The document discusses the challenges of cloud forensics. It begins by introducing cloud computing and digital forensics. There are several challenges to cloud forensics including decreased control over forensic data, lack of international collaboration, and different approaches in cloud computing. The document then evaluates the challenges throughout the forensic process of identification, preservation, examination, and presentation. It also discusses some potential solutions and tools for cloud forensics as well as limitations and opportunities for future development.
2. Topics
Introduction
Cloud Computing
Digital & Cloud Forensics
Types of Cloud Services
Types of Clouds
01 Impact of Cloud
Forensics
Researches
Related Work
General Challenges
02
Evaluation of Cloud
Forensics
Challenges/ Process
1. Identification
2. Preservation – Collection
3. Examination – Analysis
4. Presentation
5. Uncategorized
Cloud Forensics Overview – Summary
03
Limitations and
Future Developments
Cloud Forensics Solutions
Tools and Limitations
Future Developments
Conclusion
04
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
3. Cloud Computing?
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
Digital Forensics
Cloud Forensics
Cloud vs Digital Forensics
• Types of Cloud Services
SaaS
PaaS
IaaS
Cloud computing is the future!
• Types of Clouds
Public Cloud
Private Cloud
Hybrid Cloud
1. Introduction to Digital and Cloud Forensics
“Cloud forensics is the application of digital forensics in cloud
computing as a subset of network forensics to gather and
preserve evidence in a way that is suitable for presentation in a
court of law.”
“Cloud Computing is a model for enabling ubiquitous, convenient, on-
demand network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications and services)
that can be rapidly provisioned and released with minimal management
effort or service provider interaction. [8]”
- NIST Special Publication 800-145
Cloud Forensics?
5. 2.1 Related Work & Researches
on Cloud Forensics
1. The First Digital Forensic Research Workshop (DFRWS) [1]
2. The Abstract Digital Forensic model [2] (based on DFRWS model)
3. Integrated Digital Investigation Process model [3]
4. The Enhanced Digital Investigation Process model [4]
5. The hierarchical, objectives-based framework for the digital investigations [5]
6. Forensic Process [6]
7. The Digital Forensic Investigation Framework (DFIF) [7]
8. Digital Forensic Evidence Processes [8]
9. The Harmonized digital forensic investigation process model [2]
10.The Forensic Investigations Process [1] in cloud environments
11. Cloud Forensics Process [3]
12. The Integrated Conceptual Digital Forensic Framework for Cloud Computing [7]
101001101001000010101
0011110111011011011010
101000011100101011001
010100111010100010101
0001011010110110110100
010101110001010100010
1000101110101100010011
010011010010000101010
0111101110110110110101
010000111001010110010
101001110101000101010
0010110101101101101001
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
6. 2.2 General Challenges on
Cloud Forensics
• Jurisdictions.
• External chain of dependencies.
• Different approaches in cloud computing.
• Lack of international collaboration.
• Lack of law/regulation and law advisory.
• Decreased control over forensic data.
• Lack of forensics expertise.
• Hard to isolate an individual user’s data from the others.
• No evidence that links a given data file to a particular suspect.
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
8. 3. Evaluation of Cloud
Forensics cont.
• Integrity and Stability.
• Privacy.
• Time Synchronization.
• Internal Staffing.
• Chain of Custody.
• Imaging.
• Bandwidth Limitation.
• Multi-jurisdiction.
• Multi-tenancy.
Challenges/ Process
2. Preservation – Collection Stage
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
101001101001000010101
0011110111011011011010
101000011100101011001
010100111010100010101
0001011010110110110100
010101110001010100010
1000101110101100010011
010011010010000101010
0111101110110110110101
010000111001010110010
101001110101000101010
0010110101101101101001
9. 3. Evaluation of Cloud
Forensics cont.
• Lack of Forensic Tools.
• Volume of Data.
• Encryption.
• Reconstruction.
• Unification of Log Formats.
• Identity.
Challenges/ Process
3. Examination - Analysis Stage
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
10. 3. Evaluation of Cloud
Forensics cont.
• Complexity of Testimony.
• Documentation.
Challenges/ Process
4. Presentation Stage
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
• Compliance Issues.
5. Uncategorized
11. 3. Evaluation of Cloud
Forensics cont.
√ denotes that a challenge is present, and X denotes that a
challenge is not present according to the referenced authors.
Cloud Forensics Overview – Summary
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
Table 1. Cloud Forensics Challenges Overview [15]
12. 4. Limitations and Future
Developments
1. Encase Enterprise
2. Accessdata FTK
3. FROST
4. UFED cloud analyzer
5. Docker Forensics Toolkit & Docker Explorer
6. Diffy (by Netflix)
4.1 Cloud Forensics Solutions
Tools
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
Cloud Forensics Tools & its Limitations?
13. 4. Limitations and Future
Developments cont.
1. Cloud infrastructure dependability
2. Time synchronization in a cloud context
3. Expansion of endpoints
4. Virtualization & shared infrastructure
5. FaaS (Forensics as a Service)
4.2 Cloud Forensics Solutions
Open Issues, and Future Research
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
Conclusion
Future?
• Existing Cloud Forensics Solutions
• Cloud Forensics & Future Developments
14. References
[1] N. Vaidya, "Cloud Forensics: Trends and Challenges," INTERNATIONAL JOURNAL OF ENGINEERING RESEARCH & TECHNOLOGY
(IJERT), Sep. 29, 2020. (accessed May. 15, 2022).
[2] S. Simou, C. Kalloniatis, H. Mouratidis and S. Gritzalis, "A survey on cloud forensics challenges and solutions," Security and
Communication Networks, vol. 09, no. 09, Sep. 2020, doi: 10.1002/sec.1688.
[3] E. Morioka and M. S. Sharbaf, "Digital Forensics Research on Cloud Computing: An investigation of Cloud Forensics Solutions,"
Department of Computer Science, Mar. 2021.
[4] C. Kalloniatis, S. Simou, E. Kavakli and "Cloud Forensics: Identifying the Major Issues and Challenges," Journals | Oxford Academic, Nov.
8, 2020. (accessed Jan. 17, 2022).
[5] "Cloud Forensics Basic Concepts and Tools in 2022," Eescorporation, Mar. 5, 2019. https://www.eescorporation.com/cloud-forensics-
concepts-and-tools/(accessed May. 11, 2022).
[6] N. Lim, "Cloud Forensics and the Digital Crime Scene," AppDirect Blog, Jul. 1, 2021. https://www.appdirect.com/blog/cloud-forensics-and-
the-digital-crime-scene (accessed May. 14, 2022).
[7] "Market Trends Report: Cloud Forensics in Today’s World," The EC-Council Cyber Research report, Sep. 16, 2021.
https://cisomag.eccouncil.org/market-trends-report-cloud-forensics-in-todays-world/(accessed May. 18, 2022).
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
15. References
[8] "Cloud Forensics: Open Issues, Challenges and Future Research Opportunities," CYBER SECURITY & NETWORK
FORENSICSRESEARCH, Oct. 18, 2021. https://insights2techinfo.com/cloud-forensics-open-issues-challenges-and-future-research-
opportunities/(accessed May. 16, 2022).
[9] Martini B, Choo KKR. An integrated conceptual digital forensic framework for cloud computing. Digital Investigation 2014; 9(2):71–80.
[10] Chen G. Du Y, Qin P, Du J. Suggestions to digital forensics in cloud computing ERA. In Network Infrastructure and Digital Content (IC-
NIDC), 20123rd IEEEInternational Conference on. IEEE, 2016; 540–544
[11] Ruan K, Carthy J, Kechadi T, Crosbie M. Cloud forensics: an overview. In Advances in Digital Forensics VII, 7th IFIP WG 11.9
International Conference on Digital Forensics, Vol. 361, Peterson G, Shenoi S (eds). Springer: Berlin Heidelberg, 2019; 35–46.
[12] Zhou L, Varadharajan V, Hitchens M. Achieving secure role-based access control on encrypted data in cloud storage. Information
Forensics and Security IEEE Transactions on IEEE 2013; 8(12):1947–1960.
[13] Sang T. A log-based approach to make digital forensics easier on cloud computing. In Proceedings of the Intelligent System Design and
Engineering Applications (ISDEA), 2013 3rd International Conference on. IEEE, 2013; 91–94.
[14] Zimmerman S, Glavach D. Cyber forensics in the cloud. IA Newsletter 2016; 14(1):4–7
[15] Valjarevic A, Venter HS. Harmonised digital forensic investigation process model. In Information Security
for South Africa (ISSA). IEEE: Johannesburg, Gauteng, 2012; 1–10.
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062
16. THANK YOU
Stay Home Stay Safe
IT19154404 R. A. Shehan Sanjula Cyber Forensics and Incident Response - IE4062