Cloud computing is a rapidly growing paradigm with numerous complexities. Its fundamental properties have resulted in substantial cost savings in information technology, resulting in commercials and the government’s rapid espousal of cloud computing (Ruan et al., 2011). cloud service providers operate data centers worldwide to assure service availability and cost-effectiveness. Data stored in a single data center is replicated in many places to assure abundance and minimize the possibility of failure. Additionally, the separation of forensic obligations between and customers varies according to the service models deployed. Similarly, the interactions between various tenants sharing the same cloud resources vary depending on the deployment strategy.
The default configuration of cloud forensics supports many nations and multi-tenancy, which further complicates legal issues. For the most part, cloud forensic investigations need complex interactions between cloud service providers and their customers, resource sharing across a large number of tenants, and international law enforcement coordination (Ruan et al., 2011). Exploring cloud forensics’s technical, organizational, and legal aspects are critical for conducting a more in-depth investigation and demonstrating that cloud forensics is a multi-dimensional issue rather than a purely technological one.
Challenges of Cloud Computing in Digital Forensics
Cloud computing presents various issues for digital forensics. Only a few examples are mentioned, such as locating evidence, data location, evidence identification, and encryption. When erasing cloud data, the nodes in virtual instances that point to it are usually destroyed. The sheer volume of data and users in a cloud environment decreases the number of backups the CSP will retain. Whether private, communal, public, or hybrid, each cloud service and deployment model limit users’ access to forensic data. The methods utilized to extract forensic data differ based on the cloud model implemented. Access to forensic data is restricted, resulting in a lack of awareness and control over data locations. A place is merely an “entity” or “container” at the most abstract level. To optimize data transmission and replication, CSP masks data locations. Finding proof in a constantly changing system is difficult since examiners are unaware of where or how data is stored. Because CSPs can move data across data centers and geographical locations, many unknowns exist about cloud storage and retrieval. Only a few key exceptions exist in cloud computing environments where redundant traces or data are not available or are not created or handled similarly to non-cloud systems. The software designer’s intent often limits a record’s contents because user-based authentication and access constraints are implemented in programs rather than the operating system
Encryption also remains a challenge in digital forensics. Computer data is increasingly being protected by encryption methods, complicating forensic investigators’ matters (Birk & Wegener, 2011). Digital evidence cannot be located using forensic methods without a decryption key. However, even with the key, decrypting the data may be difficult and time-consuming. Digital forensics conducts investigations and develops digital evidence against criminals to solve crimes involving electronic devices and computers. While encryption and related techniques continue to be widely employed in digital forensics, their use is rising at a breakneck pace. The quantity of information that investigators can access is limited. When a hard drive is encrypted, digital forensic investigators have few investigation choices. This is because they need to determine the amount of encrypted data, hence making it tough to conduct investigations
Given all of these factors, there does not appear to be an optimal choice for a single solution or “middle ground.” The question arises whether specific solutions may affect society (as they often do with information), while others probably do not impact at any point when storing such massive amounts as can now be contained within just 30 years of its creation (Simou et al., 2016). Thus, many additional possibilities must exist before reliable conclusions regarding what technology will eventually replace centralized storage could become possible.
Tools and Techniques Used to Combat Cloud Challenges
Examiners and law enforcement agencies also face cloud storage issues due to a lack of well-tested methods for managing cloud storage. Alqahtany et al. (2015) noted a considerable demand for forensic-aware tools for the CSP and its clients to conduct forensic investigations in cloud environments. Therefore, the development of technologies for the detection, collection, and analysis of forensic cloud data is critical. Established methodologies such as Encase and FTK are still commonly employed to collect cloud evidence despite the differences between digital analysis in cloud infrastructure and traditional computing settings. Data collection is the first practical responsibility for the digital investigator.
In the current state, one of the cloud forensic tools is called Forensics OpenStack Tools (FROST). It communicates with the cloud management system instead of the underlying operating system in the virtual machines. FROST is the first forensics solution integrated into a cloud-based IaaS service paradigm (Alqahtany et al., 2015). The person in charge of deploying FROST is CSP. Because of this, confidence in CSP is essential. The virtualization layer, guest operating system, and the host operating system are tested in three stages to gather data. These three studies have successfully obtained data from the cloud-based layer while working remotely from a local computer. It’s important to remember that trust is essential at every level.
Trends in Mitigating Cloud Challenges for Forensic Investigators
In the cloud, forensic investigators may have difficulty mitigating issues. Evidence must be safeguarded from the time of the event and investigation through the conclusion of the investigation. Additionally, evidence may be dispersed among servers and regions. Throughout the investigation, a cloud node or connection point may have numerous instances. Additionally, when performing the examination, it will be essential to clean the nodes. This new cloud computing technology enables administrators to move issues throughout the cloud at will. If desired, the operating system can also perform this work. If one is having difficulty using the cloud, Server Farming may be a viable option. Finally, evidence is added to the Sandbox. By examining the provenance of the historical data, one can ascertain its origins. Similarly, proper training is essential to ensure an investigation is conducted effectively with any new forensic equipment or approach. As a result, the investigator must guarantee that any software utilized as a method of investigation has been assessed and approved before adopting it.
As an alternative to relying on a CSP, Alqahtany et al. (2015) propose a cloud management plan or API for users to acquire forensic data. Despite this, the CSP retains a wealth of vital forensic data, including deleted files from the hard disk and temporary record logs. This type of data can be retrieved only with the CSP’s participation. Additional concerns, such as reliance on the CSP, have been highlighted but not overcome. Among the issues are trust, reaction speed, admissibility of evidence, and a single point of failure (Alqahtany et al., 2015). Another significant problem for cloud investigators is the convergence of a succession of events emanating from various jurisdictions and authorities. Until now, investigators have been unable to reconstruct the antecedent state of the event with sufficient precision for the reconstructed information to be admissible in court.
The acquisition and integrity of data in the cloud are a cause for concern. A solution is required to maintain control while lowering their dependency on CSPs and making it easier to collect forensic evidence quickly. As a result, the authors must continue to work on developing a forensically compatible IaaS cloud architecture. The goal is to establish a data collecting and analysis paradigm that transfers data ownership from a third party to the data owner. If organizations research in this manner, they can do so without including the CSP. The strategy attempts to produce evidence that is more robust and comprehensive than that currently given by CSPs.
Forensic investigators face an overwhelming barrier when dealing with highly secure encryption. When used in the real world, encryption programs include flaws that can be exploited to decrypt the contents of a disk (Xiang & Luo, 2017). Weaknesses such as lousy password selection or writing down strong passphrases are introduced by using encryption software. Secret and public essential encryption techniques give criminals better security by making it more difficult for forensic investigators to retrieve evidence with solid encryption. DES is a well-known encryption method that theoretically allows the decryption of ciphertext by trying every possible key (Xiang & Luo, 2017). A disadvantage of this strategy is that it requires a lot of processing power to process the enormous number of decryption keys and can take a long time depending on how strong the encryption is.
Nonetheless, additional research is required to properly appreciate the technical aspects of daily cloud system functioning and the financial implications. Additionally, various logging data issues, such as timeline, log review, logging correlation, and log policy monitoring, have not been resolved (Alqahtany et al., 2015). Finally, due to a lack of rules and the establishment of worldwide unity to solve the cross-border issue, legal challenges impede the smooth performance of forensic investigations.
References
Alqahtany, S., Furnell, S., Clark, N. L., & Reich, C. (2015, April). Cloud Forensics: A Review of Challenges, Solutions and Open Problems. Retrieved from https://www.researchgate.net/publication/276277307_Cloud_Forensics_A_Review_of_C hallenges_Solutions_and_Open_Problems.
Birk, D., & Wegener, C. (2011, May). Technical issues of forensic investigations in cloud computing environments. In 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering (pp. 1-10). IEEE.
Molitorisz, S. (2019). Misunderstanding News Audiences: Seven Myths of the Social Media Era, Eiri Elvestad and Angela Phillips (2018). Australian Journalism Review.
Ruan, K., Carthy, J., Kechadi, T., & Crosbie, M. (2011, January). Cloud forensics. In IFIP International Conference on Digital Forensics (pp. 35-46). Springer, Berlin, Heidelberg.
Simou, S., Kalloniatis, C., Gritzalis, S., & Mouratidis, H. (2016). A survey on cloud forensics challenges and solutions. Security and Communication Networks, 9(18), 6285-6314.
Xiang, S., & Luo, X. (2017). Reversible data is hiding in the homomorphic encrypted domain by mirroring the ciphertext group. IEEE transactions on circuits and systems for videotechnology, 28(11), 3099-3110.
write