Cloud Forensics Issues

What is digital forensics? Explore the information of the digital forensics in cloud computing.
 

The study comprises of the information of the Digital Forensics in Cloud Computing. Cloud computing refers to the process of delivering and hosting services over the internet. The main advantages of it are that the user can subscribe the service on the monthly basis or as per usage (Patrascu & Patriciu, 2013). The parallel processing, networking, cryptography are the main information technology aspects through which cloud computing characterises a computing pattern which involves multiple researchers (Martini & Choo, 2012).

The issues that have been facing regarding cloud forensics can be categorised as following.

• Reliance on cloud service provider: The data controls and access to the various cloud models, software as service, infrastructure as a service and platform as a service, by the users and investigators, differs (Sang, 2013). As the user does not have admittance to the application log, the dependency of the investigators on the CSPs or cloud service providers are high regarding SaaS model. In the IaaS model, the investigators are allowed to initiate organising evidence with no assistance of CSP. Without the assistance of CSP, the user can obtain only a high level of logging-related information (Patrascu & Patriciu, 2013).
• Volatile data: The provider does not offer perseverance storage for VM instances. The VM instances are very costly. The important data that resides in the operating system, network and documents become unavailable to the investigators after the user stop the utilisation of a VM. For destroying the digital footprints, the hackers can exploit the situation by terminating VMs after the attack (Ruan et al., 2013).
• Multi-tenancy: Storage resources and cloud-based computing are shared by the multiple users. Regarding illicit and legitimate objectives simultaneous utilizations of the physical structures are done. So it becomes quite challenging for the providers for offer proof to the investigators without violating the honest privacy of tenants (Sang, 2013).
• Legal Issues: In order to search warrant evidence’s of physical location is required which is always not possible in the in public distributed cloud (Martini & Choo, 2012). 

The digital investigation refers to the process of governing the forensic evidence of information. In respect of the technical perspective, it can be stated that the information is available at three distinct phases such as at rest, in motion and in execution.

• Nature and Sources of Proof: In respect of the technical parts of the forensic investigation, the quantity of the possible proof regarding the investigation deviates among the various cloud deployment model and services (Patrascu & Patriciu, 2013).
• Virtual Cloud Instance: In terms of the platform as a service and software as a service, the capability of accessing the virtual instances regarding the process of collecting the evidential data is simply not possible or can be highly limited (Daryabar, Dehghantanha & Udzir, 2013).
• Network layer: The regular cloud service provider does not currently offer any log information from the network entities. Taken as an example, if a malware infects an infrastructure as a service VM, it can be very difficult to obtain any type of routeing related information (Ruan et al., 2013). In the case of the platform as a service and software as a service, thee situation gets more complicated. So from the above discussion, it is clear, the evidence that the investigator receives from the customer service provider or user are deeply affected (Sang, 2013).
• User System: In terms of extracting possible proofs from the user’s system, it entirely depends on the used model of clouds such as SaaS, PaaS and IaaS (Fahdi, Clarke & Furnell, 2013). In the case of an exhaustive forensic investigation, the proof information collected from the browser, the medium of connecting the user to the provided application, the environment must not be omitted (Daryabar, Dehghantanha & Udzir, 2013).

The first toward obtaining a sound working platform is to have the concept of a cloud computing framework.  Te framework contains two primary layers such as management layer and virtualization layer.

Figure 1: The Cloud Framework

The virtualization layer holds workstations that contain the VM’s hosts and comprise of virtually enabled hardware.  The modules in the framework are as following.

• Security: This module handles all the security process in the cloud system. For making the module simple enough that it acts an alarming and intrusion detection module (Dykstra & Sherman, 2013).
• Validation Engine: The module is responsible for receiving new tasks that need to be carried out. It is also responsible for checking out whether the received jobs are actually executable or not (Ruan et al., 2013).
• Virtual Tasks: Constructing the abstraction between the payloads and data requested is the job of these modules (Daryabar, Dehghantanha & Udzir, 2013). The payloads have to be delivered to the cloud based system.
• Scheduler: It is the most crucial module in the framework. It is responsible fro carrying out a scheduler which is based on lease and keeping the balance of the received requests to the inter-autonomous system and same autonomous system (Sibiya, Venter & Fogwill, 2012). For finding the new services, instances and load balancer it communicates with other modules.
• Hypervisor interface: The module comes into use while translation layer is needed for a particular software vendor (Zawoad & Hasan, 2013).
• Load distribution: Both the horizontal and vertical scaling are done in this module. A different application framework must be running for decoupling the code regarding the present underlying time (Chung et al., 2012).
• Internal Cloud API: The module is responsible for establishing the link between the cloud system and the virtualization layer. At every implementation, a common interface has t be offered for making the system more flexible while maintaining the high degree of abstraction (Shirkhedkar & Patil, 2014).
• External Cloud API: The module provides the opportunity to the users for interacting with the system. The module is responsible for providing reasons for adding new tasks in the cloud system. The task requirements are stored and forwarded to the engine component (Chung et al., 2012).

After the presentation of the notions of the cloud framework, the modification in order to construct the cloud computing structure forensic enable is required. The prime objective of the forensic enables framework is to collect all the log and forensic information from the virtual machines which are on gong within the virtualization level (Zawoad & Hasan, 2013). A common interface for cloud forensic has to be developed as a sequence of impartial kernel modules. In addition, through the process user space applications must be disabled or activated at runtime. The objective is to offer the users an opportunity for handling the interface with the kernel building menu. Here comes the concept of the kernel-based virtual machine or KVM (Shirkhedkar & Patil, 2014). It is a completely virtualized application which can be get in the mainline distributions of the Linux kernel. The kernel runs as a hardware with AMD or Intel processor.

In order to test the approach two scenarios have been provided, one is forensic enabled structure and the other is basic cloud computing structure. The nodes accountable by means of management, virtualization, virtual machines storage space and forensics level have been symbolized as a group of servers. The hardware that was utilized was comprised of AMD Phenom II X6, 8GB RAM, 6 cores RAID0 configured hard-disks which runs on KVM and QEMU. The QEMU have been used as a hypervisor interface. In addition with that, the platform was consisting of many other components such as an Intel DualCore, AMD C-60 DualCore, 4GB which acts as and storage layer and 4GB RAM that acts as the management layer (Patrascu & Patriciu, 2014). For the network layer 10/100 MB was used. A Node.JS Modue has been used for the testing. It will allow to get all the parameters from the V8 virtual machine. The test has been conducted through steps such as observe, measure and analyze the network transmission overhead and communication.

#	Lease formation time (mili second)	Lease check (mili second)	Time for Lease mount up (mili second)
1	204	10	1
2	289	11	1
3	205	11	1
4	262	10	1

Technical Challenges

Table 1: Result Table of Lease Manager

6. Conclusion:

From the above study it can be concluded that the digital forensic investigation on cloud is a very critical task. The solutions were very sound and effective. I addition, the solutions were secure and reliable. The discussion of the layers and their characteristics provided the information that assisted in understanding the framework properly. By the days gone, more scientists are getting attracted toward the incident response and computing forensics. The focus of the study was to enhance the safety, availability, security and reliability of the cloud computing system. Due to the geographical distribution and heterogeneity some issues regarding the secure resource management is faced. In various aspects of the system there exist challenges while carrying out tasks of digital forensics on cloud. 

References:

Al Fahdi, M., Clarke, N. L., & Furnell, S. M. (2013). Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions. In Information Security for South Africa, 2013 (pp. 1-8). IEEE.

Chung, H., Park, J., Lee, S., & Kang, C. (2012). Digital forensic investigation of cloud storage services. Digital investigation, 9(2), 81-95.

Daryabar, F., Dehghantanha, A., & Udzir, N. I. (2013). A review on impacts of cloud computing on digital forensics. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(2), 77-94.

Dykstra, J., & Sherman, A. T. (2013). Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform. Digital Investigation, 10, S87-S95.

Martini, B., & Choo, K. K. R. (2012). An integrated conceptual digital forensic framework for cloud computing. Digital Investigation, 9(2), 71-80.

Patrascu, A., & Patriciu, V. V. (2013). Beyond digital forensics. A cloud computing perspective over incident response and reporting. In Applied Computational Intelligence and Informatics (SACI), 2013 IEEE 8th International Symposium on (pp. 455-460). IEEE.

PATRASCU, A., & Patriciu, V. V. (2014). Digital Forensics in Cloud Computing. Advances in Electrical and Computer Engineering, 14(2).

Ruan, K., Carthy, J., Kechadi, T., & Baggili, I. (2013). Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results. Digital Investigation, 10(1), 34-43.

Sang, T. (2013). A log based approach to make digital forensics easier on cloud computing. In Intelligent System Design and Engineering Applications (ISDEA), 2013 Third International Conference on (pp. 91-94). IEEE.

Shirkhedkar, D., & Patil, S. (2014). Design of digital forensic technique for cloud computing. International Journal, 2(6).

Sibiya, G., Venter, H. S., & Fogwill, T. (2012). Digital forensic framework for a cloud environment.

Zawoad, S., & Hasan, R. (2013). Digital forensics in the cloud. ALABAMA UNIV IN BIRMINGHAM.