1.1. same network. For every organization there

1.1.       
Introduction

As the use of internet
has grown massively in past years, internet has widened its use by providing
business over the cloud. (Gartner, 2013), predicted that
cloud market would grow up by 18% in 2013, this is a considerably high growth
which shows that business is shifting to cloud networks. As this ratio of cloud
service increases there is a higher chance of cyber crime activity. When there is
a cyber crime over the cloud, a digital investigation will be performed over
the cloud system, referred as Cloud Forensics. Cloud Forensics heavily rely on
Cloud Computing as it has all the digital evidence that is required to perform
analysis.

1.2.       
Cloud Computing

According to (Lukan, 2014), there are several
ways of deploying Cloud Computing, following are models of Cloud Computing

·        
Private
Cloud: This is owned by organization itself and
is not accessible for any other organization. Organization can have their own
Private Cloud behind a firewall. All services are privately accessible.

·        
Public
Cloud: Public cloud allows interaction with
public. Amazon Web Services (AWS) is an example.

·        
Community
Cloud: Services over this cloud is used by
several companies to reduce their cost as compared to Private Cloud

·        
Hybrid
Cloud: This cloud implements features of
different clouds, for example, some content in a private cloud are accessible
through Public cloud.

·        
Distributed
Cloud: Services are distributed among several
machines on different location, but they are on the same network.

For every organization
there are different requirements when they acquire cloud computing services. Following
are available service models for Cloud Computing:

·        
IaaS:
Infrastructure as a Service (IaaS), deals with provision of a complete
infrastructure which includes firewall, routers, physical/virtual machines
(hypervisor) etc. An entire infrastructure can be rented.

·        
PaaS:
Platform as a Service (PaaS), it provides a platform like an Operating System,
Data base system, web server etc.

·        
SaaS:
Software as a Service (SaaS), unlike previous models, SaaS only provide
appropriate access to specific applications that are rented.

1.3.       
Cloud Forensics

When an organization
rents cloud computing services then it is depending on computer network of a
different organization. If an attack occurs on that network and there is an
economic loss in its business, then the organization will hire a Forensics
Expert to investigate the issue. This expert would require access to that cloud
network to perform analysis. This is very challenging as that network is not
owned by the organization which limits access permission for forensics expert
as the service provider is providing services to many organizations and they
are obliged to keep everyone’s privacy according to law. Basic process for
Cloud Forensics is same as Computer Forensics, the difference occurs when
Forensics Experts are limited to acquire evidence and they must not disturb
business operations in any way as other customers are also using those networks.

According to (Jariwala, 2013), for cloud forensics,
investigator need to be aware of these multi-dimensional issues as below

·        
Technical
Issues: It requires tools to perform Forensics
investigation over the network.

·        
Organizational
Issues: It includes both Organizations, the
customer and service provider, if the service provider had outsourced those
network, then it will make it more difficult to investigate as it will involve
more organizations.

·        
Legal
Issues: It is very important issue as an
investigator must not breach law during investigation to damage any
organization and their customers.

1.4.       
Cloud Forensics Challenges

When investigating over
the cloud, there are many challenges on each stage of process, if data is
spread across different machine and in different location, then it becomes problematic
to deal with. If there is some deleted data on these machines it would make the
job more expensive and tough to recover them. If investigation is performed
from customer side, then there is no access for log files and for that they
need to ask the service provider.

According to (Grispos, et al., 2012), following are
challenges in each stage of DFRW Investigative Process Model (DIP) with ACPO
guidelines.

Phase

Action

Challenges

Identification

Identification
of crime in relation to computer-based systems.

Lack
of Framework

Preservation

Software

Lack
of specialized tools

Sufficient
Storage

Cloud
services are used for storage

Chain
of custody

Cross-jurisdictional
standards, procedures; proprietary technology

Media
Imaging

Legal
issues when making images and storing on cloud

Time
Issue

Evidence
on different location gives different time stamps

Legal
Issue

Data
is stored on various locations, making physical access harder

Approved
methods, software and hardware

Lack
of appropriate methods in cloud computing context

Live
vs Dead acquisition

Acquiring
from service provider is a tough job and consumes time.

Integrity

Lack
of write blocks on cloud services and data

Examination

Software

Lack
of certified tools

Data
recovery

Privacy
issues at service provider

Tracing

Events
occurring on different platforms

Presentation

Evidence
documentation

Integration
of evidence from various sources

Testimony

Tough
to explain to court about Cloud Computing concept

 

1.5.       
Conclusion

To sum up, IT business is
spreading faster with growing demand to acquire cloud services which can help
in reducing cost, on the other hand, crime is one thing that can never be
diminished completely, cybercrime is also spreading at the same pace, Cloud
Forensics is a process that can help in revealing these criminals, but its investigation
involves many challenges as more than one organizations are required to help in
the process. It consumes more time than normal forensics procedures as it
requires acquisition of data from multiple source with legal issues of each
region as well as service provider policy issues. Lack of required hardware and
software for Cloud Forensics investigation. Time issue arises when data is
acquired from multiple sources and presenting in court is also an additional
issue. On each stage of investigation, there are numerous issues which makes it
very hard to investigate the case. Currently, Cloud Computing usage is
escalating with time due to low cost and feasibility, but Cloud Forensics is
facing critical challenges which demands research to be done in this domain to
help in improving Cloud Forensics.