A Cloud Forensics Framework to Identify, Gather, and Analyze Cloud Computing Incidents
Received: 2 March 2024 | Revised: 8 March 2024, 22 March 2024, and 28 March 2024 | Accepted: 1 April 2024 | Online: 6 May 2024
Corresponding author: Rafef Al-mugern
Abstract
The focus of cloud forensics is cyber-crime cases, no matter the object, the subject, or the environment involved. Each cloud computing environment has a variety of features that make it unique. Challenges associated with cloud forensics can be found at every stage of the digital forensics process. We need to begin by understanding the cloud forensics landscape (the cloud) in order to provide a holistic solution to overcome these challenges. While designing the cloud forensics framework, the elements that make up the cloud should be taken into consideration, which also impact the forensics process within the cloud. An extensive survey of the current state of research in cloud forensics is presented in this paper. Also, a conceptual cloud forensics framework that facilitates the identification, gathering, and analysis of cloud computing events is proposed, utilizing the design science approach. The proposed conceptual cloud forensics framework consists of six stages: identifying incidents, gathering evidence, preserving evidence, analyzing incidents, documenting incidents, and investigating post-incident events. Each stage has several activities and tasks to assist investigators dealing with cloud computing events. Unlike traditional approaches to cloud forensic investigations, the conceptual framework developed in this study is highly applicable.
Keywords:
Clouding computing, Cloud forensics, Digital forensics, Design scienceDownloads
References
S. Singh, Y.-S. Jeong, and J. H. Park, "A survey on cloud computing security: Issues, threats, and solutions," Journal of Network and Computer Applications, vol. 75, pp. 200–222, Nov. 2016.
J. W. Rittinghouse and J. F. Ransome, Cloud Computing: Implementation, Management, and Security. Boca Raton, FL, USA: CRC Press, 2009.
P. Purnaye and V. Kulkarni, "A Comprehensive Study of Cloud Forensics," Archives of Computational Methods in Engineering, vol. 29, no. 1, pp. 33–46, Jan. 2022.
R. Al-Mugerrn, A. Al-Dhaqm, and S. H. Othman, "A Metamodeling Approach for Structuring and Organizing Cloud Forensics Domain," in International Conference on Smart Computing and Application, Hail, Saudi Arabia, Feb. 2023, pp. 1–5.
J. Dykstra and A. T. Sherman, "Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques," Digital Investigation, vol. 9, pp. S90–S98, Aug. 2012.
A. K. Mishra, P. Matta, E. S. Pilli, and R. C. Joshi, "Cloud Forensics: State-of-the-Art and Research Challenges," in International Symposium on Cloud and Services Computing, Mangalore, India, Dec. 2012, pp. 164–170.
E. Oriwoh, D. Jazani, G. Epiphaniou, and P. Sant, "Internet of Things Forensics: Challenges and approaches," in 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, Austin, TX, USA, Oct. 2013, pp. 608–615.
F. Daryabar, A. Dehghantanha, N. I. Udzir, N. F. binti M. Sani, S. bin Shamsuddin, and F. Norouzizadeh, "A survey about impacts of cloud computing on digital forensics," International Journal of Cyber-Security and Digital Forensics, vol. 2, no. 2, pp. 77–95, Apr. 2013.
A. Pichan, M. Lazarescu, and S. T. Soh, "Cloud forensics: Technical challenges, solutions and comparative analysis," Digital Investigation, vol. 13, pp. 38–57, Jun. 2015.
S. Khan et al., "Cloud Log Forensics: Foundations, State of the Art, and Future Directions," ACM Computing Surveys, vol. 49, no. 1, pp. 1–42, Feb. 2016.
M. Harbawi and A. Varol, "An improved digital evidence acquisition model for the Internet of Things forensic I: A theoretical framework," in 5th International Symposium on Digital Forensic and Security, Tirgu Mures, Romania, Apr. 2017, pp. 1–6.
M. E. Alex and R. Kishore, "Forensics framework for cloud computing," Computers & Electrical Engineering, vol. 60, pp. 193–205, May 2017.
A. Pichan, M. Lazarescu, and S. T. Soh, "Towards a practical cloud forensics logging framework," Journal of Informatin Security and Applications, vol. 42, pp. 18–28, Oct. 2018.
M. Alkhanafseh, M. Qatawneh, and W. Almobaideen, "A Survey of Various Frameworks and Solutions in all Branches of Digital Forensics with a Focus on Cloud Forensics," International Journal of Advanced Computer Science and Applications, vol. 10, no. 8, pp. 610–629, Jan. 2019.
R. Fernandes, R. M. Colaco, S. Shetty, and R. Moorthy H., "A New Era of Digital Forensics in the form of Cloud Forensics: A Review," in Second International Conference on Inventive Research in Computing Applications, Coimbatore, India, Jul. 2020, pp. 422–427.
S. A. Ali, S. Memon, and F. Sahito, "Analysis of Cloud Forensics Techniques for Emerging Technologies," in International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications, Tirana, Albania, Dec. 2020, pp. 106–111.
A. Ghosh, D. De, and K. Majumder, "A Systematic Review of Log-Based Cloud Forensics," in Inventive Computation and Information Technologies, S. Smys, V. E. Balas, K. A. Kamel, and P. Lafata, Eds. New York, NY, USA: Springer, 2021, pp. 333–347.
A. A. Khan, A. A. Shaikh, A. A. Laghari, and M. M. Rind, "Cloud forensics and digital ledger investigation: a new era of forensics investigation," International Journal of Electronic Security and Digital Forensics, vol. 15, no. 1, pp. 1–23, Jan. 2023.
E. Bunde, "AI-Assisted and Explainable Hate Speech Detection for Social Media Moderators – A Design Science Approach," in 54th Hawaii International Conference on System Sciences, Maui, HI, USA, Jan. 2021, pp. 1264–1273.
L. A. Holt and M. Hammoudeh, "Cloud Forensics: A Technical Approach to Virtual Machine Acquisition," in European Intelligence and Security Informatics Conference, Uppsala, Sweden, Aug. 2013, pp. 227–227.
A. K. Mishra, E. S. Pilli, and M. C. Govil, "A Prototype Implementation of Log Acquisition in Private Cloud Environment," in 3rd International Conference on Eco-friendly Computing and Communication Systems, Mangalore, India, Dec. 2014, pp. 223–228.
S. Almulla, Y. Iraqi, and A. Jones, "Cloud forensics: A research perspective," in 9th International Conference on Innovations in Information Technology, Al Ain, United Arab Emirates, Mar. 2013, pp. 66–71.
S. Saibharath and G. Geethakumari, "Cloud forensics: Evidence collection and preliminary analysis," in International Advance Computing Conference, Banglore, India, Jun. 2015, pp. 464–467.
S. Alqahtany, N. Clarke, S. Furnell, and C. Reich, "A forensic acquisition and analysis system for IaaS," Cluster Computing, vol. 19, no. 1, pp. 439–453, Mar. 2016.
E. Morioka and M. S. Sharbaf, "Digital forensics research on cloud computing: An investigation of cloud forensics solutions," in Symposium on Technologies for Homeland Security, Waltham, MA, USA, Dec. 2016, pp. 1–6.
N. Thethi and A. Keane, "Digital forensics investigations in the Cloud," in International Advance Computing Conference, Gurgaon, India, Feb. 2014, pp. 1475–1480.
S. Alqahtany, N. Clarke, S. Furnell, and C. Reich, "A forensic acquisition based upon a cluster analysis of non-volatile memory in IaaS," in 2nd International Conference on Anti-Cyber Crimes, Abha, Saudi Arabia, Mar. 2017, pp. 123–128.
R. Jabir and O. Alfandi, "Cloud Digital Forensics Evaluation and Crimes Detection," in International Conference on Emerging Technologies for Developing Countries, Cotonou, Benin, Dec. 2018, pp. 171–180.
E. E.-D. Hemdan and D. H. Manjaiah, "CFIM: Toward Building New Cloud Forensics Investigation Model," in Innovations in Electronics and Communication Engineering, H. S. Saini, R. K. Singh, and K. S. Reddy, Eds. New York, NY, USA: Springer, 2018, pp. 545–554.
V. R. Kebande and H. S. Venter, "On digital forensic readiness in the cloud using a distributed agent-based solution: issues and challenges," Australian Journal of Forensic Sciences, vol. 50, no. 2, pp. 209–238, Mar. 2018.
V. R. Kebande and H. S. Venter, "Novel digital forensic readiness technique in the cloud environment," Australian Journal of Forensic Sciences, vol. 50, no. 5, pp. 552–591, Sep. 2018.
M. A. Pramanik, "CeFF: A Frameword for Forensics Enabled Cloud Investigation," M.S. thesis, University of East London, London, UK, 2019.
S. A. Kristyan, Suhardi, and T. Juhana, "Modeling Cloud Forensics Readiness using MetaAnalysis Approach," in International Conference on Information Technology Systems and Innovation, Bandung, Indonesia, Oct. 2020, pp. 364–369.
S. N. Joshi and G. R. Chillarge, "Secure Log Scheme for Cloud Forensics," in Fourth International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, Oct. 2020, pp. 188–193.
J. Williams, A. MacDermott, K. Stamp, and F. Iqbal, "Forensic Analysis of Fitbit Versa: Android vs iOS," in Security and Privacy Workshops, San Francisco, CA, USA, Dec. 2021, pp. 318–326.
E. E.-D. Hemdan and D. H. Manjaiah, "An efficient digital forensic model for cybercrimes investigation in cloud computing," Multimedia Tools and Applications, vol. 80, no. 9, pp. 14255–14282, Apr. 2021.
V. R. Kebande, N. Karie, R. Ikuesan, and H. S. Venter, "Ontology-driven perspective of CFRaaS," WIREs Forensics Science, vol. 2, no. 5, 2020, Art. no. e1372.
Downloads
How to Cite
License
Copyright (c) 2024 Rafef Al-mugern, Siti Hajar Othman, Arafat Al-Dhaqm, Abdulalem Ali
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
