, enhance the data flow controlling, and provide security in a much simpler and flexible way. SDN helps to ease management and handle asymmetric connectivity across various nodes. It solves the problems of network and cloud security and hence provides the best solution for the safety of data on the network. Therefore, we feel the urge to research more and provide the basics of SDN forensics, mention its advantages in network especially in the cloud, and present its elaborate prospects in context with Network Forensic (NF) and Cloud Forensic (CF). In this research article, we explained in detail the NF and CF with emphasis on Network security (NS) and Cloud Security (CS). The paper also provided the various security approaches and categories. Then, an overview of the software-defined networking (SDN) is mentioned. We also discussed the use of SDN in Network Forensic and Cloud Forensic. Furthermore, to aid the SDN forensic, we presented the advantages, challenges, and issues along with future research directions of SDN in network forensic and cloud forensic, and at last, we thus express and explore the need for security in forensic based on the SDN paradigm in the form of a set of suggested recommendations.
... The variety of actions performed for this research purpose were as follows. The Proposed methodology for evidence data acquisition, collection and preservation are shown in Fig. 3 [8] . A virtual computer image copy are subsequently created for each virtual storage using the tool OSF image and OSF clone to make a forensic image in the Advanced Forensics Format (AFF) filetype. ...
Conference Paper
In recent days Cloud services such as storage is more familiar to business and Individuals. This storage services are found as a problem to examiners and researchers in the field of forensics. There are many kind of storage services available in cloud and every service face a diverse issues in illegitimate action. The evidence identification, preservation, and collection are hard when dissimilar services are utilized by offenders. Lack of knowledge regarding location of evidence data can also affect investigation and it take more time to meet every cloud storage providers to decide where the evidence is saved within their infrastructure. In this study two popular public cloud service providers (Microsoft One Drive and Amazon cloud drive) are used to perform forensics evidence collection procedure through browser and service providers software on a Windows 7 computer. By identifying the evidence data on a client device, provide a clear idea about type of evidences are exist in machine for forensics practitioners. Possible evidence determined throughout this study include file timestamps, file hashes, client software log files, memory captures, link files and other evidences are also obtainable to different cloud service providers.
... Organizationally it involves interactions among cloud actors (i.e., cloud provider, cloud consumer, cloud broker, cloud carrier, cloud auditor) to facilitate both internal and external investigations. Legally, it often implies multi-jurisdictional and multi-tenant situations' [20]. ...
Article
Full-text available
In recent times, cloud computing adopted numerous organizations and enterprises for offering services with securely certifying that cloud providers against illegitimate activities. However, cost-effective forensics design and implementation for support the cloud-based cybercrimes investigation. To build cloud architecture support forensics is a significant and complex issue such as voluminous intricate legal, organizational, and technical defies due to the virtualization, distributing, and dynamic nature of cloud systems. Therefore, this paper presents an efficient Cloud Forensics Investigation Model (CFIM) to investigate cloud crimes in a forensically sound and timely fashion. Besides, the proposed system supports the concept of Forensic as a Service (FaaS) that provide innumerable benefits of conducting digital forensics through using Forensic Server on the cloud side. The investigational results proved that the proposed system can assist the digital investigators in their mission of investigation of cybercrimes in the cloud in a proficient manner.
... Therefore, it is important for digital forensic investigators to be able to apply the same techniques and procedures they use in digital devices to their cloud counterparts. To this end, Ruan et al. (2013) have conducted a survey with digital forensics expert participants in order to analyse the current issues and challenges faced by this industry when it comes to cloud forensics procedures, tools and investigations as well as to identify future opportunities for research and development. Some of the challenges the participants claimed posed a hindrance to the investigation include evidence segregation and lack of access to physical data. ...
Article
Full-text available
From the end of the last century to date, consumers are increasingly living their lives online. In today’s world, the average person spends a significant proportion of their time connecting with people online through multiple platforms. This online activity results in people freely sharing an increasing amount of personal information – as well as having to manage how they share that information. For law enforcement, this corresponds to a slew of new sources of digital evidence valuable for digital forensic investigation. A combination of consumer level encryption becoming default on personal computing and mobile devices and the need to access information stored with third parties has resulted in a need for robust password cracking techniques to progress lawful investigation. However, current password cracking techniques are expensive, time-consuming processes that are not guaranteed to be successful in the time-frames common for investigations. In this paper, the potential for Open Source Intelligence (OSINT) being leveraged for more efficient password cracking is explored. A comprehensive survey of the literature on password strength, password cracking, and OSINT is outlined, and the law enforcement challenges surrounding these topics are discussed. Additionally, an analysis on password structure as well as demographic factors influencing password selection is presented. Finally, the potential impact of OSINT to password cracking by law enforcement is discussed.
... However, the typical limitations of all nature-inspired algorithms have to deal with time complexity issues [109]- [111]. Additional challenges associated with cloud Forensics are the unification of log formats, synchronization of timestamps, the exponential increase of digital devices accessing the cloud, and ineffective encryption key management [122] Table 4 lists a list of papers organized primarily based on the problem domain, security function, algorithm, and application. Most of the articles published between 2018 to 2020 were presented along with previous literature, and interested readers are recommended for further assessment based on their needs. ...
Article
Full-text available
Cloud computing gained much popularity in the recent past due to its many internet-based services related to data, application, operating system, and eliminating the need for central hardware access. Many of the challenges associated with cloud computing can be specified as network load, security intrusion, authentication, biometric identification, and information leakage. Numerous algorithms have been proposed and evaluated to solve those challenges. Among those, bio-inspired algorithms such as Evolutionary, Swarm, Immune, and Neural algorithms are the most prominent ones which are developed based on nature's ecosystems. Bio-inspired algorithms' adaptability allows many researchers and practitioners to utilize them to solve many security-related cloud computing issues. This paper aims to explore previous research, recent studies, challenges, and scope for further analysis of cloud security. Therefore, this study provides an overview of bio-inspired algorithms application and evaluations, taking into account cloud security challenges, such as Identity
... 2 exchange that can be alleviated by common standards and protocols. From the challenges identified in the literature [7,8,9,10], the most relevant ones are related to legal systems and/or law enforcement cooperation, technical challenges, and to the validity and trustworthiness of evidence. Moreover, this issues are exacerbated when multiple stakeholders are involved in the overall forensics process. ...
Preprint
Full-text available
The financial crime landscape is evolving along with the digitization in financial services. In this context, laws and regulations cannot efficiently cope with a fast-moving industry such as finance, which translates in late adoption of measures and legal voids, providing a fruitful landscape for malicious actors. In parallel, blockchain technology and its promising features such as immutability, verifiability, and authentication, enhance the opportunities of financial forensics. In this paper, we focus on an embezzlement scheme and we provide a forensic-by-design methodology for its investigation. In addition, the feasibility and adaptability of our approach can be extended and embrace digital investigations on other types of schemes. We provide a functional implementation based on smart contracts and we integrate standardised forensic flows and chain of custody preservation mechanisms. Finally, we discuss the benefits and challenges of the symbiotic relationship between blockchain and financial investigations, along with future research directions.
... Forensic issues and solutions were investigated in many emerging related areas. Some examples of these areas are in cloud computing [43][44][45][46], fog and edge computing [47][48][49], smartphones [50][51][52][53], and internet of things (IoT) [54][55][56][57]. Cloud computing, fog computing, smartphones, and IoT are usually components of and enabling technologies for CPS. ...
Article
Full-text available
Cyber–Physical Systems (CPS) connect the physical world (systems, environments, and humans) with the cyber world (software, data, etc.) to intelligently enhance the operational environment they serve. CPS are distributed software and hardware components embedded in the physical world and possibly attached to humans. They offer smart features, such as enhancing and optimizing the reliability, quality, safety, health, security, efficiency, operational costs, sustainability, and maintainability of physical systems. CPS are also very vulnerable to security attacks and criminal activities. In addition, they are very complex and have a direct impact on their environment. Therefore, it is hard to detect and investigate security attacks, while such attacks may have a catastrophic impact on the physical world. As a result, CPS must incorporate security measures in addition to suitable and effective forensics capabilities. When the security measures fail and an attack occurs, it becomes imperative to perform thorough forensics analysis. Adding effective forensics tools and capabilities will support the investigations of incidents. This paper defines the field of CPS forensics and its dimensions: Technical, Organizational, and Legal. Then, it reviews examples of current research efforts in the field and the types of tools and methods they propose for CPS forensics. In addition, it discusses the issues and challenges in the field that need to be addressed by researchers and developers of CPS. The paper then uses the review outcomes to discuss future research directions to address challenges and create a more effective, efficient, and safe forensics tools and for CPS. This discussion aims to create a starting point for researchers where they can identify the gaps and challenges and create suitable solutions through their research in CPS forensics.
... Still, it blurs the view of the event. Cloud forensics can be categorized into three categories: Legal, Organizational, and Technical [9]. The legal dimension takes care of the development of agreements and regulations to ascertain that digital forensics methods do not breach regulations and laws. ...
Article
The rapid technological advancement has led the entire world to shift towards digital domain. However, this transition has also result in the emergence of cybercrimes and security breach incidents that threatens the privacy and security of the users. Therefore, this paper aimed at examining the use of digital forensics in countering cybercrimes, which has been a critical breakthrough in cybersecurity. The paper has analyzed the most recent trends in digital forensics, which include cloud forensics, social media forensics, and IoT forensics. These technologies are helping the cybersecurity professionals to use the digital traces left by the data storage and processing to keep data safe, while identifying the cybercriminals. However, the research has also observed specific threats to digital forensics, which include technical, operational and personnel-related challenges. The high complexity of these systems, large volume of data, chain of custody, the integrity of personnel, and the validity and accuracy of digital forensics are major threats to its large-scale use. Nevertheless, the paper has also observed the use of USB forensics, intrusion detection and artificial intelligence as major opportunities for digital forensics that can make the processes easier, efficient, and safe.
... For example, in the case of cloud forensics, identifying useful network events and recording the minimum representative attributes for each event remains a significant challenge [30]. Lack of international collaboration and legislative frameworks in cross-nation data access/exchange and the increased number of mobile devices accessing the cloud are also significant challenges in cloud forensics [37]. Arguably the most critical problem in digital forensics is the validity and trustworthiness of the evidence itself (safeguarding the chain of custody for the data related to a case), particularly when multiple stakeholders are involved in the overall forensics process. ...
Preprint
Full-text available
As the digitization of information-intensive processes gains momentum in nowadays, the concern is growing about how to deal with the ever-growing problem of cybercrime. To this end, law enforcement officials and security firms use sophisticated digital forensics techniques for analyzing and investigating cybercrimes. However, multi-jurisdictional mandates, interoperability issues, the massive amount of evidence gathered (multimedia, text etc.) and multiple stakeholders involved (law enforcement agencies, security firms etc.) are just a few among the various challenges that hinder the adoption and implementation of sound digital forensics schemes. Blockchain technology has been recently proposed as a viable solution for developing robust digital forensics mechanisms. In this paper, we provide an overview and classification of the available blockchain-based digital forensic tools, and we further describe their main features. We also offer a thorough analysis of the various benefits and challenges of the symbiotic relationship between blockchain technology and the current digital forensics approaches, as proposed in the available literature. Based on the findings, we identify various research gaps, and we suggest future research directions that are expected to be of significant value both for academics and practitioners in the field of digital forensics.
Chapter
This Chapter analyses the capabilities of Artificial Intelligence (AI) in preventing and combatting cyberattacks carried out through or against the Internet of Things (IoT) platforms. To this end, the Chapter examines ways in which AI can be used both to safeguard and to threaten national security in different ways. Addressing digital security, the Chapter explores how AI could be deployed to combat and prevent cyberattacks on IoT devices by drawing upon recent real-life examples of such attacks. The Chapter also investigates the use of AI and the IoT in military applications along with the risks associated with hacking these technologies when deployed in warfare. The Chapter also explores the impact of the misuse of AI on political security, examining how Deepfake technology influences political opinions and how filter bubbles polarise public views. In addition, the Chapter examines the key ethical implications of AI algorithms such as their impact on user privacy or bias against a certain group of individuals. Following the analysis, the Chapter accordingly offers a set of recommendations that can be considered to assist with addressing the stated issues.
Preprint
Full-text available
Recent years have witnessed an increasing number of IoT-related cybersecurity incidents, which is mainly due to three reasons: immaturity of IoT security, extensive use of IoT technologies in various fields, and a dramatic surge in the number of IoT users (particularly, in case of cloud connected IoT (cloud-IoT) technologies). On the other hand, to execute forensic investigations that involve cloud-IoT environments, there is a need for knowledge and skill in different areas such as readiness, live and dead forensics. Though, accomplishment of this objective with the use of conventional approaches could be noticeably challenging. For that reason, it is must to develop a cloud-IoT forensic process model capable of guiding consumers before, during, and after the occurrence of an incident. The current paper is focused on developing a consumer-oriented process model. In addition, this study uses the Forensics Iterative Development Model (FIDM) to examine the effectiveness of the proposed model on a simulated cloud-IoT environment in reflecting two different cloud crime scenarios. The process of developing the model is elaborated in the paper. Considering the challenges extracted through a comprehensive literature review, this study defined the requirements that need to be satisfied by forensic process models aiming to make investigation within cloud-IoT environments. In this sense, the forensic process models introduced already in the literature were assessed on the basis of the requirements defined. Then, a set of inclusion criteria was formed for the evaluation of the conventional digital forensics process models so that we could mark out the best group of models that could have best contribution to developing the proposed model. The final output of the present paper was an innovative model called Cloud-IoT Forensic Process Model (CFPM) capable of taking into consideration the consumers’ perspectives. Finally, the CFPM performance was evaluated by implementing it on two case scenarios. The obtained results confirmed the high effectiveness of the proposed model in terms of performing the tasks defined.
Article
Full-text available
Weather in Malaysia are hot and humid throughout the year thus having a sudden rain can disrupt the drying of laundries and make them wet. In this study, an automated retractable roof system was developed to overcome this problem. The development and implementation of this study enables user to monitor the parameters at the laundry suspension area by using their smartphone and prevent the laundries getting wet from rain. This study uses humidity sensors, Ultraviolet (UV) sensor, rain sensor, and temperature sensor to detect parameter such as humidity, UV intensity, presence of water and temperature respectively. Data from the sensors were collected and analysed to determine the values of parameters when rains occurred. These parameters were indicated as part of weather prediction study. From experiment, the retractable roof will open and close depended on condition met by the system. In addition, the system can communicate with the user’s phone through using Internet connection. The Blynk application in the smartphone allows the user to monitor and control the system through internet connection between the application and microcontroller. This study will be helpful for non-commercial use and can be expanded to commercial use as with further improvement.
Article
Full-text available
Aromatherapy candles with essential oils which can provides a therapeutic treatments have been made to maintain and improve our wellbeing. In this paper, a mini prototype of automated aromatherapy candle process plant using IoT and WSN has been proposed and developed. The main process of producing aromatherapy candle are heating and mixing. To produce the right quality of the aromatherapy candle, the quantity of the raw material is important. Heating process will be control by using ESP8266 based PID controller and monitored by using Open Source Programmable Logic Controller called OpenPLC that run on Raspberry Pi. The software is efficient because can support users over the entire plant and process. Mixing process will mix the raw material evenly using agitator motor with specific temperature. The whole process in this work can be monitored and control through PC via this implementation of software. To obtain the best quality of this work, the set point of temperature need to be control and the plant able to be achieved after second test of the study. As the result, this study able to produces aromatherapy candle with better quality in minimal time. This study also able to control the candle from releasing too many Volatile Organic Compound that can effect human life. Armed with the wealth of relevant information presented in this article, it is hoped that readers will have greatly benefited and gained a thorough understanding on how to develop an automated aroma therapy candle process planting using IoT and WSN. With further research put forth into this study, it is also hope it could be an advantage in innovation development and can be implemented in real life manufacturing industry.
Chapter
Any machine exposed to the Internet today is at the risk of being attacked and compromised. The popularity of the internet is not only changing our life view, but also changing the view of crime in our society and all over the world. The reason for Forensic Investigation is increased computer crime. Digital technology is experiencing an explosion in growth and applications. This explosion has created the new concept of the cyber-criminal, and the need for security and forensics experts in the digital environment. The purpose of digital forensics is to answer investigative or legal questions to prove or disprove a court case. To ensure that innocent parties are not convicted and that guilty parties are convicted, it is mandatory to have a complete forensic process carried out by a qualified investigator who implements quality control measures and follows standards. In this paper, types of Digital Forensics with their tools and techniques of investigation are discussed. This chapter also involves the challenges in carrying out Digital forensics.
Article
“Forensic-by-design” is an emergent and ambitious paradigm that extends the Digital Forensic Readiness (DFR) perspective. Similar to Security-by-design, this new vision advocates the integration of Forensic requirements into the system's design and development stages to get “Forensic-ready” systems. While it seems promising, we hypothesize that: (a) this new alternative is not effective for some open boundaries systems, and (b) this strategy is not fully aligned with the Systems and software Engineering (SE) standards. A six phases research methodology based on systematic literature review, mapping, and analysis was adopted. Our results confirm indeed the stated hypothesis, identify missing key factors, and point out potential omissions. A new System and software Engineering driven Forensic-by-design framework, with an emphasis on Cloud computing systems, is therefore proposed.
Article
The rate of using cloud service is increased in recent years. The service provided by cloud computing (CC) is pre-owned by various laptops, smartphones, desktop computers, and notebook users. Cloud service enable the authorization practice due to an increasing number of cloud service users. Cloud service employs different host to deliver service to the users. But some hosts may be malicious and steal the user’s information or else it provides an unwanted file instead of original files to the user. In previous works, this malicious hosts are identified by site re-routing links, distinguishing file types and so on. The main impact of this malicious host is that it delivers infected data or files to the user or it divert the user to the non-requested data and files. In this paper, we focus on identification and classification of malicious hosts. The host list is examined to extract the features of malicious host by applying firefly algorithm. This identified features are then pre-processed by principal component analysis (PCA) method. The Deep Neural Network based Shuffled Frog Leap Optimization (DNN-SFLO) algorithm is a famous deep learning (DL) approach proposed to test the optimized weights of an identified features. DNN-SFLO accurately detects the malicious host, because the presence of malicious host may affect the cloud service. Performance of DNN-SFLO based host detection is compared with Naïve Bayes, Neural Network (NN), Artificial NN (ANN), Fuzzy C-Means (FCM), Fuzzy k-Nearest Neighbour (FKNN), Support vector machine (SVM). Implementation for this host detection process is carried out in python. The performance metrics taken to evaluate the effectiveness of DNN-SFLO is F-measure, precision, G-mean, sensitivity, error detection probability, and recall
Article
Your Phone is a Microsoft dual mobile/desktop application that links a Windows 10 environment to a smartphone. The Android version provides the smartphone's user with the ability to control the mobile device from Windows 10, allowing to place/receive calls, send/receive text messages such as SMS, MMS and RCS, access up to the last 2000 photos/screenshots of the device and to receive notifications from applications, all through the Windows 10 Your Phone application and, if configured to do so, within Windows 10 notification center. This work analyzes the Your Phone environment, that is, Your Phone Companion for Android and Your Phone for Windows 10. The paper studies the digital forensic artifacts that can be found in a post mortem analysis, focusing on the SQLite3 databases used by both the Android and Windows 10 applications. We also compare the examined version with a previous version of Your Phone, showing that Your Phone newest functionalities bring new valuable artifacts for forensic examiners. The study shows that Your Phone data left on a Windows 10 device can be useful to access a copy of messages, photos, and document interactions, especially when the Android device is inaccessible or even physically unavailable. To ease the task for digital forensic examiners, we have updated our open-source YPA software that collects and analyzes Your Phone data from a Windows 10 system. YPA runs as a module within the digital forensic Autopsy software.
Article
Log files are the primary source of recording users, applications and protocols, activities in the cloud ecosystem. Cloud forensic investigators can use log evidence to ascertain when, why and how a cyber adversary or an insider compromised a system by establishing the crime scene and reconstructing how the incident occurred. However, digital evidence acquisition in a cloud ecosystem is complicated and proven difficult, even with modern forensic acquisition toolkit. The multi-tenancy, Geo-location and Service-Level Agreement have added another layer of complexity in acquiring digital log evidence from a cloud ecosystem. In order to mitigate these complexities of evidence acquisition in the cloud ecosystem, we need a framework that can forensically maintain the trustworthiness and integrity of log evidence. In this paper, we design and implement a Blockchain Cloud Forensic Logging (BCFL) framework, using a Design Science Research Methodological (DSRM) approach. BCFL operates primarily in four stages: (1) Process transaction logs using Blockchain distributed ledger technology (DLT). (2) Use a Blockchain smart contract to maintain the integrity of logs and establish a clear chain of custody. (3) Validate all transaction logs. (4) Maintain transaction log immutability. BCFL will also enhance and strengthen compliance with the European Union (EU) General Data Protection Regulation (GDPR). The results from our single case study will demonstrate that BCFL will mitigate the challenges and complexities faced by digital forensics investigators in acquiring admissible digital evidence from the cloud ecosystem. Furthermore, an instantaneous performance monitoring of the proposed Blockchain cloud forensic logging framework was evaluated. BCFL will ensure trustworthiness, integrity, authenticity and non-repudiation of the log evidence in the cloud.
Article
Full-text available
Cloud forensics has become increasingly critical in cloud computing security in recent years. A fundamental problem in cloud forensics is how to safely and effectively obtain, preserve, and analyze evidence. With massive cloud forensic systems and tools having been proposed over the years, we identify one challenge that is not adequately addressed in the current literature. The problem is “credibility of cloud evidence”; this is where the evidence collected in the cloud is unreliable due to its multitenancy and the multiple participants in the forensic process. In this paper, we develop a new Cloud Forensics Tamper‐Proof Framework (TamForen) for cloud forensics, which can be used in an untrusted and multitenancy cloud environment. This framework relies on the cloud forensics system independent of the daily cloud activities and is implemented based on the Multilayer Compressed Counting Bloom Filter. Unlike existing cloud forensics methods that depend on the support and trust of cloud service providers, TamForen takes into account the untrustworthiness of participants in the forensics process and conducts tamper‐proof protection of data in a decentralized way without violating users' privacy. We simulate a cloud forensics environment to evaluate TamForen, and the results show that TamForen is feasible.
Article
Cloud storage can provide on-demand outsourcing of data services for organizations and individuals. However, because customers may not fully trust that cloud service providers meet their legal expectations for data security, techniques for auditing the cloud have attracted increasing attention. Here, we present an architecture of public data auditing, review existing methods or mechanisms for various auditing objectives, and discuss trends and possible future developments.
Book
The rapid technological advancement has led the entire world to shift towards digital domain. However, this transition has also result in the emergence of cybercrimes and security breach incidents that threatens the privacy and security of the users. Therefore, this chapter aimed at examining the use of digital forensics in countering cybercrimes, which has been a critical breakthrough in cybersecurity. The chapter has analyzed the most recent trends in digital forensics, which include cloud forensics, social media forensics, and IoT forensics. These technologies are helping the cybersecurity professionals to use the digital traces left by the data storage and processing to keep data safe, while identifying the cybercriminals. However, the research has also observed specific threats to digital forensics, which include technical, operational and personnel-related challenges. The high complexity of these systems, large volume of data, chain of custody, the integrity of personnel, and the validity and accuracy of digital forensics are major threats to its large-scale use. Nevertheless, the chapter has also observed the use of USB forensics, intrusion detection and artificial intelligence as major opportunities for digital forensics that can make the processes easier, efficient, and safe.
Chapter
Smartphones have become popular in recent days due to the accessibility of a wide range of applications. These sophisticated applications demand more computing resources in a resource constraint smartphone. Cloud computing is the motivating factor for the progress of these applications. The emerging mobile cloud computing introduces a new architecture to offload smartphone and utilize cloud computing technology to solve resource requirements. The popularity of mobile cloud computing is an opportunity for misuse and unlawful activities. Therefore, it is a challenging platform for digital forensic investigations due to the non-availability of methodologies, tools and techniques. The aim of this work is to analyze the forensic tools and methodologies for crime investigation in a mobile cloud platform as it poses challenges in proving the evidence.
Chapter
Cloud computing has become one of the fastest-growing IT infrastructures in the world. Criminals are aggressively expanding the use of digital technologies for illegal activities. As a consequence, the rise of cybercrimes in cloud systems exacerbates the problem of scale for digital forensic practitioners. Traditional digital forensic approaches such as the data acquisition of electronic devices, personal computer forensics, live data forensics, network investigations and forensics, mobile phone forensics, and are not sufficient or only partly applicable for the investigation, acquisition and analysis of evidence from cloud computing platforms. The evaluation of digital forensic techniques for cloud service models is still a challenge due to the lack of efficient criteria. Therefore, in this chapter, we first define the criteria for evaluating existing digital forensic approaches for the three main cloud service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). After that, we will review, analyse and compare each digital forensic approach in order to display existing gaps that need further solutions.
Article
Full-text available
The ATLAS experiment at the LHC has successfully incorporated cloud computing technology and cloud resources into its primarily grid-based model of distributed computing. Cloud R&D activities continue to mature and transition into stable production systems, while ongoing evolutionary changes are still needed to adapt and refine the approaches used, in response to changes in prevailing cloud technology. In addition, completely new developments are needed to handle emerging requirements. This paper describes the overall evolution of cloud computing in ATLAS. The current status of the virtual machine (VM) management systems used for harnessing Infrastructure as a Service resources are discussed. Monitoring and accounting systems tailored for clouds are needed to complete the integration of cloud resources within ATLAS' distributed computing framework. We are developing and deploying new solutions to address the challenge of operation in a geographically distributed multi-cloud scenario, including a system for managing VM images across multiple clouds, a system for dynamic location-based discovery of caching proxy servers, and the usage of a data federation to unify the worldwide grid of storage elements into a single namespace and access point. The usage of the experiment's high level trigger farm for Monte Carlo production, in a specialized cloud environment, is presented. Finally, we evaluate and compare the performance of commercial clouds using several benchmarks.
Article
Full-text available
Cloud computing is estimated to be one of the most transformative technologies in the history of computing. Cloud organizations, including the providers and customers of cloud services, have yet to establish a well-defined forensic capability. Without this they are unable to ensure the robustness and suitability of their services to support investigations of criminal activity. In this paper, we take the first steps towards defining the new area of cloud forensics, and analyze its challenges and opportunities.
Conference Paper
Full-text available
This paper presents the first version of the NIST Cloud Computing Reference Architecture (RA). This is a vendor neutral conceptual model that concentrates on the role and interactions of the identified actors in the cloud computing sphere. Five primary actors were identified - Cloud Service Consumer, Cloud Service Provider, Cloud Broker, Cloud Auditor and Cloud Carrier. Their roles and activities are discussed in this report. A primary goal for generating this model was to give the United States Government (USG) a method for understanding and communicating the components of a cloud computing system for Federal IT executives, Program Managers and IT procurement officials.
Article
In this paper we present the current results and analysis of the survey "Cloud forensics and critical criteria for cloud forensic capability" carried out towards digital forensic experts and practitioners. This survey was created in order to gain a better understanding on some of the key questions of the new field -­‐ cloud forensics -­‐ before further research and development. We aim to understand concepts such as its definition, the most challenging issues, most valuable research directions, and the critical criteria for cloud forensic capability.
Sony network breach shows Amazon cloud's appeal for hackers, Bloomberg http://www.bloomberg. com/news/2011-05-15/sony-attack-shows-amazon-s-cloud-service-lures-hackers-at-pennies-an-hour.html; 2011. retrieved on 22 Gartner. Gartner's top predictions for IT organizations and users
  • D Farber
  • J Galante
  • O Kharif
  • Alpeyev
Farber D. Oracle's Ellison nails cloud computing. CNET; 2008. September 26. Galante J, Kharif O, Alpeyev P. Sony network breach shows Amazon cloud's appeal for hackers, Bloomberg. 16 May 2011, http://www.bloomberg. com/news/2011-05-15/sony-attack-shows-amazon-s-cloud-service-lures-hackers-at-pennies-an-hour.html; 2011. retrieved on 22 Jun 2012. Gartner. Gartner highlights five attributes of cloud computing. Gartner Press; 2009. Releases June 23. Gartner. Gartner's top predictions for IT organizations and users, 2011 and beyond: IT's growing transparency 2010.
NIST cloud computing standards roadmap. National Institute of Standards and Technology
  • M Hogan
  • F Liu
  • A Sokol
  • J Tong
Hogan M, Liu F, Sokol A, Tong J. NIST cloud computing standards roadmap. National Institute of Standards and Technology; 2011. Special Publication 500-291.
The new PC era: the personal cloud. Gartner; 2012. Kusnetzky D. Cloud computing – evolution not revolution
  • S Kleynhans
  • F Liu
  • Mao J J Tong
  • R Bohn
  • J Messina
  • Badger
Kleynhans S. The new PC era: the personal cloud. Gartner; 2012. Kusnetzky D. Cloud computing – evolution not revolution. ZDNet. December 29, 2009, retrieved from, http://www.zdnet.com/blog/ virtualization/cloud-computing-evolution-not-revolution/1541; 2009. on November 10, 2012. Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, et al. NIST cloud computing reference architecture. NIST Special Publication 500-292.
DC: NIST; 2011. Mcwillian L. Cloud computing – evolution not revolution. Cloud EXPO Cloud Computing Journal
  • Washington
Washington, DC: NIST; 2011. Mcwillian L. Cloud computing – evolution not revolution. Cloud EXPO Cloud Computing Journal. March 25, 2011, retrieved from, http:// cloudcomputing.sys-con.com/node/1767096; 2011. on November 10, 2012.
Revolution not evolution: how cloud computing differs from traditional IT and why it matters
  • Rackspace
Rackspace. Revolution not evolution: how cloud computing differs from traditional IT and why it matters 2011.
Gartner's top predictions for IT organizations and users, 2011 and beyond: IT's growing transparency
  • Gartner
Gartner. Gartner's top predictions for IT organizations and users, 2011 and beyond: IT's growing transparency 2010.
Cloud computing-evolution not revolution. ZDNet virtualization/cloud-computing-evolution-not-revolution
  • D Kusnetzky
Kusnetzky D. Cloud computing-evolution not revolution. ZDNet. December 29, 2009, retrieved from, http://www.zdnet.com/blog/ virtualization/cloud-computing-evolution-not-revolution/1541; 2009. on November 10, 2012.
Gartner highlights five attributes of cloud computing
  • Gartner
Gartner. Gartner highlights five attributes of cloud computing. Gartner Press; 2009. Releases June 23.
sony-attack-shows-amazon-s-cloud-servicelures-hackers-at-pennies-an-hour.html
  • J Galante
  • O Kharif
  • P Alpeyev
Galante J, Kharif O, Alpeyev P. Sony network breach shows Amazon cloud's appeal for hackers, Bloomberg. 16 May 2011, http://www.bloomberg. com/news/2011-05-15/sony-attack-shows-amazon-s-cloud-servicelures-hackers-at-pennies-an-hour.html; 2011. retrieved on 22 Jun 2012.
Cloud computing – the IT solution for the 21st century 2011. Carbon Disclosure Project Study
Carbon Disclosure Project [CDP]. Cloud computing – the IT solution for the 21st century 2011. Carbon Disclosure Project Study 2011.
Security guidance for critical areas of focus in cloud computing V3
  • Cloud Security Alliance
Cloud Security Alliance [CSA]. Security guidance for critical areas of focus in cloud computing V3.0 2011. San Francisco, California.
Cloud computing is an evolution not a revolution CWDN: The Computer Weekly Application Developer Networkcloud-computing-is-an-evolution-not-a-revolution.html; 2011
  • A Bridgwater
Bridgwater A. Cloud computing is an evolution not a revolution. CWDN: The Computer Weekly Application Developer Network. March 31, 2011, retrieved from, http://www.computerweekly.com/blogs/cwdn/ 2011/03/cloud-computing-is-an-evolution-not-a-revolution.html; 2011. on November 10, 2012. Carbon Disclosure Project [CDP]. Cloud computing-the IT solution for the 21st century 2011. Carbon Disclosure Project Study 2011.
The new PC era: the personal cloud
  • S Kleynhans
Kleynhans S. The new PC era: the personal cloud. Gartner; 2012.
Security guidance for critical areas of focus in cloud computing V2
  • Cloud Security Alliance
Cloud Security Alliance [CSA]. Security guidance for critical areas of focus in cloud computing V2.1 2009. San Francisco, California.
A history of the ARPANET: the first decade. Defense Advanced Research Projects Agency
  • Bolt
  • Beranek
  • Newman
Bolt, Beranek, Newman. A history of the ARPANET: the first decade. Defense Advanced Research Projects Agency; 1981.
Oracle's Ellison nails cloud computing. CNET
  • D Farber
Farber D. Oracle's Ellison nails cloud computing. CNET; 2008. September 26.
Cloud computing-evolution not revolution. Cloud EXPO Cloud Computing Journal
  • L Mcwillian
Mcwillian L. Cloud computing-evolution not revolution. Cloud EXPO Cloud Computing Journal. March 25, 2011, retrieved from, http:// cloudcomputing.sys-con.com/node/1767096; 2011. on November 10, 2012.
CWDN: The Computer Weekly Application Developer Network
  • A Bridgwater
Bridgwater A. Cloud computing is an evolution not a revolution. CWDN: The Computer Weekly Application Developer Network. March 31, 2011, retrieved from, http://www.computerweekly.com/blogs/cwdn/ 2011/03/cloud-computing-is-an-evolution-not-a-revolution.html; 2011. on November 10, 2012. Carbon Disclosure Project [CDP]. Cloud computing -the IT solution for the 21st century 2011. Carbon Disclosure Project Study 2011.
Cloud computing -evolution not revolution
  • L Mcwillian
Mcwillian L. Cloud computing -evolution not revolution. Cloud EXPO Cloud Computing Journal. March 25, 2011, retrieved from, http:// cloudcomputing.sys-con.com/node/1767096; 2011. on November 10, 2012.