10,411 research outputs found
Forensics investigation challenges in cloud computing environments
Cloud computing discusses about sharing any imaginable entity such as process units, storage devices or software. The provided service is utterly economical and expandable. Cloud computing attractive benefits entice huge interest of both business owners and cyber thefts. Consequently, the “computer forensic investigation” step into the play to find evidences against criminals. As a result of the new technology and methods used in cloud computing, the forensic investigation techniques face different types of issues while inspecting the case. The most profound challenges are difficulties to deal with different rulings obliged on variety of data saved in different locations, limited access to obtain evidences from cloud and even the issue of seizing the physical evidence for the sake of integrity validation or evidence presentation. This paper suggests a simple yet very useful solution to conquer the aforementioned issues in forensic investigation of cloud systems. Utilizing TPM in hypervisor, implementing multi-factor authentication and updating the cloud service provider policy to provide persistent storage devices are some of the recommended solutions. Utilizing the proposed solutions, the cloud service will be compatible to the current digital forensic investigation practices; alongside it brings the great advantage of being investigable and consequently the trust of the client
Cloud Forensic: Issues, Challenges and Solution Models
Cloud computing is a web-based utility model that is becoming popular every
day with the emergence of 4th Industrial Revolution, therefore, cybercrimes
that affect web-based systems are also relevant to cloud computing. In order to
conduct a forensic investigation into a cyber-attack, it is necessary to
identify and locate the source of the attack as soon as possible. Although
significant study has been done in this domain on obstacles and its solutions,
research on approaches and strategies is still in its development stage. There
are barriers at every stage of cloud forensics, therefore, before we can come
up with a comprehensive way to deal with these problems, we must first
comprehend the cloud technology and its forensics environment. Although there
are articles that are linked to cloud forensics, there is not yet a paper that
accumulated the contemporary concerns and solutions related to cloud forensic.
Throughout this chapter, we have looked at the cloud environment, as well as
the threats and attacks that it may be subjected to. We have also looked at the
approaches that cloud forensics may take, as well as the various frameworks and
the practical challenges and limitations they may face when dealing with cloud
forensic investigations.Comment: 23 pages; 6 figures; 4 tables. Book chapter of the book titled "A
Practical Guide on Security and Privacy in Cyber Physical Systems
Foundations, Applications and Limitations", World Scientific Series in
Digital Forensics and Cybersecurit
Forensic Analysis in Access Control: a Case-Study of a Cloud Application
We discuss a case-study we have conducted on forensic analysis in access control. The case-study is an application in the Amazon Web Services (AWS) cloud provider. Forensic analysis is the investigation and analysis of evidence of possible wrongdoing. Access control is used to regulate accesses to computing resources. Both forensic analysis and access control are recognized as important aspects of the security of a system. We first argue that posing the forensic analysis problem in the context of access control is meaningful and useful towards the security of a system. We then summarize results on the computational hardness of the forensic analysis problem for two access control schemes from the research literature. We point out that these results suggest that meaningful logging information can render forensic analysis tractable, even efficient. We then instantiate the forensic analysis in access control problem in the context of a cloud application. A cloud application is a software service that can be accessed over the Internet and uses computing resources provided by a cloud provider. A cloud provider provides computing tools and services that can be administered over the Internet. The cloud provider we have adopted is AWS, and the application is ``Hello Retail'', an image-sourcing application for online retailers. In addressing forensic analysis in this context, our particular focus is the manner in which logging information can be leveraged. We ask two kinds of questions: (i) is particular logging information from AWS necessary to answer forensics analysis questions of interest, and, (ii) is particular logging information sufficient? We observe that from the standpoint of (i), default AWS logs have considerable redundancy. We propose an algorithm to prune logs for efficient forensic analysis. From the standpoint of (ii), we observe that it is not possible to definitively answer "yes" or "no" to forensic analysis questions of interest given only the information AWS permits us to log. We identify additional logging information that, if available, would be sufficient. Together, (i) and (ii) provide us with "goal-directed logging". We conclude by reiterating the benefits of forensic analysis in access control, and with suggestions for goal-directed logging in cloud systems
Investigation on the Services of Private Cloud Computing by Using ADAM Method
Cloud services are offered by many cloud service providers, but in for large companies generally are build by a private cloud computing. In cloud systems of abuse it can be done by internal users or due to misconfiguration or may also refer to weaknesses in the system. This study evaluated the ADAM method (Advanced Data Acquisition Model) and tested the case schemes which are being carried out in the laboratory simulation of the process in order to obtain forensic evidence of digital data on private cloud computing services. Referring to the results of the investigation process by using ADAM Method, it can be verified that there are several parameters of the success investigation including the structure of files, files, time stamp, mac-address, IP address, username password, and the data from a server both from the desktop PC or smartphone, therefore the investigation by using ADAM can be succesed properly and correctly. Another contribution of this study was to identify the weaknesses of the service system that used owncloud in users list of the the same group can change another’s user’s passwod
A forensic acquisition and analysis system for IaaS
Cloud computing is a promising next-generation computing paradigm that offers significant economic benefits to both commercial and public entities. Furthermore, cloud computing provides accessibility, simplicity, and portability for its customers. Due to the unique combination of characteristics that cloud computing introduces (including on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service), digital investigations face various technical, legal, and organizational challenges to keep up with current developments in the field of cloud computing. There are a wide variety of issues that need to be resolved in order to perform a proper digital investigation in the cloud environment. This paper examines the challenges in cloud forensics that are identified in the current research literature, alongside exploring the existing proposals and technical solutions addressed in the respective research. The open problems that need further effort are highlighted. As a result of the analysis of literature, it is found that it would be difficult, if not impossible, to perform an investigation and discovery in the cloud environment without relying on cloud service providers (CSPs). Therefore, dependence on the CSPs is ranked as the greatest challenge when investigators need to acquire evidence in a timely yet forensically sound manner from cloud systems. Thus, a fully independent model requires no intervention or cooperation from the cloud provider is proposed. This model provides a different approach to a forensic acquisition and analysis system (FAAS) in an Infrastructure as a Service model. FAAS seeks to provide a richer and more complete set of admissible evidences than what current CSPs provide, with no requirement for CSP involvement or modification to the CSP’s underlying architecture
A Study on Tools And Techniques Used For Network Forensic In A Cloud Environment: An Investigation Perspective
The modern computer environment has moved past the
local data center with a single entry and exit point to a global
network comprising many data centers and hundreds of entry
and exit points, commonly referred as Cloud Computing, used by
all possible devices with numerous entry and exit point for
transactions, online processing, request and responses traveling
across the network, making the ever complex networks even
more complex, making traversing, monitoring and detecting
threats over such an environment a big challenge for Network
forensic and investigation for cybercrimes. It has demanded in
depth analysis using network tools and techniques to determine
how best information can be extracted pertinent to an
investigation. Data mining technique providing great aid in
finding relevant clusters for predicting unusual activities, pattern
matching and fraud detection in an environment, capable to deal
with huge amount of data. The concept of network forensics in
cloud computing requires a new mindset where some data will
not be available, some data will be suspect, and some data will be
court ready and can fit into the traditional network forensics
model. From a network security viewpoint, all data traversing
the cloud network backplane is visible and accessible by the
cloud service provider. It is not possible to think now that one
physical device will only have one operating system that needs to
be taken down for investigation. Without the network forensics
investigator, understanding the architecture of the cloud
environment systems and possible compromises will be
overlooked or missed. In this paper, we focus on the role of
Network Forensic in a cloud environment, its mapping few of the
available tools and contribution of Data Mining in making
analysis, and also to bring out the challenges in this field
Calm before the storm: the challenges of cloud computing in digital forensics
Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed
A forensically-enabled IASS cloud computing architecture
Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures largely due to the dynamic nature of the cloud. Whilst much research has focused upon identifying the problems that are introduced with a cloud-based system, to date there is a significant lack of research on adapting current digital forensic tools and techniques to a cloud environment. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated by the very nature of the multi-tenanted operating environment. Thus, investigators have no option but to rely on cloud providers to acquire evidence, assuming they would be willing or are required to by law. Furthermore, the evidence collected by the Cloud Service Providers (CSPs) is still questionable as there is no way to verify the validity of this evidence and whether evidence has already been lost. This paper proposes a forensic acquisition and analysis model that fundamentally shifts responsibility of the data back to the data owner rather than relying upon a third party. In this manner, organisations are free to undertaken investigations at will requiring no intervention or cooperation from the cloud provider. The model aims to provide a richer and complete set of admissible evidence than what current CSPs are able to provide
- …