Cloud computing involves potentially greater exposure to security threats and privacy breaches, since the cloud is based on the Internet and all the user’s resources are handed over to the cloud without any security during travel and rest. Because it is a vulnerable medium lots of investigation is needed when the crime is happened. Computer forensics has emerged in recent years as an important tool in the fight against crime. It is defined as the application of computer investigation and analysis techniques to determine potential evidence. The forensic investigation techniques face different types of issues while inspecting the cloud environment. The novel approach uses multi factor authentication and a supervisor in order to identify the criminals. The cloud service will be compliant with the current digital forensic investigation techniques by using the proposed solutions; it also offers the great advantage of being investigable and, ultimately, the customer's confidence.
Nowadays, organizations are learning the advantages of cloud computing and moving toward transferring their information to the cloud; that gains cyber thefts’ interest to the cloud resources with a better level of endangerment . A recent FBI analysis indicates that the dimensions of the common digital forensic case is growing at the speed of 35th per annum indicates the wild increase in digital crimes . Thus, this can be completely important to pay a lot of attention to cloud laptop security and consequently cloud computing forensic investigation. Obviously, so as to debate concerning the digital forensic investigation and cloud systems, having a basic knowledge of each space is crucial .
Cloud Computing as outlined by the US National Institute of Standards and Technology (NIST) is “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable The provision and discharge of rapid borderline management or service-supplier interface computing tools (e.g. networks, servers, storage systems, applications and services) [ 5 ]. The cloud computing with current technologies, concerned three common models of services as — Infrastructure as a Service (IaaS) that provides a virtualized machine (an environment like a physical machine however with some limitations) to the clients, — Platform as a Service (PaaS) that sometimes give an Application Programming Interface (API) to the consumer so it'll be potential to utilize the API and develop custom-made applications; and — software as a Service (SaaS) with providing an interface (usually web based) to the consumer for using the intended service [2,7].
By knowing the standard digital forensic investigation practices, now, it's vivid that the character of cloud computing is in direct conflicts with digital forensics investigation. Except within the IaaS cloud model that gives an environment logically like a machine, none of the programs and approaches for digital information collection is possible for the cloud computing models. as an example, collecting the system processes and observant system standing is not possible as a result of SaaS and PaaS don't give any access to the operation system commands . Supported the kind of drawback occurred in forensic investigation stage; the subsequent are issues investigators face .
Although cloud computing would possibly seem attractive to a business, it's not without its own distinctive issues and considerations. Accessing a distant server to initiate an application via the net presents many obvious security risks . Storage of sensitive company information on a distant server raises issues concerning the privacy and accessibility of that information by an unauthorized second party. The business or client is not usually responsive to the physical location of the information [11,12]. Likewise, they will not be ready to pick out what policies/procedures are in place to recover information ought to a server crash or become compromised. Legal and restrictive necessities and compliance may be lacking within the location(s) wherever the information is really stored . The long-run viability of the information itself and its convenience may become a significant issue should the supplier not provide the services because of bankruptcy, going out of business, or merging with another company.
As one would expect, cloud computing raises some distinctive law enforcement issues relating to the situation of potential digital evidence, its preservation, and its consequent forensic analysis [13,14,15]. For example, if a client or business becomes the target of a criminal investigation, they may migrate their operating environment to a cloud environment. This is able to offer a way for the business to continue its routine operations whereas the migrated environment is forensically analyzed. However, this is often not without risk. The migrated information solely represents a “snapshot” of once it had been sent to the cloud . Since the information will be stored anyplace within the world, its dispersion may be to a location or country wherever privacy laws are not readily implemented or non-existent. Establishing a sequence of custody for the information would become tough or not possible if its integrity and authenticity cannot be absolutely determined (where was it stored, who had access to look at it, was there information leak, commingling of information, etc.). There are potential forensic problems once the client or user exits a cloud application [17,18].
All the problems mentioned before, are the results of the massive distinction in cloud computing characteristic by the originally designed model, Single personal computer or Server. A brand new framework for computer forensic investigation, alone, cannot address of these issues; instead it demands for a framework for cloud computing. A number of the advised keys for cloud computing framework and analysis are as follow.
Many types of proof found in clouds, can probably be like that found in standard investigations, as well as workplace application documents, emails and pictures. many new types of evidence also will be obtainable, especially records of activities of users with clouds. Major cloud providers like Amazon and Google have enforced variety of work mechanisms trailing use among their services:
Message Log Search - is a service from Google that permits directors to create queries on email messages. Forensic investigators can even use this search provided they will gain access to the administrator account. Using this tool an investigator will realize logs containing data such as: emails sent on a selected date, account ID identification for a selected email, identification of specific email recipients, and therefore the IP address of the causing or receiving Mail agency.
Amazon simple Storage Service (S3) logging - amongst different work, Amazon provides work for ‘buckets’ created exploitation Amazon S3. Work is organized to record requests created against the bucket like the request kind, the resource that the request worked and therefore the time and information of the request.
Software hashing tools are normally utilized in standard investigations to validate the on-going integrity of information used as proof. A hash function is an algorithm for changing arbitrary length information strings into fastened length hash values, generally a number of hundred bytes long. Hash functions are designed in order that any modification within the input file should (with high probability) manufacture a unique output hash value. Hash values will thus be periodically computed for disk pictures, files or alternative information representing forensic evidence to achieve assurance that the evidence has not been modified by an analysis.
Assuming that the investigator has gained management of the cloud service it's necessary to get an accurate copy of the information command by the service for later analysis. Each the DIP Model and ACPO tips assume the utilization of ‘forensic imaging’ to get copies of a storage device’s contents without alteration of the source. The collection of proof from a cloud environment is probably going to create a challenge to investigators. Sorting tools, volatile and persistent memory acquisition software, as utilized in standard investigations, on a consumer computer could offer minimal data.
The virtualization of information storage during a cloud makes it advanced to spot and isolate the parts of the one or a lot of physical storage devices in hand by a cloud provider that represents the user’s data that should be gathered for analysis. Virtualized information hold on a cloud could also be unfolded between many alternative physical devices and an interface between the virtual memory and therefore the investigator may exist.
In continue some of the planned approaches to avoid challenges in identifying the proof are mentioned. as the first prompt resolution for addressing the challenge of “Access to evidences in logs“, in PaaS cloud model, it is potential to arrange an API to extract relevant standing information of the system, restricted by the information associated with the consumer solely. In SaaS, depends on the interface, it would be attainable to implement the feature to envision the essential logs and standing of the client’s usage. All higher than options should offer read-only access solely and demands for specific log and system standing manager running as a cloud service. it is notable that the domain of provided information should be explicit within the client-CSP contract. additionally, to deal with the forensic investigation challenge represented before as “Data loss in volatile storage”, despite of the value, it should be globalized between cloud service suppliers to supply persistent memory device for shoppers data; which is able to brings the advantage of data-safety and data-recovery chance for shoppers, and also the simple evidence collection from a forced powered-off cloud machine. On the opposite hand, to insure the clients’ privacy of information, it should be indicated within the client-CSP’s contract that for example the clients information are triple wiped once per week the contract finished.
Additionally, to insure the confidentiality of information it's doable to cipher all users’ data, thus it'll not be decipherable by unauthorized person. Designing, implementing or configuring the consumer side application to log all potential proofs on the client’s machine is an answer for the difficulty represented as “Client side evidence identification”. The consumer side application that communicates with cloud services is wont to collect evidences because it may be a district of the crime. Built-in work feature of sensitive information in consumer side application will help preserve potential evidences like user communication logs and different sensitive information.
The solutions suggested here, are associated with the challenges of the gathering step in common computer forensic investigation methodology. Concerning challenge of “Making forensic image”, with current limitations of cloud computing and digital rhetorical investigation, it's not applicable to form a forensic copy of the storage media containing the proof. Nevertheless it would be potential to get a track record of all clients’ activities like all file accesses, information transmission, live processes and the other helpful forensic record with full physical address of the accessed space. Later on, to get a forensic image of specific clients all it needs is to see the track record of the consumer and so copy bit-by-bit stream of all the area the consumer has accessed to. Obviously, the applicability of this approach largely depends on the generation of the track record of the consumer, which may be enforced by the cloud.
Following is the planned answer for the matter clarifies as “Usefulness of evidences”. Using multi-factor authentication strategies and crypto logic tunneling protocols like Virtual personal Network (VPN) to authorize the consumer and guarantee the confidentiality and integrity of information will merely solve the challenge. Having a multifactor authentication will stop the user to assert regarding stolen authentication credentials. In the court of law, proving that the user account wasn't compromised and malicious activities are done by the owner isn't easy if the IP or different identical data has been faked.
In continue, a simple answer is planned to resolve the problem mentioned before as “Data Reconstruction” challenge. Using a specific time system (e.g. GMT) on all entities of the cloud will merely address the challenge of various geographical zones because it brings the benefit of having a logical time pattern. This could be used later to demonstrate a time-line (temporal) analysis of against the law or maybe tracking multiple log records in several physical locations. In IaaS cloud models, the VM time is below the user’s control; thus all the date and times used in logs and different records should be converted to the particular time system.
Even though cloud computing has plenty of advantages it is vulnerable to greater security threats since it is using network as communication medium and off premise data processing. User’s privacy also has to be taken into consideration. Since it is a vulnerable medium and having higher chance of risk it needs lots of investigations when it is getting attacked or after crime is happened. Computer forensics has emerged in recent years as an important tool in the fight against crime. In this paper we have introduced a new scheme for investigation for cloud crime and attacks. It also discusses some of the challenges faced by cloud investigation methods and solutions for those challenges.
1. Al-Aqrabi, H., Liu, L., Xu, J., Hill, R., Antonopoulos, N. and Zhan, Y., 2012, April. Investigation of IT security and compliance challenges in Security-as-a-Service for Cloud Computing. In Object/Component/Service-Oriented Real-Time Distributed Computing Workshops (ISORCW), 2012 15th IEEE International Symposium on (pp. 124-129). IEEE.
2. Birk, D. and Wegener, C., 2011, May. Technical issues of forensic investigations in cloud computing environments. In Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop on (pp. 1-10). IEEE.
3. Brodkin, J., 2008. Gartner: Seven cloud-computing security risks. Infoworld, 2008, pp.1-3.
4. Damshenas, M., Dehghantanha, A., Mahmoud, R. and bin Shamsuddin, S., 2012, June. Forensics investigation challenges in cloud computing environments. In Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on (pp. 190-194). IEEE.
5. Dinh, H.T., Lee, C., Niyato, D. and Wang, P., 2013. A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), pp.1587-1611.
6. Dykstra, J. and Sherman, A.T., 2012. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation, 9, pp.S90-S98.
7. Heiser, J. and Nicolett, M., 2008. Assessing the security risks of cloud computing. Gartner report, 2(8), pp.2-6.
8. Jaeger, P.T., Lin, J. and Grimes, J.M., 2008. Cloud computing and information policy: Computing in a policy cloud?. Journal of Information Technology & Politics, 5(3), pp.269-283.
9. Jansen, W. and Grance, T., 2011. Sp 800-144. guidelines on security and privacy in public cloud computing.
10. Ko, R.K., Jagadpramana, P., Mowbray, M., Pearson, S., Kirchberg, M., Liang, Q. and Lee, B.S., 2011, July. TrustCloud: A framework for accountability and trust in cloud computing. In Services (SERVICES), 2011 IEEE World Congress on (pp. 584-588). IEEE.
11. Martini, B. and Choo, K.K.R., 2012. An integrated conceptual digital forensic framework for cloud computing. Digital Investigation, 9(2), pp.71-80.
12. Park, S.C. and Ryoo, S.Y., 2013. An empirical investigation of end-users’ switching toward cloud computing: A two factor theory perspective. Computers in Human Behavior, 29(1), pp.160-170.
13. Ruan, K., Carthy, J., Kechadi, T. and Crosbie, M., 2011, January. Cloud forensics. In IFIP International Conference on Digital Forensics (pp. 35-46). Springer Berlin Heidelberg.
14. Sudhan, S.K. and Kumar, S.S., 2014. A Panoptic Survey on Cloud Computing. International Journal of Research in Engineering Technology, 2(3).
15. Sudhan, S.K.H.H. and Kumar, S.S., 2015. An innovative proposal for secure cloud authentication using encrypted biometric authentication scheme. Indian Journal of Science and Technology, 8(35).
16. Sudhan, S.K.H.H. and Kumar, S.S., 2016. Gallant Use of Cloud by a Novel Framework of Encrypted Biometric Authentication and Multi Level Data Protection. Indian Journal of Science and Technology, 9(44).
17. Taylor, M., Haggerty, J., Gresty, D. and Hegarty, R., 2010. Digital evidence in cloud computing systems. Computer Law & Security Review, 26(3), pp.304-308.
18. Taylor, M., Haggerty, J., Gresty, D. and Lamb, D., 2011. Forensic investigation of cloud computing systems. Network Security, 2011(3), pp.4-10.