Paper Link: Cloud Forensics: State-of-the-Art and Research Challenges
A. Collecting Evidences: In different cloud deployment models, various approaches are followed to collect the evidences. IaaS provides an export of the virtual hard disk and memory provided to the user. A binary export of the data stored on the hosted software environment is collected in SaaS [1].
B. Evidence Segregation of random log formats: Evidence segregation is a challenge for cloud service providers without breaching the confidentiality of other tenants that share the infrastructure. As the data is collected from different sources is in different file format [1].
C. Service Level Agreements: Due to the lack of customer awareness, there is limited rules and regulations regarding forensic investigations. Most cloud customers are unknown of these issues that may arise in a cloud computing.
D. Transparent behavior: Transparency is needed for trust. Cloud customers want transparency which is not provided in current real world cloud environments. This is needed as a lot of cases sensible data is computed on services running in the cloud. This situation leads to the fact that customers have the legitimate fear of the threat of the unknown. The issue of unknown data location is further enhanced by the technical obfuscation of the underlying infrastructure. The CSP provides almost no information about the system environment in which customer data is stored or processed [2] .
E. Loss of collected digital evidence: Cloud environments theoretically provide a huge amount of potential evidence data that could be used for an investigation, the CSP mostly decides which amount of evidence data can be accessed by the customer. Loss of data leads to further problems during the investigation phases. At the time of investigation in cloud computing environment cloud offers a huge amount of potential forensic data [2].
F. SLA Verification: An SLA represents the understanding between the cloud consumer and cloud provider about the expected level of service to be delivered and, in the event that the provider fails to deliver the service at the level specified, the compensation available to the cloud consumer [3].
Considering the distribution of control between CSP and customer, it becomes apparent that it remains almost impossible for the customer to verify the actual performance of these agreements [2].
There is some challenges associated with cloud based log analysis and forensics decentralization of logs: volatility of logs, archival and retention, accessibility of logs, non existence of logs, absence of critical information in logs, and random log formats [4].
1. K. Ruan, J. Carthy, T. Kechadi, and M. Crosbie, "Cloud Forensics," Advances in Digital Forensics VII, vol. 361, no. IFIP Advances in Information and Communication Technology pp. 35-46, 2011.
2. D. Birk and C. Wegener, "Technical Issues of Forensic Investigations in Cloud Computing Environments," in IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 Bochum, Germany 2011, pp. 1-10.
3. W. Jansen and T. Grance, "Guidelines on security and privacy in public cloud computing," NIST Special Publication, pp. 800-144.
