International Journal of

ADVANCED AND APPLIED SCIENCES

EISSN: 2313-3724, Print ISSN: 2313-626X

Frequency: 12

line decor
  
line decor

 Volume 9, Issue 3 (March 2022), Pages: 19-30

----------------------------------------------

 Review Paper

 Title: A survey on issues in cloud forensics with an experiment on time consumption

 Author(s): K. H. A. Hettige 1, *, M. S. D. Fernando 2

 Affiliation(s):

 1Department of Computing, Rajarata University of SriLanka, Anuradhapura, Sri Lanka
 2Department of Computer Science and Engineering, University of Moratuwa, Moratuwa, Sri Lanka

  Full Text - PDF          XML

 * Corresponding Author. 

  Corresponding author's ORCID profile: https://orcid.org/0000-0002-8471-0821

 Digital Object Identifier: 

 https://doi.org/10.21833/ijaas.2022.03.003

 Abstract:

Forensic investigations on cloud platforms are an oft-discussed topic in current digital forensics. Significant growth in cloud platforms is expected in the coming decade. With such growth, cloud forensic investigations may require substantial changes in their approach. The paper surveys the most mentioned issues in cloud forensic literature. It is followed by a description of some of our current work aimed at solving those issues. The first issue that we tried to analyze was the issue of the trustworthiness of the evidence. We identified that the trustworthiness of the Cloud Service Providers is hardly discussed in the literature. Based on previous publications on similar issues on standalone computers, we provided an algorithm as an initial answer to the issue. The algorithm checks for the integrity of the evidence which will be affected in a tampering attempt. The next issue that we considered was time-taken for analysis (time complexity of forensic tools). While the issue has been indicated many times in the literature, we did not find many detailed experiments conducted with tools to observe the processing time over data source size. Therefore, the paper includes the results of an experiment that was performed using an Autopsy forensic tool to measure the time complexity of its operation with a number of source files with increasing sizes. Results indicated that the analyzing times usually increased with the size of the source file and that it might become unmanageable with increasing sizes. 

 © 2022 The Authors. Published by IASE.

 This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

 Keywords: Digital forensics, Cloud forensics, Most common issues, Time complexity, Autopsy tool

 Article History: Received 3 August 2021, Received in revised form 12 November 2021, Accepted 19 December 2021

 Acknowledgment 

No Acknowledgment.

 Compliance with ethical standards

 Conflict of interest: The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

 Citation:

 Hettige KHA and Fernando MSD (2022). A survey on issues in cloud forensics with an experiment on time consumption. International Journal of Advanced and Applied Sciences, 9(3): 19-30

 Permanent Link to this page

 Figures

 Fig. 1 Fig. 2

 Tables

 Table 1 Table 2 Table 3 Table 4 Table 5 Table 6  

----------------------------------------------    

 References (32)

  1. Baar VRB, Beek VHM, and Eijk VEJ (2014). Digital forensics as a service: A game changer. Digital Investigation, 11: S54-S62. https://doi.org/10.1016/j.diin.2014.03.007   [Google Scholar]
  2. Beek VHM, Eijk VEJ, Baar VRB, Ugen M, Bodde JNC, and Siemelink AJ (2015). Digital forensics as a service: Game on. Digital Investigation, 15: 20-38. https://doi.org/10.1016/j.diin.2015.07.004   [Google Scholar]
  3. Dykstra J and Sherman AT (2011). Understanding issues in cloud forensics: Two hypothetical case studies. UMBC Computer Science and Electrical Engineering Department, Baltimore, USA.   [Google Scholar]
  4. Dykstra J and Sherman AT (2012). Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation, 9: S90-S98. https://doi.org/10.1016/j.diin.2012.05.001   [Google Scholar]
  5. FBI (2007). Regional computer forensics laboratory annual report for fiscal year 2007. Federal Bureau of Investigation, Washington, USA.  
  6. FBI (2013). Piecing together digital evidence-the computer analysis response team. Federal Bureau of Investigation, Washington, USA.  
  7. FBI (2016). Science and technology branch. Federal Bureau of Investigation, Washington, USA.  
  8. Freiling F and Hösch L (2018). Controlled experiments in digital evidence tampering. Digital Investigation, 24: S83-S92. https://doi.org/10.1016/j.diin.2018.01.011   [Google Scholar]
  9. Grispos G, Storer T, and Glisson WB (2012). Calm before the storm: The challenges of cloud computing in digital forensics. International Journal of Digital Crime and Forensics, 4(2): 28-48. https://doi.org/10.4018/jdcf.2012040103   [Google Scholar]
  10. Irons A and Lallie HS (2014). Digital forensics to intelligent forensics. Future Internet, 6(3): 584-596. https://doi.org/10.3390/fi6030584   [Google Scholar]
  11. Jang DI, Ahn GJ, Hwang H, and Kim K (2016). Understanding anti-forensic techniques with timestamp manipulation. In the IEEE 17th International Conference on Information Reuse and Integration, IEEE, Pittsburgh, USA: 609-614. https://doi.org/10.1109/IRI.2016.94   [Google Scholar]
  12. Kent K, Chevalier S, Grance T, and Dang H (2006). Guide to integrating forensic techniques into incident response. NIST Special Publication 800-86, National Institute of Standards and Technology, Gaithersburg, USA. https://doi.org/10.6028/NIST.SP.800-86   [Google Scholar]
  13. Liu F, Tong J, Mao J, Bohn R, Messina J, Badger L, and Leaf D (2011). NIST cloud computing reference architecture. Special Publication 500-292, National Institute of Standards and Technology, Gaithersburg, USA. https://doi.org/10.6028/NIST.SP.500-292   [Google Scholar]
  14. Manral B, Somani G, Choo KK, Conti M, and Gaur MS (2019). A systematic survey on cloud forensics challenges, solutions, and future directions. ACM Computing Surveys, 52(6): 1-38. https://doi.org/10.1145/3361216   [Google Scholar]
  15. Martini B and Choo KKR (2012). An integrated conceptual digital forensic framework for cloud computing. Digital Investigation, 9(2): 71-80. https://doi.org/10.1016/j.diin.2012.07.001   [Google Scholar]
  16. Palmbach D and Breitinger F (2020). Artifacts for detecting timestamp manipulation in NTFS on windows and their reliability. Forensic Science International: Digital Investigation, 32: 300920. https://doi.org/10.1016/j.fsidi.2020.300920   [Google Scholar]
  17. Pichan A, Lazarescu M, and Soh ST (2015). Cloud forensics: Technical challenges, solutions and comparative analysis. Digital Investigation, 13: 38–57. https://doi.org/10.1016/j.diin.2015.03.002   [Google Scholar]
  18. Pollitt MM (2007). An ad hoc review of digital forensic models. In the Second International Workshop on Systematic Approaches to Digital Forensic Engineering, IEEE, Bell Harbor, USA: 43-54. https://doi.org/10.1109/SADFE.2007.3   [Google Scholar]
  19. Povar D, Saibharath and Geethakumari G (2015). Real-time digital forensic triaging for cloud data analysis using MapReduce on Hadoop framework. International Journal of Electronic Security and Digital Forensics, 7(2): 119-133. https://doi.org/10.1504/IJESDF.2015.069602   [Google Scholar]
  20. Quick D and Choo KKR (2014). Data reduction and data mining framework for digital forensic evidence: Storage, intelligence, review and archive. Trends and Issues in Crime and Criminal Justice, 480: 1-11.   [Google Scholar]
  21. Quick D and Choo KKR (2018). Big digital forensic data: Volume 1: Data reduction framework and selective imaging. Springer, Berlin, Germany.   [Google Scholar]
  22. Rani DR and Geethakumari G (2021). A framework for the identification of suspicious packets to detect anti-forensic attacks in the cloud environment. Peer-to-Peer Networking and Applications, 14: 2385–2398. https://doi.org/10.1007/s12083-020-00975-6   [Google Scholar]
  23. Rani DR and Kumari GG (2016). A framework for detecting anti-forensics in cloud environment. In the International Conference on Computing, Communication and Automation, IEEE, Greater Noida, India: 1277-1280. https://doi.org/10.1109/CCAA.2016.7813913   [Google Scholar]
  24. Reilly D, Wren C, and Berry T (2011). Cloud computing: Pros and cons for computer forensic investigations. International Journal Multimedia and Image Processing, 1(1): 26-34. https://doi.org/10.20533/ijmip.2042.4647.2011.0004   [Google Scholar]
  25. Roussev V, Barreto A, and Ahmed I (2016). API-based forensic acquisition of cloud drives. In: Peterson G and Shenoi S (Eds.), IFIP International Conference on Digital Forensics: 213-235. Springer, Cham, Switzerland. https://doi.org/10.1007/978-3-319-46279-0_11   [Google Scholar]
  26. Ruan K and Carthy J (2012). Cloud forensic maturity model. In the International Conference on Digital Forensics and Cyber Crime, Springer, Lafayette, USA: 22-41. https://doi.org/10.1007/978-3-642-39891-9_2   [Google Scholar]
  27. Schneider J, Wolf J, and Freiling F (2020). Tampering with digital evidence is hard: The case of main memory images. Forensic Science International: Digital Investigation, 32: 300924. https://doi.org/10.1016/j.fsidi.2020.300924   [Google Scholar]
  28. Simmon E (2018). Evaluation of cloud computing services based on NIST SP 800-145. NIST Special Publication 500-322, National Institute of Standards and Technology, Gaithersburg, USA. https://doi.org/10.6028/NIST.SP.500-322   [Google Scholar]
  29. Vurukonda N and Rao BT (2016). A study on data storage security issues in cloud computing. Procedia Computer Science, 92: 128-135. https://doi.org/10.1016/j.procs.2016.07.335   [Google Scholar]
  30. Yusoff Y, Ismail R, and Hassan Z (2011). Common phases of computer forensics investigation models. International Journal of Computer Science and Information Technology, 3(3): 17-31. https://doi.org/10.5121/ijcsit.2011.3302   [Google Scholar]
  31. Zawoad S and Hasan R (2013). Cloud forensics: A meta-study of challenges, approaches, and open problems. Available online at: https://arxiv.org/abs/1302.6312
  32. Zhou S, Wu L, and Jin C (2017). A privacy-based SLA violation detection model for the security of cloud computing. China Communications, 14(9): 155-165. https://doi.org/10.1109/CC.2017.8068773   [Google Scholar]