Corporate Digital Forensic Investigations - Essay Example

Name: Instructor: Course: Date: Corporate Digital Forensic Investigations Introduction Cloud computing has emerged as a new approach to delivering information communications technology to companies and other organizations. Cloud computing provides technology enabled services to organizations through the internet (Plunkett et al. 2). Organizations can access resources on the web without the need for physical infrastructure. Cloud computing offers great benefits to organizations because they do not have to invest in technological infrastructures such as the purchase of software, hardware, and network infrastructures to support critical business applications. It covers any pay per use or subscription-based service that extends the existing ICT capabilities of an organization in real time and over the internet (Plunkett et al. 3). The acceptance of cloud computing in the technology sector has sparked a change from the traditional software and hardware models to delivering ICT over the internet. Such change has also been embraced by organizations in their pursuit to meeting the needs of consumers. The increase in the adoption rates of cloud computing technology has also created an opportunity for criminals to thrive within the cloud based environment. Although cloud computing has attracted diverse organizations signifying its acceptability in the market, its security and trustworthiness have become a major concern. Clouds can be used as a tool for launching technological attacks or be a target of the attacks such as internet fraud, data theft, pornography, business espionage and cyber-terrorism (Babu and Rao 239). When such crimes are committed, law enforcement agencies use digital forensic techniques to gather and collect evidence which is used to identify and prosecute the perpetrators of the crimes. The advent of cloud computing has, however, created more problems for law enforcement in conducting forensic investigations. When crimes are committed on cloud computing platforms, law enforcement agencies cannot rely on traditional digital forensic techniques in conducting investigations (Plunkett et al. 4). This paper explores the impact of cloud computing on digital forensic investigations by analyzing the problems associated with the cloud technology. The paper also discusses logging as the most effective and efficient way of carrying out forensic investigations where a crime is committed on the cloud computing platforms. The Impact of Cloud Computing on Digital Forensic Investigations Digital forensic is defined as the process of identification, collection, and analysis of data that encompasses the preservation of the integrity of information and maintenance of the chain of custody of the data (Al Sadi 21). Digital forensic investigations, therefore, are important in ensuring that evidence is gathered and collected regarding the crime committed on a technological platform. Cloud computing employs the use of virtualization technology such that various machines are hosted on cloud servers. The use of virtualization in cloud servers makes it possible for users to access data at any time. The technology provides a cloud storage whose purpose is to maintain and manage users’ data and make it available over the internet (Al Sadi 21). The data and resources are stored on public cloud providers’ servers where many users can gain access from different parts of the world. This cloud computing architecture has created several problems for law enforcement agencies involved in forensic investigations. One of the important stages in digital forensic investigations is the identification stage where the investigators identify the machine where the crime was committed. A forensic investigation will then be conducted on the machine to collect and gather the necessary evidence. The cloud computing infrastructure makes this stage problematic for investigators (Alqahtany et al. 4). This is because the identification of evidence is challenging in the cloud environment because the investigators find it difficult to know the location of the data since the data are distributed among many hosts. This means that the process of identifying the machine used to commit the crime and the data that is vital for the investigations becomes difficult since the data is not localized. It is available over the internet making it hard to identify during investigations. Another challenge affecting digital forensic investigations is the lack of control of the cloud computing system. Consumers of the cloud computing technology or the data stored on the cloud servers have limited access and control at all levels in the cloud environment. The consumers are also not aware of where the data are physically located since the same is stored over the internet and can be accessed from anywhere in the world. This means that the traditional digital forensic techniques which require investigators to acquire the disk physically cannot apply since there is no such disk. The investigator is also required to collect vital information from the hardware and the file system. Such information is not available to the cloud consumer hence making the work of the investigator more difficult. There are also challenges that arise in the collection and preservation of data. Due to the limited control that consumers have in the cloud computing environment, both the consumers and the investigators are heavily dependent on the cloud service providers (CSP) (Alqahtany et al. 4). For investigators, such reliance on CSPs causes serious issues relating to the integrity of the evidence. The reliance on a CSP may adversely affect the acquisition of useful data. There is also the fact that CSPs do not hire forensic investigators who are certified to deal with cloud-based incidents in a manner that is forensically appropriate. Such failure by the CSPs means that the evidence that may be collected by investigators can be questioned in court. Cloud based cases also present a challenge in the preservation of data integrity (Alqahtany et al. 5). Data integrity means that the original evidence should not be tampered with at all and the chain of custody register is maintained in an appropriate form. The failure to adhere to these requirements means that the evidence collected may not be useful in court. These problems make it difficult for digital forensic investigators to conduct investigations in cases involving cloud computing. Logging as a Solution to the Challenges associated with Cloud Computing Marty (1) states that keeping a log locally and synchronously can help to keep track of the activities on the cloud without relying on the CSPs. Logs are considered as one of the most important elements of analytical data in a cloud-based infrastructure. It is through logs that service owners and operators of cloud-based services can understand the status of the every infrastructural element, monitor business processes and assess the usage of the features in the technology. One of the challenges facing investigators is the fact that since the storage system introduced by cloud computing is no longer local, investigators cannot confiscate the suspect’s computer or other device and gain access to the digital evidence (Marty 4). The logging technique allows one to keep the log files locally such that such log files and those stored in the cloud can be compared. This method can be used to identify fake users in the cloud computing environment by comparing the local log that has been stored with the log files that are maintained and managed in the cloud. This system of maintaining a local log ensures that investigators can get the registration time of the users and the files they have downloaded (Babu and Rao 240). The logging framework requires one to identify the when, where and what to ensure that the correct data is recorded. Once the logging is enabled on all the components of the infrastructure, an encrypted transport layer is then established to transfer the logs from the source to the collector (Alqahtany et al. 3). The collector is the local log storage where investigators can obtain the data required for evidence in a case. The system developed by Marty requires only a few fields to be recorded in every log such as the time stamp, session ID, the application and users. The logging framework establishes the log management system which is required to provide for the centralization of all logs. This means that all the logs are recorded and stored in one local system that can be accessed by the investigators. The log management system is also supposed to provide support for any log format to ensure that all essential data is recorded. Another important aspect of the log management system is the requirement that it should retain the log records and any old logs should be archived in a way that allows their restoration on demand. Such a system ensures that data or evidence that is needed for the investigations is accessible. Conclusion The use of cloud computing has been embraced by many organizations due to the low costs associated with the technology since no infrastructure is required to facilitate the technology. Despite the numerous benefits, cloud computing has impacted negatively on digital forensic investigations since it has made it difficult for law investigators to identify the machine used to commit a crime and also collect evidence in data form that can be used in court. Logging provides a solution to the challenges associated with cloud computing. A proper logging management system ensures that logs can be recorded locally making it easier for investigators to access data necessary for identifying the computer used in illegal activities and also collecting credible evidence. Logging enables investigators to access such data without relying so much on cloud service providers. Works Cited Al Sadi, Ghania, Cloud computing architecture and forensic investigation challenges, International Journal of Computer Applications, 124(7), 20-25, 2015. Plunkett, James, Le-Khac, Nhien-An and Kechadi, M-Tahar, Digital forensic investigations in the cloud: A proposed approach for Irish Law Enforcement, University College Dublin, 2016. Marty, Raffael, Cloud application logging for forensics, 2011, Web 15th August 2017. (http://pixlcloud.com/applicationlogging.pdf) Bau, Kandikuti and Rao, Madhava, An approach for digital forensic on cloud computing, International Journal of Computer Science and Technology, 5(4), 239-240, 2014. Alqahtany, Saad, Clarke, Nathan and Furnell, Steven, A forensic acquisition and analysis system for Iaas, Plymouth University, 2015. Read More