A forensic acquisition and analysis system for IaaS

Cloud computing is a promising next-generation computing paradigm that offers significant economic benefits to both commercial and public entities. Furthermore, cloud computing provides accessibility, simplicity, and portability for its customers. Due to the unique combination of characteristics that cloud computing introduces (including on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service), digital investigations face various technical, legal, and organizational challenges to keep up with current developments in the field of cloud computing. There are a wide variety of issues that need to be resolved in order to perform a proper digital investigation in the cloud environment. This paper examines the challenges in cloud forensics that are identified in the current research literature, alongside exploring the existing proposals and technical solutions addressed in the respective research. The open problems that need further effort are highlighted. As a result of the analysis of literature, it is found that it would be difficult, if not impossible, to perform an investigation and discovery in the cloud environment without relying on cloud service providers (CSPs). Therefore, dependence on the CSPs is ranked as the greatest challenge when investigators need to acquire evidence in a timely yet forensically sound manner from cloud systems. Thus, a fully independent model requires no intervention or cooperation from the cloud provider is proposed. This model provides a different approach to a forensic acquisition and analysis system (FAAS) in an Infrastructure as a Service model. FAAS seeks to provide a richer and more complete set of admissible evidences than what current CSPs provide, with no requirement for CSP involvement or modification to the CSP’s underlying architecture

Cloud forensic: Technical challenges, solutions and comparative analysis

Cloud computing is arguably one of the most significant advances in information technology (IT) services today. Several cloud service providers (CSPs) have offered services that have produced various transformative changes in computing activities and presented numerous promising technological and economic opportunities. However, many cloud customers remain reluctant to move their IT needs to the cloud, mainly due to their concerns on cloud security and the threat of the unknown. The CSPs indirectly escalate their concerns by not letting customers see what is behind virtual wall of their clouds that, among others, hinders digital investigations. In addition, jurisdiction, data duplication and multi-tenancy in cloud platform add to the challenge of locating, identifying and separating the suspected or compromised targets for digital forensics. Unfortunately, the existing approaches to evidence collection and recovery in a non-cloud (traditional) system are not practical as they rely on unrestricted access to the relevant system and user data; something that is not available in the cloud due its decentralized data processing.In this paper we systematically survey the forensic challenges in cloud computing and analyze their most recent solutions and developments. In particular, unlike the existing surveys on the topic, we describe the issues in cloud computing using the phases of traditional digital forensics as the base. For each phase of the digital forensic process, we have included a list of challenges and analysis of their possible solutions. Our description helps identifying the differences between the problems and solutions for non-cloud and cloud digital forensics. Further, the presentation is expected to help the investigators better understand the problems in cloud environment. More importantly, the paper also includes most recent development in cloud forensics produced by researchers, National Institute of Standards and Technology and Amazon

Towards a practical cloud forensics logging framework

This paper exposes and explore the practical issues with the usability of log artefacts for digital forensics in cloud computing. Logs, providing detailed events of actions on a time scale have been a prime forensic artefact. However collection of logs for analysis, from a cloud computing environment is complex and challenging task, primarily due to the volatility, multi-tenancy, authenticity and physical storage locations of logs, which often results in jurisdictional challenges too. Diverse nature of logs, such as network logs, system logs, database logs and application logs produces additional complexity in the collection and analysis for investigative purposes. In addition there is no commonality in log architecture between cloud service providers, nor the log information fully meets the specific needs of forensic practitioners. In this paper we present a practical log architecture framework, analyse it from the perspective and business needs of forensic practitioners. We prove the framework on an ownCloud - a widely used open source platform. The log architecture has been assessed by validating it against the Association of Chief Police Officers Good Practice Guide for Computer-Based Electronic Evidence guidelines. Further validation has been done against the National Institute of Standards and Technology published report on Cloud Computing Forensic Challenges, i.e., NISTIR 8006. Our work helps the forensic examiners and law enforcement agencies in establishing confidence in log artefacts and easy interpretation of logs by presenting it in a user friendly way. Our work also helps the investigators to build a collective chain of evidence as well as the Cloud Service Providers to provision forensics enabled logging

Analysis of DNA ploidy and expression of tumour-associated antigens on human oral carcinomas xenografted in nude mice

Human squamous cell carcinomas (SCC) of the oral cavity were successfully established as xenografts in nude mice. Tumours with higher malignancy scores and involvement of lymph nodes in patients were more readily accepted as xenografts in nude mice. The xenografted tumours were characterised with respect to morphology, histology, DNA index and expression of tumour-associated antigens (TAA). Flow cytometric analysis of cellular DNA content revealed that many of the xenografts retained the parent tumour DNA pattern while some of the xenografts showed progression to aneuploidy. All the xenografted tumours expressed TAA recognised by monoclonal antibody (MAb) 3F8E3. On Western blotting, MAb 3F8E3 recognised proteins of molecular weight 62-64 kDa on parent and xenografted tumours. In general, the xenografts reflect many of the characteristics of the tumours from which they were derived and may provide a useful model for investigating newer approaches of treatment and diagnosis

Experts reviews of a cloud forensic readiness framework for organizations

Cloud computing has drastically altered the ways in which it is possible to deliver information technologies (ITs) to consumers as a service. In addition, the concept has given rise to multiple benefits for consumers and organizations. However, such a fast surge in the adoption of cloud computing has led to the emergence of the cloud as a new cybercrime environment, thus giving rise to fresh legal, technical and organizational challenges. In addition to the vast number of attacks that have had an impact on cloud computing and the fact that cloud-based data processing is carried out in a decentralized manner, many other concerns have been noted. Among these concerns are how to conduct a thorough digital investigation in cloud environments and how to be prepared to gather data ahead of time before the occurrence of an incident; indeed, this kind of preparation would reduce the amount of money, time and effort that is expended. As a number of cloud forensics challenges have not received enough attention, this study is motivated by a particular gap in research on the technical, legal and organizational factors that facilitate forensic readiness in organizations that utilize an Infrastructure as a Service (IaaS) model. This paper presents a framework with which to investigate the factors that facilitate the forensic readiness of organizations. This framework was identified by critically reviewing previous studies in the literature and by performing an in-depth examination of the relevant industrial standards. The factors were comprehensively studied and extracted from the literature; then, the factors were analysed, duplicates were removed, and the factors were categorized and synthesized to produce the framework. To obtain reliable results, the research method involved two steps: a literature review, followed by expert reviews. These techniques help us paint a comprehensive picture of the research topic and validate and confirm the results.Northern Border Universit