Forensics Issues in Cloud Computing

Cloud computing is an emerging technology that is being widely adopted throughout the world due to its ease-of-use. Organizations of all types can use it without pre-requisites such as IT infrastructure, technical skills, managerial overload, storage capacity, processing power, and data recovery or privacy setup. It can be availed by all clients as per their needs, expectations and budget. However, cloud computing introduces new kinds of security vulnerabilities that need to be addressed. Traditional “Computer Forensics” deals with detection, preemption and prevention of IT triggered frauds and crimes but it lacks the ability to deal with cybercrimes pertaining to cloud computing environment. In this paper, we focus on forensics issues in cloud computing, assess limitations of forensic team and present the obstacles faced during investigation.


Introduction
With the evolution of internet in 1990's, many changes have been witnessed by the computing world, from uni-processing environment to parallel processing, distributed computing, grid computing, ubiquitous computing, pervasive computing and now cloud computing [1].It allows businesses to scale up and down their resources based on their needs [2].Using cloud computing, users can store their data remotely and enjoy on-demand seamless application access without having to invest in hardware infrastructure or software management [3].Thus, it shields the user from facing difficulties of traditional computing such as establishment of infrastructures, software licensing, and hiring of technical staff etc.
In this document, we have analyzed the limitations that Computer Forensics has in "Cloud Computing" and the need to address them for successful implementation of Computer Forensics for detection and prevention of fraudulent acts and cybercrimes.The objectives of this research is to analyze the processes, procedures, metho-dologies, tools and techniques of Computer Forensics and its usages in Cloud Computing for tracking digital evidences, frauds and cybercrimes, as this technology is evolving and spreading its roots throughout the world and utilizing the capability of internet for the great achievements.Cloud Computing is a diverse, flexible, costeffective, and proven delivery platform for providing IT services to customers as well as businesses over the Internet [4].However, it possesses an added risk because of outsourcing of essential services to a third party [5].This is another area to be taken care of.Moreover, every technology has its merits and demerits but the important thing is the optimum utilization of merits while limiting the demerits.Thus, the main purpose of this discussion is to overcome the weaknesses in cloud computing and identify solutions that can be helpful in betterment of technology.
We have performed a substantive analysis on processes, procedures and techniques limitations of Computer Forensics in Cloud Computing and described the processes and set of rules of Computer Forensics that are being applied throughout the process of Computer Forensics.The process has critical approach that can be legally proceeded in civil court for prosecution.If predefined processes and techniques are inadequate for finding and collecting digital evidences, then successful implementation and execution of Computer Forensics in Cloud Computing will not be feasible and it will not be able to deliver the desired results.
The rest of the paper is organized as follows.Section 2 defines Computer Forensics.Section 3 outlines Cloud technology at length.Section 4 highlights main security aspects in cloud.Section 5 lists the issues and constraints whereas recommendation and conclusion follow.

Computer Forensics
Computer Forensics is the science of identifying, extracting preserving, and presenting the digital evidence stored in digital devices that can be legally admissible in court for any cybercrime or fraudulent [6].In other words, finding out facts, records, and digital trails can be legally admissible in the court for criminal prosecution [7].Digital information is fragile in that it can be easily modified, duplicated, or destroyed etc.In the course of the investigation it should be assured that digital evidence is not modified without appropriate authorization [8].
Computer forensics has had major impact in detecting and preventing frauds as well as potential business losses that can deface an organization of its reputation.The basic process of computer forensics is based on the following steps: Above mentioned set of process deals in computer forensics for detection and prevention of frauds and cybercrime, now our main concern is efficient utilization of these processes in cloud forensics for achieving desired objectives of detection and prevention of frauds and cybercrimes.

Cloud Technology
Cloud is a network of processing elements or servers that has infrastructure to provide processing and storage facilities to clients throughout the world over the internet.The technology is spreading instantly in all domains.For instance, common users are utilizing public cloud services in the form of Google ® Drive, Dropbox ® , One-Drive ® and Media Fire ® for data storage [7].Similarly, commercial level cloud technology is also boosting itself.Many small, medium to large organizations are utilizing private cloud services for their businesses.Rather than investing huge amount for finance to develop infrastructures, platforms, software applications and operating systems; they obtain all these as well as get administrative and management services in the form of web apps from cloud service providers in private manner.Community Cloud is another service in which group of organizations uses cloud facility.Hybrid cloud has both public as well as private cloud facilities.For secure computing it utilizes the private cloud environment whereas noncritical activities and operations are done on public cloud [7].

Cloud Service Provider (CSP)
In cloud computing environment several challenges may exist in cloud computing forensics.Cloud Service Pro-vider is an entity that provides services to its clients including infrastructure, OS licensing, application interfaces, data storage, processing power, backups and other necessary supporting tools for cloud computing [6].Cloud Computing supports the virtualization where hardware and configurations are provided as per requirement of the client and its budget.

Cloud Infrastructure Models
Cloud Service Providers are providing different services according to their contractual agreements and they follow different infrastructure models as per their policies due to that cloud computing forensics varies according CSP policies and SLA (Service Level Agreement) [6].

Deployment Models
Cloud computing has different deployment models as mentioned below: Deployment models vary as per requirement of clients.Public cloud can be efficient for general public having general needs; Private cloud deployment model can be efficient for commercial clients according to their specific needs and businesses.Community cloud can be helpful for those organizations those are having similar objectives in their businesses and hybrid cloud is effective in condition when client has general objectives that can be utilized on public cloud as well as specific objectives that can be achieved on private cloud as shown in Figure 1.

Service Models
Three service models are provided to the client by Cloud Service Provider in which • IaaS (Infrastructure as a Service), • SaaS (Software as a Service), • PaaS (Platform as a Service).
IaaS provides access to physical machines, virtual machines and virtual data stores.SaaS provides access to software applications.PaaS Provides access to runtime environment for software applications, software development and software deployment tools [6].

Forensics in Cloud Computing
As a client of a Cloud Service Provider we must have following concerns about our data and crucial services.If all relevant things are working fine, then we are availing a better service but everything will be at stake if someone like a hacker or a malicious person compromises data integrity, confidentiality or availability.In case of such an untoward incident, the role of forensics teams is to investigate, report and curb the crime.New challenges exist in Cloud Forensics for prevention and detection of frauds and cybercrime.Its exponential growth and usage has introduced a set of challenges that need to be mitigated in order to assure cloud computing security and maintaining high level of trust amongst the users (clients).

Variations in Investigation
Investigation in cloud computing varies as per service models that is being provided to the client accordingly.If IaaS is compared with SaaS and PaaS, it is more affable and a computer forensics team can found it more affable during investigation.A computer forensics team can get instance access to log history of the compromised system in SaaS and PaaS service models whereas in IaaS model the image of Virtual Machine can get for investigation [6].

Physical Devices Accessibility
In cloud computing a cloud forensic team can get access to the physical devices if the deployment model is private cloud; assistance and access is provided by the CSP but if the deployment model is public cloud then access may not be granted as per requirement of the investigation team [6].

CSP Collaboration
If a client's cloud is compromised, then a request is generated for cloud forensic to CSP which then relies on the cooperation of CSP.In case the CSP intends to provide physical and logical access to the investigation team for tracing the trails of fraud, crime or forgery, the investigation may be successful but if CSP isn't collaborating, forensics investigation will yield nothing [8].

Conducive Laws
In case CSP is not intending to cooperate with cloud forensic team as per requirements, then the team has to rely on laws and legal procedures that can be useful for getting desired permissions and access to physical and logical system of client's cloud [6].

Client's Site Compromised
In cloud computing this is not necessary that a user of cloud is a techy savvy who is aware of all aspects of social engineering (Hacking phases) that are used to exploit client's cloud in terms of data theft, unauthorized changes in data and issues of data integrity and confidentiality.As a result, it increases the chances of exploitation of a victim and client's system can be easily compromised by the social engineering tactics [9].Exploitation techniques may use malicious JavaScript ® or malicious browser extensions.Similarly, some malicious program may be installed on client's browser or operating system that can steal cookies or session id, or log the keys.Rapid use of different devices (i.e.PCs, Laptops, Smart phones, Tablets and different PDAs) to access cloud service from random places can also make forensic procedure more complex and difficult to extract vital information from heterogeneous environments that can be useful in legal procedures [10].

CSP's Site Compromised
If a CSP is not providing access and assistance to the investigation team as per requirement of contractual agreement, then it would lead to the suspicion that the cloud has been compromised from CSP site due lack of physical and logical security policies, or procedures for protecting data, and ensuring data confidentiality and data integrity.There may also be a possibility that acts of some malicious employee at CSP site has disrupted client [3].

Issues of Intense Seizing of Physical Devices
First step in computer forensics is to seize physical devices at the scene due to lack of intense accessibility to the physical devices at CSP site [10].If this is not done, there are chances of lost critical evidences that could have proven to be vital in computer forensics.In case of cloud, data is not necessarily available at a single location and may reside at different geographical locations; that makes seizing of physical devices impossible in cloud forensics [8].

Issues of Recovering of Volatile Data
In some cases, a malicious program exploits the system through execution in RAM or processors Registers.Being volatile part of memory, it's easier to wipe them out completely from these devices by simply switching OFF and ON or rebooting the [10].

Issues of Data Integrity & Confidentiality
In cloud computing, there exist possibility of compromised data integrity & confidentiality at CSP site (Data leakages, Data alteration, Data delectation and unwanted Data restoration) [9].Thus, the evidences provided to cloud forensic team by CSP cannot be trustworthy.This can cause investigation team on some false lead or track that cannot be fruitful for forensics.

Issues of Locations
As client of cloud computing one isn't actually sure about the data storage as it may reside at different geographical locations.There is a possibility that CSP is just pretending the storage of data at some location where laws aren't applicable for getting intense access to the physical devices but in reality it is not there so it introduces new issues during the cloud forensics processes.For instance, if a client is from Pakistan and data actually resides in Israel then access to the data becomes more difficult due to bilateral relations of the countries.

Lack of Automated Tools
Traditional software tools of computer forensics are inadequate in cloud computing forensics due to inaccessibility of the physical devices.They become inadequate during cloud digital investigation and not feasible for gathering of digital evidences, so they are not viable for cloud computing forensics.

Cloud Forensic Expenses
Overall cloud forensics cost is more than the cost of traditional forensics with lesser achievements as it minimizes the chances of detection of frauds or criminal acts due to its constraints.

Issues of Incompetence Skills of Client
A client or a user of cloud may not have technical skills like a DBA or Network Administrator.This lack of skills introduces new potential issues in cloud computing.There are possibilities that frauds, forgeries or cybercrimes have already occurred but users of cloud are not aware of these issues because no periodically reviews are performed for prevention and detection of malicious acts that can exploit the cloud of a client.Thus, delaying in reviews introduces more forensics issues as timely actions reduce the risks of greater disasters that can collapse the business entity and can be a cause of business loss.

Remote Access Place Security
Cloud service can be accessible from anywhere in the world through internet so a user of cloud service accesses that service from a compromised system it poses a potential threat to security of entire cloud service.For instance, a machine that is already compromised through malware, spyware, backdoors and key logger can be used for frauds and crimes by exploiting credentials of a legitimate user.

Issues in Cloud Forensics
Forensics issues in cloud computing elevate the challenges that need to be mitigated to make cloud computing more reliable, safe, and secure.Cloud computing is just boosting itself by introducing attractive features, services and lesser cost to its clients but at the same time have many potential risks such as data integrity, data confidentiality, not having precise knowledge where exactly data is physically stored, legality issues, and existence of regularity bodies.Forensics cost increases in cloud computing as compared to traditional forensics, volatile data recovery issues, difficulties in identification that either Cloud Service Provider site is compromised or Client site compromised, less chances of intense seizing of physical devices of compromised cloud and contractual agreement restrict the forensics team regarding SLA (Service Level Agreement) that constraints the overall functionalities of investigation team.Giant organizations might afford the forensics cost but for the small companies it is sometimes impossible to afford it.Main constraints faced are summarized below: • Forensics team has to perform its task in limited domain.
• Personnel resource allocation is a challenge at different geographical locations.
• Different legalities issues in different countries.
• High cost of forensics.
• Ineffectiveness of traditional forensics tools.

Recommendations and Future Work
In this research we focused on forensics issues in cloud computing that are being faced by digital investigation teams.These should be mitigated in a better way for enhancing the overall functionalities in cloud computing.The main areas of future development may focus on the following: • Research & Development in software tools that can enhance the process of evidence gathering in cloud computing.• Make standards for Cloud Service Providers that ensures physical access to compromised systems without any SLA (Service Level Agreement).• Make standards for periodically reviewing the cloud system for early detection and prevention of fraudulent acts and cybercrime.• Further new processes and techniques can be introduced in cloud forensics.
• Make an autonomous body that ensures that provided information regarding data storage at physical location is in compliance.• Make a regularity body that ensures legal prosecution will be admissible at CSP even if it doesn't follow its policies as per contractual agreement with the client.• Creation of centralized regularity body will be highly effective and increase the overall performance and effectiveness of forensics teams that can address those issues those are still creating hurdles and great challenges in the way.

Conclusions
This research paper dealt with issues related to forensics in cloud computing.They pose a real challenge during digital crime investigation in cloud environment.Real issues that were being faced by investigators were highlighted and some recommendations were put forth to improve the reliability of information systems that use cloud services.This will ensure timely tracking of frauds and cybercrimes, reduce the risks of business loss, reduce data leakages, and provide smarter ways of recovering the lost data.The aim of this research is to ensure that identifying, preserving, recovering, analyzing and reporting the digital facts and evidences are performed in an efficient manner.This will yield evidence admissible in the court for proving that a crime has occurred.