Abstract
Legal requirement for cloud forensics is currently uncertain and presents a challenge for the legal system. These challenges arises from the fact that cloud environment consists of distributed shared storages so there is a level of necessary interactions forensic examiners and law enforcement officers require from the cloud provider in order to conduct their investigations. Cloud computing has generated significant interest in both academia and industry, but it is still an evolving paradigm. Cloud computing services are also, a popular target for malicious activities; resulting to the exponential increase of cyber-attacks. Digital evidence is the evidence that is collected from the suspect’s workstations or electronic medium that could be used in order to assist computer forensics investigations. Cloud forensics involves digital evidence collection in the cloud environment. The current established forensic procedures and process models require major changes in order to be acceptable in cloud environment. This chapter aims to assess challenges that forensic examiners face in tracking down and using digital information stored in the cloud and discuss the importance of education and training to handle, manage and investigate computer evidence.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
ACPO. ACPO Good Practice Guide for Digital Evidence (2012). http://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf
Alhadidi, B., Arabeyat, Z., Alzyoud, F., Alkhwaldeh, A.: Cloud computing security enhancement by using mobile PIN code. J. Comput. 11(3), 225–231 (2016)
Batra, M., Gupta, N.: Various security issues and their remedies in cloud computing. Int. J. Adv. Eng. Manag. Sci. (IJAEMS) 2(2), 18–20 (2016)
Bedford, T., Wilson, K.J., Daneshkhah, A.: Assessing parameter uncertainty on coupled models using minimum information methods. Reliab. Eng. Syst. Saf. 125, 3–12 (2014)
Bluementhal, M.S.: Hide and seek in the cloud. IEEE Secur. Priv. 8(2), 57–58 (2010)
Carroll, N., Helfert, M., Lynn, T.: Towards the development of a cloud service capability assessment framework. In: Mahmood, Z. (ed.) Continued Rise of the Cloud: Advances and Trends in Cloud Computing, pp. 289––336. Springer, London (2014)
Chang, V.: The business intelligence as a service in the cloud. Future Gener. Comput. Syst. 37, 512–534 (2014)
Chang, V.: Towards a big data system disaster recovery in a private cloud. Spec. Issue Big Data Inspired Data Sens. Process. Netw. Technol. 35, 65–82 (2015)
Chang, V., Kuo, Y., Ramachandran, M.: Cloud computing adoption framework: a security framework for business clouds. Future Gener. Comput. Syst. 57, 24–41 (2016a)
Chang, V., Ramachandran, M., Yao, Y., Li, C.: A resiliency framework for an enterprise cloud. Int. J. Inf. Manag. 36(1), 155–166 (2016b)
Clarkson, D.B.: Automatics Cloud-Based Disaster Recovery System. United States Patent Application, Patent No. 20160036623 Kind Code: A1 (2016)
Cook, T.: The Cloud of Unknowing, 1st edn. Harcourt Inc., Orlando (2007)
Devi, T., Ganesan, R.: Platform as a Service (PaaS): model and security issues. Indones. J. Electr. Eng. 15(1), 151–161 (2015)
Dykstra, J., Sherman, A.T.: Design and implementation of FROST: digital forensic tools for the OpenStack computing platform. Digit. Investig. 10, 87–95 (2013)
Fan, C.K., Chen, R.-C.: The risk management strategy of applying cloud computing. Int. J. Adv. Comput. Sci. Appl. (IJACSA) 3(9), 18–27 (2012)
Givehchi, O., Jasperneite, J.: Industrial Automation Services as part of the Cloud: First Experiences. Jahreskolloquium Kommunikation in der Automation, Magdeburg (2013)
Grispos, G., Storer, T., Glisson, W.B.: Calm before the storm: the challenges of cloud computing in digital forensics (2012)
Haji, J.: Airline business continuity and IT disaster recovery sites. J. Bus. Contin. Emerg. Plan. 9(3), 228–238 (2016)
Home Affairs Committee: E-Crime, Fifth Report of Session 2013–14. House of Commons, London (2013)
Hu, F., et al.: A review on cloud computing: design challenges in architecture and security. J. Comput. Inf. Technol. - CIT 19, 25–55 (2011)
Jadeja, Y., Modi, K.: Cloud computing - concepts, architecture and challenges. In: IEEE International Conference on Computing, Electronics and Electrical Technologies (2012)
Jahankhani, H., Altawell, N., Hessami, A.G.: Risk and privacy issues of digital oil fields in the cloud. In: Jahankhani, H., Carlile, A., Akhgar, B., Taal, A., Hessami, A., Hosseinian-Far, A. (eds.) Global Security, Safety and Sustainability: Tomorrow’s Challenges of Cyber Security. ICGS3 2015. Communications in Computer and Information Science, vol. 534, pp. 275––284. Springer, Heidelberg (2015). doi:10.1007/978-3-319-23276-8_25
Jahankhani, H., Anastasios, B., Revett, K.: Digital Anti Forensics: Tools and Approaches. Defence College of Management and Technology, Shrivenham (2007)
Jahankhani, H., Hosseinian-Far, A.: Digital Forensics Education, Training & Awareness. In: Cyber Crime and Cyber Terrorism Investigator’s Handbook. Elsevier, pp. 91–100 (2014)
Khajeh-Hosseini, A., Greenwood, D., Sommerville, I.: Cloud migration: A Case Study of Migrating an Enterprise IT System to IaaS. IEEE, Miami (2010)
Khoshkholghi, M.A., et al.: Disaster recovery in cloud computing: a survey. Comput. Inf. Sci. 7(4), 39–54 (2014)
Kumar, M.K.: Software as a service for efficient cloud computing. IJRET: Int. J. Res. Eng. Technol. 3(1), 178–184 (2014)
Martini, B., Choo, K.: An integrated conceptual digital forensic framework for cloud computing. Digit. Investig. 9, 71–80 (2012)
NIST: NIST Cloud Computing Forensic Science Challenges - NISTIR8006. NIST Cloud Computing Forensic Science Working Group - Information Technology Laboratory (2014)
OpenStack. OpenStack Open Source Cloud Computing Software (2016). http://www.openstack.org/
Orton, I., Alva, A., Endicott-Popovsky, B.: Legal process and requirements for cloud forensic investigations. In: CyberCrime and Cloud Forensics: Applications for Investigation Processes. IGI Global (2013)
Pulsant Business Limited: Rethinking Business Continuity with the Cloud. Pulsant, Reading (2015)
Romgovind, S., Eloff, M.M., Smith, E.: The Management of Security in Cloud Computing, pp. 1–7. IEEE, Johannesburg (2010)
Roussev, V., Wang, L., Richard, G., Marziale, L.: A cloud computing platform for large-scale forensic computing. Advances in Digital Forensics, pp. 201–214. Springer, Heidelberg (2009)
Sammons, J.: The Basics of Digital Forensics, 2nd edn. Elsevier, Waltham (2015)
Smith, D.M.: Hype cycle for cloud computing (white paper). Gartner Inc. (2011)
Subashini, S., Kavitha, V.: A survey on security issues in service delivery models of cloud computing. J. Netw. Comput. Appl. 34(1), 1–11 (2011)
Takabi, H., Joshi, J.B., Ahn, G.: Security and privacy challenges in cloud computing environments. IEEE Computer and Reliability Societies (2010)
The National Archives. Police and Justice Act 2006 (2006). http://www.legislation.gov.uk/ukpga/2006/48/contents
Theirm.org: A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 (2010). https://www.theirm.org/media/886062/ISO3100_doc.pdf. Accessed 2016
Tianfield, H.: Security Issues in Cloud Computing. IEEE, Seoul (2012)
Zhou, M., et al.: Security and privacy in cloud computing: a survey, pp. 105–112 (2010)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Jahankhani, H., Hosseinian-Far, A. (2017). Challenges of Cloud Forensics. In: Chang, V., Ramachandran, M., Walters, R., Wills, G. (eds) Enterprise Security. ES 2015. Lecture Notes in Computer Science(), vol 10131. Springer, Cham. https://doi.org/10.1007/978-3-319-54380-2_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-54380-2_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54379-6
Online ISBN: 978-3-319-54380-2
eBook Packages: Computer ScienceComputer Science (R0)