Introduction
The creation and consumption of information services are changing due to cloud computing. Technology has evolved to include a paradigm of numerous stakeholders, geographical independence, an elastic on-demand supply of computational power, and cloud computing. Internet, servers, processing, storage applications, and services are examples of resources. Through cloud computing, customers can provision and expand computer resources cost-effectively without having to deal with complicated technology or any necessary infrastructure requirements (Achar, 2022). The forensic analysis technique on the web is called cloud forensics, and the conventional means of digital forensics are inadmissible as evidence in legal proceedings for several reasons. Regarding cloud computing and digital forensics, I will discuss challenges faced by the identification, preservation, and acquisition process and give the solutions to these challenges.
Decentralization of data challenges faced in the identification process and proposed solution
The network structure of cloud computing enables data to be generated, stored, analyzed, and disseminated over several data centers and physical equipment dispersed globally and possibly across several different jurisdictions. To achieve redundant information, data is duplicated to other servers. Physical replication and distribution of the stored data inside a data center are done, and the data may be divided across several data centers (CHOI, 2018). The efficiency and accessibility of the data centers affect how the data is distributed. In cloud-based computing environments, where accessibility to remote data centers is unavailable, and the data centers may be located abroad, data stored across several systems or storage devices make it more difficult to identify and collect potential digital evidence. Decreased data centers in foreign nations may present jurisdictional difficulties when searching and demand to find digital evidence. This challenge can be solved using a three-tier structure for cloud forensic investigation based on a pay-as-you-go approach that allows customers to independently tailor forensics using any purchased advanced forensic instrument, including IaaS, PaaS, and SaaS).
Inaccessibility to virtual instances in the preservation stage
Due to extremely restricted or no accessibility to the virtual instances, cloud computing’s virtualization nature affects evidence gathering. Even within the IaaS cloud platform scenario, your cloud service provider (CSP) is already in charge of the user’s virtual machine (VM), the internet infrastructure, the hypervisor, and even the real touchable hardware of the information center. The virtualization of data storage in network computing results in difficulties in identifying and isolating actual storage systems in locations where the information of cloud users can be used or stored. Virtualization of content can be dispersed among various regions, physical devices, and legal jurisdictions. Virtual servers may require gathering evidence using virtualization software, affecting the chain of custody, the evidence’s reliability, and the court evidence’s validity. Linkages among VMs, the address of the physical host server, and how data is kept in physical and virtual storage are all opaque from the CSP. Since the data is kept in several VMs inaccessible in cloud virtualization, there is an overall loss of oversight over the investigation process. Opponents can also close down and terminate virtual machines (VMs) to perpetrate crimes. Because the VM is terminated, all supporting data and logs are destroyed. This challenge can be combated by developing a forensic platform that can gather forensic information outside the environment of the cloud in order to decrease dependency on the CSP.
Chain of custody challenge and proposed solution in the acquisition stage
The custody chain is the process through which evidence is located, safeguarded, collected, reviewed, and evaluated for it to be admitted in court. The term “chain of custody” relates to several factors, including the identifying of devices, physical control over the devices, the capture of information, whether the equipment was turned on or off, and how the evidence was stored to guard against future tampering with the evidence. Every person interacting with the data is also listed in the chains of custody. The custody chain of the proof has evolved into a concern in today’s computing environment for the credibility of court evidence (Ali et al., 2018). The investigator cannot provide evidence on the preservation and acquisition of evidential data because she lacks access to the actual servers. In a very dynamic setting, the investigator might have to rely on CSP to collect evidence. Any data gathering or corruption issue might cause major issues in the chain of custody. Therefore the investigator must exclusively depend on the CSP’s assurance that the facts were collected properly. This challenge can be tackled by deploying a hypervisor, which can be reliable for live forensics.
Conclusion
There are still many concerns that cloud forensics must address, which have not been solved by the study to discover solutions. The primary problem with cloud data collection is its wide range of issues. Service providers will need to apply techniques and technologies developed via extensive research to retrieve the data required by prosecutors in a forensically rightful manner. Also, workgroups comprising cloud forensic specialists such as law enforcement, IT specialists, and various cloud parties should spear out these challenges and find long-term solutions that can be implemented in various safe countries where these crimes are committed.
Reference
Achar, S. (2022). Cloud Computing Forensics. International Journal of Computer Engineering and Technology, 13(3). https://www.researchgate.net/profile/Sandesh-Achar/publication/363456595_CLOUD_COMPUTING_FORENSICS/links/631ce115071ea12e3622a6b5/CLOUD-COMPUTING-FORENSICS.pdf
Ali, S. A., Memon, S., & Sahito, F. (2018, August). Challenges and solutions in cloud forensics. In Proceedings of the 2018 2nd International Conference on Cloud and Big Data Computing (pp. 6-10). https://dl.acm.org/doi/abs/10.1145/3264560.3264565
CHOI, D. H. (2021). Digital forensic: Challenges and solution in the protection of corporate crime. The Journal of Industrial Distribution & Business, 12(6), 47–55. https://koreascience.kr/article/JAKO202116542527645.page