• Title/Summary/Keyword: cloud computing forensics

Search Result 13, Processing Time 0.017 seconds

A Digital Forensic Framework Design for Joined Heterogeneous Cloud Computing Environment

  • Zayyanu Umar;Deborah U. Ebem;Francis S. Bakpo;Modesta Ezema
    • International Journal of Computer Science & Network Security
    • /
    • v.24 no.6
    • /
    • pp.207-215
    • /
    • 2024
  • Cloud computing is now used by most companies, business centres and academic institutions to embrace new computer technology. Cloud Service Providers (CSPs) are limited to certain services, missing some of the assets requested by their customers, it means that different clouds need to interconnect to share resources and interoperate between them. The clouds may be interconnected in different characteristics and systems, and the network may be vulnerable to volatility or interference. While information technology and cloud computing are also advancing to accommodate the growing worldwide application, criminals use cyberspace to perform cybercrimes. Cloud services deployment is becoming highly prone to threats and intrusions. The unauthorised access or destruction of records yields significant catastrophic losses to organisations or agencies. Human intervention and Physical devices are not enough for protection and monitoring of cloud services; therefore, there is a need for more efficient design for cyber defence that is adaptable, flexible, robust and able to detect dangerous cybercrime such as a Denial of Service (DOS) and Distributed Denial of Service (DDOS) in heterogeneous cloud computing platforms and make essential real-time decisions for forensic investigation. This paper aims to develop a framework for digital forensic for the detection of cybercrime in a joined heterogeneous cloud setup. We developed a Digital Forensics model in this paper that can function in heterogeneous joint clouds. We used Unified Modeling Language (UML) specifically activity diagram in designing the proposed framework, then for deployment, we used an architectural modelling system in developing a framework. We developed an activity diagram that can accommodate the variability and complexities of the clouds when handling inter-cloud resources.

Digital Forensic Investigation of Virtual Desktop Infrastructure (가상 데스크톱 환경에 대한 디지털 포렌식 연구)

  • Jang, Sanghee;Kim, Deunghwa;Park, Jungheum;Kang, Cheulhoon;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.2
    • /
    • pp.203-212
    • /
    • 2013
  • Recently, cloud computing is one of the parts showing the biggest growth in the IT market and is expected to continue to grow into. Especially, many companies are adopting virtual desktop infrastructure as private cloud computing to achieve in saving the cost and enhancing the efficiency of the servers. However, current digital forensic investigation methodology of cloud computing is not systematized scientifically and technically. To do this, depending on the type of each cloud computing services, digital evidence collection system for the legal enforcement should be established. In this paper, we focus on virtual desktop infrastructure as private cloud computing and introduce the most widely used around the world desktop virtualization solutions of VMware, Citrix, and Microsoft. And We propose digital forensic investigation methodology for private cloud computing that is constructed by these solutions.

Analysis of Cybercrime Investigation Problems in the Cloud Environment

  • Khachatryan, Grigor
    • International Journal of Computer Science & Network Security
    • /
    • v.22 no.7
    • /
    • pp.315-319
    • /
    • 2022
  • Cloud computing has emerged to be the most effective headway for investigating crime especially cybercrime in this modern world. Even as we move towards an information technology-controlled world, it is important to note that when innovations are made, some negative implications also come with it, and an example of this is these criminal activities that involve technology, network devices, and networking that have emerged as a result of web improvements. These criminal activities are the ones that have been termed cybercrime. It is because of these increased criminal activities that organizations have come up with different strategies that they use to counter these crimes, and one of them is carrying out investigations using the cloud environment. A cloud environment has been defined as the use of web-based applications that are used for software installation and data stored in computers. This paper examines problems that are a result of cybercrime investigation in the cloud environment. Through analysis of the two components in play; cybercrime and cloud environment, we will be able to understand what are the problems that are encountered when carrying out investigations in cloud forensics. Through the use of secondary research, this paper found out that most problems are associated with technical and legal channels that are involved in carrying out these investigations. Investigator's mistakes when extracting pieces of evidence form the most crucial problems that take a lead when it comes to cybercrime investigation in the cloud environment. This paper not only flags out the challenges that are associated with cybercrime investigation in cloud environments but also offer recommendations and suggested solutions that can be used to counter the problems in question here. Through a proposed model to perform forensics investigations, this paper discusses new methodologies solutions, and developments for performing cybercrime investigations in the cloud environment.

Digital Forensics Framework for Cloud Computing (클라우드 환경을 고려한 디지털 포렌식 프레임워크)

  • Lee, Chang-Hoon
    • Journal of Advanced Navigation Technology
    • /
    • v.17 no.1
    • /
    • pp.63-68
    • /
    • 2013
  • Recently, companies seek a way to overcome their financial crisis by reducing costs in the field of IT. In such a circumstance, cloud computing is rapidly emerging as an optimal solution to the crisis. Even in a digital forensic investigation, whether users of an investigated system have used a cloud service is a very important factor in selecting additional investigated subjects. When a user has used cloud services, such as Daum Cloud and Google Docs, it is possible to connect to the could service from a remote place by acquiring the user's log-in information. In such a case, evidence data should be collected from the remote place for an efficient digital forensic investigation, and it is needed to conduct research on the collection and analysis of data from various kinds of cloud services. Thus, this study suggested a digital forensic framework considering cloud environments by investigating collection and analysis techniques for each cloud service.

An Analysis of Google Cloud Data from a Digital Forensic Perspective (디지털 포렌식 관점에서의 구글 클라우드 데이터 분석 연구)

  • Kim, Dohyun;Kim, Junki;Lee, Sangjin
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.24 no.12
    • /
    • pp.1662-1669
    • /
    • 2020
  • Google cloud includes data uploaded and synchronized by users, as well as synchronization history of all cloud services, users' smartphone usage, and location information. Therefore, Google cloud data can be useful for digital forensics from a user behavior analysis perspective. Through this paper, we have identified the types of cloud data that can be acquired using Google's Takeout service and developed a tool that can be usefully utilized in digital forensics research and investigation by screening and analyzing the data required for analyzing user behavior. Because Google cloud data is synchronized through Google accounts regardless of the type of computing device, Google service data used on various devices such as PCs, smartphones, and tablet PCs can be acquired through Google accounts without the device. Therefore, the results of this paper's research are expected to be very useful for digital forensics research and investigation in the current situation.

The Trace Analysis of SaaS from a Client's Perspective (클라이언트관점의 SaaS 사용 흔적 분석)

  • Kang, Sung-Lim;Park, Jung-Heum;Lee, Sang-Jin
    • The KIPS Transactions:PartC
    • /
    • v.19C no.1
    • /
    • pp.1-8
    • /
    • 2012
  • Recently, due to the development of broadband, there is a significant increase in utilizing on-demand Saas (Software as a Service) which takes advantage of the technology. Nevertheless, the academic and practical levels of digital forensics have not yet been established in cloud computing environment. In addition, the data of user behavior is not likely to be stored on the local system. The relevant data may be stored across the various remote servers. Therefore, the investigators may encounter some problems in performing digital forensics in cloud computing environment. it is important to analysis History files, Cookie files, Temporary Internet Files, physical memory, etc. in a viewpoint of client, since the SaaS basically uses the web to connects the internet service. In this paper, we propose the method that analysis the usuage trace of the Saas which is the one of the most popular cloud computing services.

Practical and Legal Challenges of Cloud Investigations (클라우드 환경에서 수사 실무와 법적 과제)

  • James, Joshua I.;Jang, Yunsik
    • The Journal of the Institute of Internet, Broadcasting and Communication
    • /
    • v.14 no.6
    • /
    • pp.33-39
    • /
    • 2014
  • An area presenting new opportunities for both legitimate business, as well as criminal organizations, is Cloud computing. This work gives a strong background in current digital forensic science, as well as a basic understanding of the goal of Law Enforcement when conducting digital forensic investigations. These concepts are then applied to digital forensic investigation of cloud environments in both theory and practice, and supplemented with current literature on the subject. Finally, legal challenges with digital forensic investigations in cloud environments are discussed.

Design and Forensic Analysis of a Zero Trust Model for Amazon S3 (Amazon S3 제로 트러스트 모델 설계 및 포렌식 분석)

  • Kyeong-Hyun Cho;Jae-Han Cho;Hyeon-Woo Lee;Jiyeon Kim
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.2
    • /
    • pp.295-303
    • /
    • 2023
  • As the cloud computing market grows, a variety of cloud services are now reliably delivered. Administrative agencies and public institutions of South Korea are transferring all their information systems to cloud systems. It is essential to develop security solutions in advance in order to safely operate cloud services, as protecting cloud services from misuse and malicious access by insiders and outsiders over the Internet is challenging. In this paper, we propose a zero trust model for cloud storage services that store sensitive data. We then verify the effectiveness of the proposed model by operating a cloud storage service. Memory, web, and network forensics are also performed to track access and usage of cloud users depending on the adoption of the zero trust model. As a cloud storage service, we use Amazon S3(Simple Storage Service) and deploy zero trust techniques such as access control lists and key management systems. In order to consider the different types of access to S3, furthermore, we generate service requests inside and outside AWS(Amazon Web Services) and then analyze the results of the zero trust techniques depending on the location of the service request.

A Study on the remote acuisition of HejHome Air Cloud artifacts (스마트 홈 헤이 홈 Air의 클라우드 아티팩트 원격 수집 방안 연구)

  • Kim, Ju-eun;Seo, Seung-hee;Cha, Hae-seong;Kim, Yeok;Lee, Chang-hoon
    • Journal of Internet Computing and Services
    • /
    • v.23 no.5
    • /
    • pp.69-78
    • /
    • 2022
  • As the use of Internet of Things (IoT) devices has expanded, digital forensics coverage of the National Police Agency has expanded to smart home areas. Accordingly, most of the existing studies conducted to acquire smart home platform data were mainly conducted to analyze local data of mobile devices and analyze network perspectives. However, meaningful data for evidence analysis is mainly stored on cloud storage on smart home platforms. Therefore, in this paper, we study how to acquire stored in the cloud in a Hey Home Air environment by extracting accessToken of user accounts through a cookie database of browsers such as Microsoft Edge, Google Chrome, Mozilia Firefox, and Opera, which are recorded on a PC when users use the Hey Home app-based "Hey Home Square" service. In this paper, the it was configured with smart temperature and humidity sensors, smart door sensors, and smart motion sensors, and artifacts such as temperature and humidity data by date and place, device list used, and motion detection records were collected. Information such as temperature and humidity at the time of the incident can be seen from the results of the artifact analysis and can be used in the forensic investigation process. In addition, the cloud data acquisition method using OpenAPI proposed in this paper excludes the possibility of modulation during the data collection process and uses the API method, so it follows the principle of integrity and reproducibility, which are the principles of digital forensics.

Integrity verification of VM data collected in private cloud environment and reliability verification of related forensic tools (사설 클라우드 환경에서 수집된 VM 데이터의 무결성 입증과 관련 포렌식 도구의 신뢰성 검증)

  • Kim, Deunghwa;Jang, Sanghee;Park, Jungheum;Kang, Cheulhoon;Lee, Sangjin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.23 no.2
    • /
    • pp.223-230
    • /
    • 2013
  • Recently, a large number of corporations are adopting cloud solution in order to reduce IT-related costs. By the way, Digital Trace should have admissibility to be accepted as digital evidence in court, and integrity is one of the factors for admissibility. In this context, this research implemented integrity verification test to VM Data which was collected by well-known private cloud solutions such as Citrix, VMware, and MS Hyper-V. This paper suggests the effective way to verify integrity of VM data collected in private cloud computing environment based on the experiment and introduces the error that EnCase fails to mount VHD (Virtual Hard Disk) files properly.