A forensic acquisition and analysis system for IaaS

Saad Alqahtany, Nathan Clarke, Steven Furnell, Christoph Reich
2015 Cluster Computing  
Cloud computing is a promising next-generation computing paradigm that offers significant economic benefits to both commercial and public entities. Furthermore, cloud computing provides accessibility, simplicity, and portability for its customers. Due to the unique combination of characteristics that cloud computing introduces (including on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service), digital investigations face various technical, legal,
more » ... nd organizational challenges to keep up with current developments in the field of cloud computing. There are a wide variety of issues that need to be resolved in order to perform a proper digital investigation in the cloud environment. This paper examines the challenges in cloud forensics that are identified in the current research literature, alongside exploring the existing proposals and technical solutions addressed in the respective research. The open problems that need further effort are highlighted. As a result of the analysis of literature, it is found that it would be difficult, if not impossible, to perform an investigation and discovery in the cloud environment without relying on cloud service providers (CSPs). Therefore, dependence on the cloud service providers (CSPs) is ranked as the greatest challenge when investigators need to acquire evidence in a timely yet forensic manner from cloud systems. Thus, a fully independent model requires no intervention or cooperation from the cloud provider is proposed. This model provides a different approach to a Forensic Acquisition and Analysis System (FAAS) in an Infrastructure as a Service (IaaS) model. FAAS seeks to provide a richer and more complete set of admissible evidence than what current CSPs provide, with no requirement for CSP involvement or modification to the CSP's underlying architecture.
doi:10.1007/s10586-015-0509-x fatcat:c7sz6snrjjd7lot6cxmq6ljyjy