Overview of the Forensic Investigation of Cloud Services

Cloud Computing is a commonly used, yet ambiguous term, which can be used to refer to a multitude of differing dynamically allocated services. From a law enforcement and forensic investigation perspective, cloud computing can be thought of as a double edged sword. While on one hand, the gathering of digital evidence from cloud sources can bring with it complicated technical and cross-jurisdictional legal challenges. On the other, the employment of cloud storage and processing capabilities can expedite the forensics process and focus the investigation onto pertinent data earlier in an investigation. This paper examines the state-of-the-art in cloud-focused, digital forensic practises for the collection and analysis of evidence and an overview of the potential use of cloud technologies to provide Digital Forensics as a Service.

[1]  Kim-Kwang Raymond Choo,et al.  Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? , 2013, Digit. Investig..

[2]  Neil C. Rowe,et al.  Identifying Forensically Uninteresting Files Using a Large Corpus , 2013, ICDF2C.

[3]  Ragib Hasan,et al.  Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems , 2013, ArXiv.

[4]  Robert Hegarty,et al.  Digital Evidence Challenges in the Internet of Things , 2014, INC.

[5]  Bernd Grobauer,et al.  Towards incident handling in the cloud: challenges and approaches , 2010, CCSW '10.

[6]  M. Tahar Kechadi,et al.  Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results , 2013, Digit. Investig..

[7]  Flávio Cruz,et al.  A scalable file based data store for forensic analysis , 2015, Digit. Investig..

[8]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[9]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[10]  Sami Tabbane,et al.  Forensic investigation in Mobile Cloud environment , 2014, The 2014 International Symposium on Networks, Computers and Communications.

[11]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[12]  Stefanos Gritzalis,et al.  Cloud Forensics Solutions: A Review , 2014, CAiSE Workshops.

[13]  Bill Hill,et al.  Teleporter: An analytically and forensically sound duplicate transfer system , 2009, Digit. Investig..

[14]  Felix C. Freiling,et al.  Forensic Computing (Dagstuhl Seminar 13482) , 2013, Dagstuhl Reports.

[15]  Salman Baset,et al.  Cloud SLAs: present and future , 2012, OPSR.

[16]  Xiaohui Liang,et al.  Secure provenance: the essential of bread and butter of data forensics in cloud computing , 2010, ASIACCS '10.

[17]  Kim-Kwang Raymond Choo,et al.  Impacts of increasing volume of digital forensic data: A survey and future research challenges , 2014, Digit. Investig..

[18]  Anthony Keane,et al.  Digital forensics investigations in the Cloud , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[19]  M. Tahar Kechadi,et al.  Cloud Forensic Readiness: Foundations , 2013, ICDF2C.

[20]  Tahar Kechadi,et al.  Virtual Machine Forensics by means of Introspection and Kernel Code Injection , 2014 .

[21]  Brian Hay,et al.  Forensics examination of volatile system data using virtual introspection , 2008, OPSR.

[22]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[23]  Kenji Yoshigoe,et al.  Automated Forensic Data Acquisition in the Cloud , 2014, 2014 IEEE 11th International Conference on Mobile Ad Hoc and Sensor Systems.

[24]  Yongzhao Zhan,et al.  Virtualization and Cloud Computing , 2019, CompTIA® A+® Complete Practice Tests.

[25]  M. Tahar Kechadi,et al.  Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on Bittorrent Sync , 2014, J. Digit. Forensics Secur. Law.

[26]  Kim-Kwang Raymond Choo,et al.  framework for digital forensic evidence : Storage , intelligence , review and archive , 2014 .

[27]  Andreas Haeberlen,et al.  A case for the accountable cloud , 2010, OPSR.

[28]  Enrico Pelino,et al.  Law Enforcement Agencies' activities in the cloud environment: a European legal perspective , 2013 .

[29]  Y. Iraqi,et al.  A State-of-the-Art Review of Cloud Forensics , 2014, J. Digit. Forensics Secur. Law.

[30]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[31]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.

[32]  Hai-Yan Chen Cloud crime to traditional digital forensic legal and technical challenges and countermeasures , 2014, 2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA).

[33]  G. G. Meyer,et al.  Lecture notes in business information processing , 2009 .

[34]  Helen J. Wang,et al.  Enabling Security in Cloud Storage SLAs with CloudProof , 2011, USENIX Annual Technical Conference.

[35]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[36]  Radu Sion,et al.  Proceedings of the 2010 ACM workshop on Cloud computing security workshop , 2010, CCS 2010.