As the use of internet
has grown massively in past years, internet has widened its use by providing
business over the cloud. (Gartner, 2013), predicted that
cloud market would grow up by 18% in 2013, this is a considerably high growth
which shows that business is shifting to cloud networks. As this ratio of cloud
service increases there is a higher chance of cyber crime activity. When there is
a cyber crime over the cloud, a digital investigation will be performed over
the cloud system, referred as Cloud Forensics. Cloud Forensics heavily rely on
Cloud Computing as it has all the digital evidence that is required to perform
According to (Lukan, 2014), there are several
ways of deploying Cloud Computing, following are models of Cloud Computing
Cloud: This is owned by organization itself and
is not accessible for any other organization. Organization can have their own
Private Cloud behind a firewall. All services are privately accessible.
Cloud: Public cloud allows interaction with
public. Amazon Web Services (AWS) is an example.
Cloud: Services over this cloud is used by
several companies to reduce their cost as compared to Private Cloud
Cloud: This cloud implements features of
different clouds, for example, some content in a private cloud are accessible
through Public cloud.
Cloud: Services are distributed among several
machines on different location, but they are on the same network.
For every organization
there are different requirements when they acquire cloud computing services. Following
are available service models for Cloud Computing:
Infrastructure as a Service (IaaS), deals with provision of a complete
infrastructure which includes firewall, routers, physical/virtual machines
(hypervisor) etc. An entire infrastructure can be rented.
Platform as a Service (PaaS), it provides a platform like an Operating System,
Data base system, web server etc.
Software as a Service (SaaS), unlike previous models, SaaS only provide
appropriate access to specific applications that are rented.
When an organization
rents cloud computing services then it is depending on computer network of a
different organization. If an attack occurs on that network and there is an
economic loss in its business, then the organization will hire a Forensics
Expert to investigate the issue. This expert would require access to that cloud
network to perform analysis. This is very challenging as that network is not
owned by the organization which limits access permission for forensics expert
as the service provider is providing services to many organizations and they
are obliged to keep everyone’s privacy according to law. Basic process for
Cloud Forensics is same as Computer Forensics, the difference occurs when
Forensics Experts are limited to acquire evidence and they must not disturb
business operations in any way as other customers are also using those networks.
According to (Jariwala, 2013), for cloud forensics,
investigator need to be aware of these multi-dimensional issues as below
Issues: It requires tools to perform Forensics
investigation over the network.
Issues: It includes both Organizations, the
customer and service provider, if the service provider had outsourced those
network, then it will make it more difficult to investigate as it will involve
Issues: It is very important issue as an
investigator must not breach law during investigation to damage any
organization and their customers.
Cloud Forensics Challenges
When investigating over
the cloud, there are many challenges on each stage of process, if data is
spread across different machine and in different location, then it becomes problematic
to deal with. If there is some deleted data on these machines it would make the
job more expensive and tough to recover them. If investigation is performed
from customer side, then there is no access for log files and for that they
need to ask the service provider.
According to (Grispos, et al., 2012), following are
challenges in each stage of DFRW Investigative Process Model (DIP) with ACPO
of crime in relation to computer-based systems.
of specialized tools
services are used for storage
standards, procedures; proprietary technology
issues when making images and storing on cloud
on different location gives different time stamps
is stored on various locations, making physical access harder
methods, software and hardware
of appropriate methods in cloud computing context
vs Dead acquisition
from service provider is a tough job and consumes time.
of write blocks on cloud services and data
of certified tools
issues at service provider
occurring on different platforms
of evidence from various sources
to explain to court about Cloud Computing concept
To sum up, IT business is
spreading faster with growing demand to acquire cloud services which can help
in reducing cost, on the other hand, crime is one thing that can never be
diminished completely, cybercrime is also spreading at the same pace, Cloud
Forensics is a process that can help in revealing these criminals, but its investigation
involves many challenges as more than one organizations are required to help in
the process. It consumes more time than normal forensics procedures as it
requires acquisition of data from multiple source with legal issues of each
region as well as service provider policy issues. Lack of required hardware and
software for Cloud Forensics investigation. Time issue arises when data is
acquired from multiple sources and presenting in court is also an additional
issue. On each stage of investigation, there are numerous issues which makes it
very hard to investigate the case. Currently, Cloud Computing usage is
escalating with time due to low cost and feasibility, but Cloud Forensics is
facing critical challenges which demands research to be done in this domain to
help in improving Cloud Forensics.