An integrated conceptual digital forensic framework for cloud computing

Increasing interest in and use of cloud computing services presents both opportunities for criminal exploitation and challenges for law enforcement agencies (LEAs). For example, it is becoming easier for criminals to store incriminating files in the cloud computing environment but it may be extremely difficult for LEAs to seize these files as the latter could potentially be stored overseas. Two of the most widely used and accepted forensic frameworks – McKemmish (1999) and NIST (Kent et al., 2006) – are then reviewed to identify the required changes to current forensic practices needed to successfully conduct cloud computing investigations. We propose an integrated (iterative) conceptual digital forensic framework (based on McKemmish and NIST), which emphasises the differences in the preservation of forensic data and the collection of cloud computing data for forensic purposes. Cloud computing digital forensic issues are discussed within the context of this framework. Finally suggestions for future research are made to further examine this field and provide a library of digital forensic methodologies for the various cloud platforms and deployment models.

[1]  Abhinav Mishra,et al.  Cloud computing security considerations , 2011, 2011 IEEE International Conference on Signal Processing, Communications and Computing (ICSPCC).

[2]  Michaela Iorga Challenging Security Requirements for US Government Cloud Computing Adoption | NIST , 2012 .

[3]  Shaftab Ahmed,et al.  Tackling cloud security issues and forensics model , 2010, 7th International Symposium on High-capacity Optical Networks and Enabling Technologies.

[4]  M. P. F. C. A. J. Sammes BSc,et al.  Forensic Computing , 2000, Practitioner Series.

[5]  Chris Rose,et al.  A Break in the Clouds: Towards a Cloud Definition , 2011 .

[6]  Ken ZatykoDr The Digital Forensics Cyber Exchange Principle , 2014 .

[7]  Stephen Biggs,et al.  Cloud Computing: The impact on digital forensic investigations , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[8]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[9]  Matt Bishop,et al.  Storm Clouds Rising: Security Challenges for IaaS Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[10]  Vivek Kundra,et al.  Federal Cloud Computing Strategy , 2011 .

[11]  Ophir Frieder,et al.  A system for the proactive, continuous, and efficient collection of digital forensic evidence , 2011, Digit. Investig..

[12]  Simson L. Garfinkel,et al.  Forensic carving of network packets and associated data structures , 2011, Digit. Investig..

[13]  Rodney McKemmish,et al.  What is forensic computing , 1999 .

[14]  Diane Barrett,et al.  Cloud Computing and the Forensic Challenges , 2010 .

[15]  Edgar R. Weippl,et al.  Social snapshots: digital forensics for online social networks , 2011, ACSAC '11.

[16]  Mark John Taylor,et al.  Forensic investigation of cloud computing systems , 2011, Netw. Secur..

[17]  Kim-Kwang Raymond Choo Cloud computing: Challenges and future directions , 2010 .

[18]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[19]  Chris Wren,et al.  Cloud computing: Forensic challenges for law enforcement , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[20]  Bernd Grobauer,et al.  Understanding Cloud Computing Vulnerabilities , 2011, IEEE Security & Privacy.

[21]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[22]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.