Cloud incident handling and forensic-by-design: cloud storage as a case study

Concurrency and Computation: Practice and Experience

Volumn 29, Issue 14, 2017, Pages

  Ab Rahman, Nurul Hidayah ^a,b   Cahyani, Niken Dwi Wahyu ^a,c   Choo, Kim Kwang Raymond ^a  

^a UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

^b UNIVERSITI TUN HUSSEIN ONN MALAYSIA   (Malaysia)

^c TELKOM UNIVERSITY   (Indonesia)

Author keywords

cloud computing; cloud storage forensics; digital forensics; forensic by design; incident handling; mobile forensics

Indexed keywords

CLOUD COMPUTING; COPYRIGHTS; DIGITAL FORENSICS; DIGITAL STORAGE; SECURITY OF DATA;

CLOUD STORAGES; CONTROLLED EXPERIMENT; DATA ENVIRONMENT; DESIGN MODELING; INCIDENT HANDLING; INCIDENT INVESTIGATION; INFORMATION SECURITY INCIDENTS; MOBILE FORENSICS;

COMPUTER FORENSICS;

EID: 84971492452     PISSN: 15320626     EISSN: 15320634     Source Type: Journal    
DOI: 10.1002/cpe.3868     Document Type: Article

References (43)

1. Li B, Li J, Liu L. CloudMon: a resource-efficient IaaS cloud monitoring system based on networked intrusion detection system virtual appliances. Concurrency and Computation: Practice and Experience 2015; 27(8):1861–1885.
2. Duncan A, Creese S, Goldsmith M. An overview of insider attacks in cloud computing. Concurrency and Computation: Practice and Experience 2015; 27(12):2964–2981.
3. Juliadotter NV, Choo K-KR. Cloud attack and risk assessment taxonomy. IEEE Cloud Computing 2015; 2(1):14–20. doi:10.1109/MCC.2015.2.
4. Yang Y, Liu J, Liang A, Choo K-KR, Zhou J. Extended proxy-assisted approach: achieving revocable fine-grained encryption of cloud data. In Proceedings of 20th European Symposium on Research in Computer Security (Lecture Notes in Computer Science, vol. 9327/2015). Springer International Publishing, 2015; 146–166.
5. Ab Rahman NH, Choo K-KR. A survey of information security incident handling in the cloud. Computer & Security 2015; 49:45–69. doi:10.1016/j.cose.2014.11.006.
6. Kent K, Chevaliar S, Grance T, Dang H. Guide to integrating forensic techniques into incident response. Available from: http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf [20 November 2015].
7. Ab Rahman NH, Choo K-KR. Integrating digital forensic practices in cloud incident handling: a conceptual cloud incident handling model. In Cloud Security Ecosystem, Ko R, Choo K-KR (eds). Syngress, an Imprint of Elsevier: Waltham, MA, 2015; 383–400.
8. Ab Rahman NH, Glisson WB, Yang Y, Choo K-KR. Forensic-by-design framework for cyber-physical cloud systems. IEEE Cloud Computing 2016; 3(1):50–59.
9. Dropbox for Business Security. (Available from: https://www.dropbox.com/static/business/resources/dfb_security_whitepaper.pdf [25 November 2015]).
10. Google's Approach to IT Security. (Available from: https://static.googleusercontent.com/media/www.google.com/en/AU/work/pdf/whygoogle/google-common-security-whitepaper.pdf [25 November 2015]).
11. Security and Compliance: Office 365. (Available from: http://www.microsoft.com/en-us/download/confirmation.aspx?id=26552 [25 November 2015]).
12. Buyya R, Vecchiola C, Selvi ST. Cloud computing architecture. In Mastering Cloud Computing: Technologies and Applications Programming. Morgan Kaufmann, an Imprint of Elsevier: Waltham, MA, 2013; 111–140.
13. Nepal S, Ranjan R, Choo K-KR. Trustworthy processing of healthcare big data in hybrid clouds. IEEE Cloud Computing 2015; 2(2):78–84.
14. Martini B, Do Q, Choo K-KR. Digital forensics in the cloud era: the decline of passwords and the need for legal reform. Trends & Issues in Crime and Criminal Justice 2016[In press].
15. Leom MD, Choo K-KR, Hunt R. Remote wiping and secure deletion on mobile devices: a review. Journal of Forensic Sciences 2016[In press].
16. Jaatun MG, Tøndel IA. How much cloud can you handle? Proceedings of the 10th International Conference on Availability, Reliability and Security 2015; 467–473.
17. Mulazzani M, Schrittwieser S, Leithner M, Huber M, Weippl ER. Dark clouds on the horizon : using cloud storage as attack vector and online slack space. Proceedings of 20th USENIX Security Symposium 2011; 65–76.
18. Dykstra J, Sherman AT. Design and implementation of FROST: digital forensic tools for the OpenStack cloud computing platform. digital Investigation 2013; 10:87–95. doi:10.1016/j.diin.2013.06.010.
19. Zach J, Reiser HP. LiveCloudInspector: towards integrated IaaS forensics in the cloud. In Distributed Applications and Interoperable Systems (Lecture Notes in Computer Science, vol. 9038), Bessani A, Bouchenak S (eds). Springer International Publishing: Basel, 2015; 207–220.
20. Quick D, Martini B, Choo K-KR. Cloud Storage Forensics, Syngress. an Imprint of Elsevier, Waltham: MA, 2014.
21. Grispos G, Glisson WB, Storer T. Using smartphones as a proxy for forensic evidence contained in cloud storage services. Proceedings of the 46th Annual Hawaii International Conference on System Sciences (HICSS) 2013; 4910–4919.
22. Grispos G, Glisson WB, Storer T. Recovering residual forensic data from smartphone interactions with cloud storage providers. In Cloud Security Ecosystem, Ko R, Choo K-KR (eds). Syngress, an Imprint of Elsevier: Waltham:MA, 2015; 347–382.
23. Martini B, Do Q, Choo K-KR. Mobile cloud forensics: an analysis of seven popular android apps. In Cloud Security Ecosystem, Ko R, Choo K-KR (eds). Syngress, an Imprint of Elsevier: Waltham:MA, 2015; 309–345.
24. Cahyani NDW, Martini B, Choo K-KR. Using multimedia presentations to improve digital forensic understanding: a pilot study. Proceedings of 26th Australasian Conference on Information Systems (ACIS) 2015; 1–10.
25. Cahyani NDW, Martini B, Choo K-KR. Do multimedia presentations enhance judiciary's technical understanding of digital forensic concepts? An Indonesian case study. Proceedings of 49th Annual Hawaii International Conference on System Sciences (HICSS) 2016; 5617–5626.
26. Cahyani N D W, Martini B, Choo K-K R. Effectiveness of multimedia presentations in improving understanding of technical terminologies and concepts: a pilot study. Australian Journal of Forensic Sciences [In press] DOI: 10.1080/00450618.2015.1128968
27. Beebe NL, Clark JG. A hierarchical, objectives-based framework for the digital investigations process. Digital Investigation 2005; 2(2):147–167. doi:10.1016/j.diin.2005.04.002.
28. Chabot Y, Bertaux A, Nicolle C, Kechadi MT. A complete formalized knowledge representation model for advanced digital forensics timeline analysis. Digital Investigation 2014; 11:95–105. doi:10.1016/j.diin.2014.05.009.
29. Quick D, Choo K-KR. Forensic collection of cloud storage data: does the act of collection result in changes to the data or its metadata? Digital Investigation 2013; 10(3):266–277. doi:10.1016/j.diin.2013.07.001.
30. Amazon Web Services (AWS) Shared Responsibility Model. (Available from: https://aws.amazon.com/compliance/shared-responsibility-model/ [5 February 2016]).
31. Ab Rahman NH, Choo K-KR. Factors influencing the adoption of cloud incident handling strategy: a preliminary study in Malaysia. Proceedings of 21st Americas Conference on Information Systems (AMCIS) 2015.
32. The treacherous 12: cloud computing top threats in 2016. (Available from: https://downloads.cloudsecurityalliance.org/assets/research/top-threats/Treacherous-12_Cloud-Computing_Top-Threats.pdf / [31 March 2016].)
33. Minárik T, Osula AM. Tor does not stink: use and abuse of the tor anonymity network from the perspective of law. Computer Law & Security Review 2016; 32(1):111–127. doi:10.1016/j.clsr.2015.12.002.
34. Chung H, Park J, Lee S, Kang C. Digital forensic investigation of cloud storage services. Digital Investigation 2012; 9(2):81–95.
35. Balduzzi M, Zaddach J, Balzarotti D, Loureiro S. A security analysis of Amazon's elastic compute cloud service. Proceedingss of the 27th Annual ACM Symposium on Applied Computing 2012; 1427–1434.
36. Ruan K, Carthy J. Cloud computing reference architecture and its forensic implications : a preliminary analysis. In Digital Forensics and Cyber Crime. Springer: Berlin Heidelberg, 2013; 1–21.
37. Martini B, Choo K-KR. Cloud storage forensics: ownCloud as a case study. Digital Investigation 2013; 10(4):1–13.
38. Almulla S, Iraqi Y, Jones A. Cloud forensics: a research perspective. Proceedings of the 9th International Conference on Innovations in Information Technology (IIT) 2013; 66–71.
39. Thorpe S, Grandison T, Campbell A, Williams J, Burrell K, Ray I. Towards a forensic-based service oriented architecture framework for auditing of cloud logs. Proceedings of the 9th World Congress on Services 2013; 75–83.
40. Dykstra J, Sherman AT. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. Digital Investigation 2012; 9:90–98.
41. Shah JJ, Malik LG. An approach towards digital forensic framework for cloud. Proceedings of the 4th IEEE International Advance Computing Conference (IACC) 2014; 798–801.
42. Cahyani N D W, Martini B, Choo K-K R, Al-Azhar MH. Forensic data acquisition from cloud-of-things devices: Windows smartphones as a case study. Concurrency and Computation: Practice and Experience [In press]
43. Quick D, Choo K-K R. Big forensic data reduction: digital forensic images and electronic evidence. Cluster Computing [In press]. DOI: 10.1007/s10586-016-0553-1