Cloud Forensics Research Papers - Academia.edu (original) (raw)

With humongous increase of patient data in hospitals and healthcare centres every day, there is tremendous need for hospitals to deploy their services and data to the cloud which will increase the efficiency and makes administration more... more

With humongous increase of patient data in hospitals and healthcare centres every day, there is tremendous need for hospitals to deploy their services and data to the cloud which will increase the efficiency and makes administration more balanced and steadier. While it is a sterling approach to deploy user data and services to the cloud, it is important for healthcare centres and hospitals to understand and be aware of the potential threats in the cloud environment. With the advancement of technology, hackers try to gain access into the cloud by exploiting vulnerabilities which are unpatched for a very long period. These exploitations lead to unauthorised access and control over user information which results in immediate havoc to the user privacy and long-term damage to the goodwill of the hospitals. Technical Issues such as Access Control, Identity Management, Authentication and Authorisation needs to be addressed with immediate alacrity to safeguard the CIA traits namely Confidentiality, Integrity and Availability of user data in the cloud. This paper will elucidate on what kind of security approaches and enhancements are necessary to be taken care to prevent unauthorised data access, financial and goodwill loss in the healthcare domain.

Cloud Computing is emerging amongst all the bombilate words of acclivitous technologies as the most prodigious maturations in the chronicles of computing. As it still takes time to settle,a new egressing challenge as felt whilst its... more

Cloud Computing is emerging amongst all the bombilate words of acclivitous technologies as the most prodigious maturations in the chronicles of computing. As it still takes time to settle,a new egressing challenge as felt whilst its implementation across has been a relatively more
newfangled field known as Cloud Forensics. Today as Cloud still needs time to mature and offer its full exploitation, the even newer subfield Cloud Forensics is a carking cause to negate immediate acceptance of cloud computing with open arms. The research in this field is still in parturient stages to say from perspective of the way cases and incidents are being handled on ground today.To bring out few key pertinent issues that immediately come to the fore include Distributed storage instead of the traditional Local storage which was easy to confiscate by the forensic team or we take the issue of shared storage in a multi user environment that may be hired on a time bound deal by the user from the CSP[1] or even if a particular user associated with data location is identified, secerning it from other users is never going to be easy owing to confidentiality and privacy issues!!!In this paper I discuss and build upon the challenges as available today to the forensics industry focused on growing Clouds.

This article contributes to the foundational understanding of the security vulnerabilities and risk towards wireless grid Edgeware technology. Since communication networks and devices are subject to becoming the target of exploitation by... more

This article contributes to the foundational understanding of the security vulnerabilities and risk towards wireless grid Edgeware technology. Since communication networks and devices are subject to becoming the target of exploitation by hackers (e.g., individuals who attempt to gain unauthorised access to computer systems), these individuals are gaining ever-increasing knowledge of the often widely-reported exploitable vulnerabilities in these types of innovative technologies; and thus are able to craft increasingly effective computer network attacks (CNA) against such technologies. This research responds to the overall proposition: what security vulnerability enumerations would contribute to the degradation and risk in using a wireless grid Edgeware application in a virtualised cloud environment? Using supporting research pertaining to cyber-attacks and vulnerabilities towards a wireless cloud (e.g., the integration of a cloud computing and a wireless grid architecture), security vulnerabilities in virtualisation environments and specific vulnerabilities exploited against a wireless grid Edgeware application, this research provides a greater understanding of the practical ways wireless grid Edgeware technology can be attacked and the risk in utilising this technology.

In recent years, cloud computing has become popular as a cost-effective and efficient computing paradigm. Unfortunately, today's cloud computing architectures are not designed for security and forensics. To date, very little research has... more

In recent years, cloud computing has become popular as a cost-effective and efficient computing paradigm. Unfortunately, today's cloud computing architectures are not designed for security and forensics. To date, very little research has been done to develop the theory and practice of cloud forensics. Many factors complicate forensic investigations in a cloud environment. First, the storage system is no longer local. Therefore, even with a subpoena, law enforcement agents cannot confiscate the suspect's computer and get access to the suspect's files. Second, each cloud server contains files from many users. Hence, it is not feasible to seize servers from a data center without violating the privacy of many other users. Third, even if the data belonging to a particular suspect is identified, separating it from other users' data is difficult. Moreover, other than the cloud provider's word, there is usually no evidence that links a given data file to a particular suspect. For such challenges, clouds cannot be used to store healthcare, business, or national security related data, which require audit and regulatory compliance.

Cloud Storage is recently as emerging topic in these eras. As the data are increasing, the storage become major issue for the people. There are different kind of Cloud Storage application such as One Drive, Sky Drive, Drop Box and Google... more

Cloud Storage is recently as emerging topic in these eras. As the data are increasing, the storage become major issue for the people. There are different kind of Cloud Storage application such as One Drive, Sky Drive, Drop Box and Google Drive. Google Drive is gaining more popularity as it is user friendly than any other Cloud Storage Application. Google Drive is a Cloud Storage Application which allows user to store, share and edit the file in the cloud. In these paper, the authors will perform forensics of Google Drive via di1fferent technique such as using client software, Google Drive access via browser, Memory Analysis, Network Analysis and other techniques. From that the Authors will find, what type of data remnants can be found in user device.

Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their... more

Cloud computing is a rapidly evolving information technology (IT) phenomenon. Rather than procure, deploy and manage a physical IT infrastructure to host their software applications, organizations are increasingly deploying their infrastructure into remote, virtualized environments, often hosted and managed by third parties. This development has significant implications for digital forensic investigators, equipment vendors, law enforcement, as well as corporate compliance and audit departments (among others). Much of digital forensic practice assumes careful control and management of IT assets (particularly data storage) during the conduct of an investigation. This paper summarises the key aspects of cloud computing and analyses how established digital forensic procedures will be invalidated in this new environment. Several new research challenges addressing this changing context are also identified and discussed.

This research proposed in this paper focuses on gathering evidence from devices with Windows 10 operating systems in order to discover and collect artifacts left by cloud storage applications that suggest their use even after the deletion... more

This research proposed in this paper focuses on gathering evidence from devices with Windows 10 operating systems in order to discover and collect artifacts left by cloud storage applications that suggest their use even after the deletion of the Google client application. We show where and what type of data remnants can be found using our analysis which can be used as evidence in a digital forensic investigations.

With the advancement in digital forensics, digital forensics has been evolved in Cloud computing. A common process of digital forensics mainly includes five steps: defining problem scenario, collection of the related data, investigation... more

With the advancement in digital forensics, digital forensics has been evolved in Cloud computing. A common process of digital forensics mainly includes five steps: defining problem scenario, collection of the related data, investigation of the crime scenes, analysis of evidences and case documentation. The conduction of digital forensics in cloud results in several challenges, security, and privacy issues. In this paper, several digital forensics approaches in the context of IoT and cloud have been presented. The review focused on zone-based approach for IoT digital forensics where the forensics process is divided into three zones. Digital forensics in cloud provides the facilities of large data storage, computational capabilities and identification of criminal activities required for investigating forensics. We have presented a brief study on several issues and challenges raised in each phase of Cloud forensics process. The solution approaches as well as advancement prospects of cloud forensics have been described in the light of Blockchain technology. These studies will broaden the way to new researchers for better understanding and devising new ideas for combating the challenges.

Cloud Computing technology and services despite the advantages they bring to the market have created number of issues regarding the security and trust of the individuals using them. Incidents occurring in cloud computing environments are... more

Cloud Computing technology and services despite the advantages they bring to the market have created number of issues regarding the security and trust of the individuals using them. Incidents occurring in cloud computing environments are hard to be solved since digital forensic methods used to conduct digital investiga-tions are not suitable for cloud computing investigations since they do not con-sider the specific characteristics of the Cloud. However, designing services over the cloud that will support and assist an investigation process when an incident occurs is also of vital importance. This paper presents a conceptual model for supporting the development of a cloud forensics method and process, thus assist-ing information systems developers in building better services and investigators to be able to conduct forensics analysis in cloud environments.

One of the most important areas in the developing field of cloud computing is the way that investigators conduct researches in order to reveal the ways that a digital crime took place over the cloud. This area is known as cloud forensics.... more

One of the most important areas in the developing field of cloud computing is the way that investigators conduct researches in order to reveal the ways that a digital crime took place over the cloud. This area is known as cloud forensics. While great research on digital forensics has been carried out, the current digital forensic models and frameworks used to conduct a digital investigation don't meet the requirements and standards demanded in cloud forensics due to the nature and characteristics of cloud computing. In parallel, issues and challenges faced in traditional forensics are different to the ones of cloud forensics. This paper addresses the issues of the cloud forensics challenges identified from review conducted in the respective area and moves to a new model assigning the aforementioned challenges to stages.

—Digital forensics is becoming very challenging because of three main reasons: 1) Highly distributed systems under multiple jurisdictions, 2) Big Data handling and 3) Lack of forensic services, in a cloud computing environment. Due to... more

—Digital forensics is becoming very challenging because of three main reasons: 1) Highly distributed systems under multiple jurisdictions, 2) Big Data handling and 3) Lack of forensic services, in a cloud computing environment. Due to these obstacles, all the digital investigations are becoming time consuming that makes the solutions more expensive. Cloud computing is capable of handling these challenges, but it lacks an architectural level support for forensic analysis that can meet all the legal requirements. Cloud service providers cannot provide solutions to these challenges by offering forensics tools on Software-as-a-Service (SaaS) model. In this paper, we propose a multi-tier cloud architecture for Forensics-as-a-Service (FaaS) capable of handling the aforementioned challenges and introducing a new infrastructure-level forensic support from cloud providers. We will also discuss the improvement in time and cost efficiency of the overall investigation process.

Cloud Service Provider(CSP) and Cloud Service Consumer(CSC) work on the terms agreed in the Service Level Agreements(SLA). SLA is a written agreement which serves as the basis for the expected level of service the CSP must provide. As the... more

Cloud Service Provider(CSP) and Cloud Service Consumer(CSC) work on the terms agreed in the Service Level Agreements(SLA). SLA is a written agreement which serves as the basis for the expected level of service the CSP must provide. As the CSP are enterprises that are profit driven it is beneficial for the CSP to cheat on the SLA. Hence CSP do not provide the facility of auditing the SLA. As such the CSC must be equipped to ensure that the services promised by the CSP are provided by it so that in case of breach of service, the CSC has sufficient evidences to claim for penalty. Moreover virtual machines are prone to attacks by malicious cloud actors. To aid the investigation process sufficient evidences are needed. Hence, a framework based on the concept of Third Party Auditor (TPA) is proposed in this paper. This TPA will be placed between the Cloud Service Provider (CSP) and the Cloud Service Consumer (CSC) to closely monitor terms and conditions of SLA and ensure that CSP satisfies all the conditions mentioned in the SLA. If it is violated then the framework detects and stores it in a database maintained for this purpose. The TPA will also monitor attempts by malicious cloud actors and maintain log of all such attempts. Snapshots of clients' virtual machines will also be stored at a regular interval.

The ever-growing backlog of digital evidence waiting for analysis has become a significant issue for law enforcement agencies throughout the world. This is due to an increase in the number of cases requiring digital forensic analysis... more

The ever-growing backlog of digital evidence waiting for analysis has become a significant issue for law enforcement agencies throughout the world. This is due to an increase in the number of cases requiring digital forensic analysis coupled with the increasing volume of data to process per case. This has created a demand for a paradigm shift in the method that evidence is acquired, stored, and analyzed. The ultimate goal of the research presented in this paper is to revolutionize the current digital forensic process through the leveraging of centralized deduplicated acquisition and processing approach. Focusing on this first step in digital evidence processing, acquisition, a system is presented enabling deduplicated evidence acquisition with the capability of automated, forensically-sound complete disk image reconstruction. As the number of cases acquired by the proposed system increases, the more duplicate artifacts will be encountered, and the more efficient the processing of each new case will become. This results in a time saving for digital investigators, and provides a platform to enable non-expert evidence processing, alongside the benefits of reduced storage and bandwidth requirements.

Abstract- Cloud computing has penetrated the Information Technology industry deep enough to influence major companies to adopt it into their mainstream business. A strong thrust on the use of virtualization technology to realize... more

Abstract- Cloud computing has penetrated the Information Technology industry deep enough to influence major companies
to adopt it into their mainstream business. A strong thrust on the use of virtualization technology to realize Infrastructure-asa-
Service (IaaS) has led enterprises to leverage subscription-oriented computing capabilities of public Clouds for hosting
their application services. A seldomly discussed, but in this regard highly relevant open issue is the ability to perform digital
investigations. This continues to fuel insecurity on the sides of both providers and customers. In Cloud Forensics, the lack of
physical access to servers constitutes a completely new and disruptive challenge for investigators. Due to the decentralized
nature of data processing in the Cloud, traditional approaches to evidence collection and recovery are no longer practical.
The main disturbing element of the security of the cloud i.e. the DDoS attacks has led to the establishment of various
technologies in order to gain defense against DDoS attacks. This paper gives the implementation of a forensic technique
which detects DDoS attack and is used as a service provided by CSP.

In recent years, cloud computing has gained popularity, and it is now used to support various areas of human life. Cloud forensics has been introduced to help forensic investigators find potential evidence against cloud criminal... more

In recent years, cloud computing has gained popularity, and it is now used to support various areas of human life. Cloud forensics has been introduced to help forensic investigators find potential evidence against cloud criminal activities and maintain the security and integrity of the information stored in the cloud. While great research in the area has been carried out concerning challenges and solutions, the research on methodologies and frameworks is still in its infancy. This article focuses on the methodological aspects of cloud forensics. It critically reviews cloud forensics' existing challenges and solutions, and it explores, based on a detailed review of the area, all the work that has been carried out both in digital and cloud forensic methodologies mainly for supporting the investigation of security incidents in cloud. Furthermore, the detailed comparison reveals similarities and drawbacks of the existing methodologies providing some novel future research directions. Finally, the specific paper can be considered as a starting point for researchers wishing to design cloud-forensicable services over the cloud.

Cloud computing has become one of the hottest topics in the IT world today. Its model of computing as a resource has changed the landscape of computing as we know it, and its promises of increased flexibility, greater reliability, massive... more

Cloud computing has become one of the hottest topics in the IT world today. Its model of computing as a resource has changed the landscape of computing as we know it, and its promises of increased flexibility, greater reliability, massive scalability, and decreased costs have enchanted businesses. Cloud Computing holds the potential to eliminate the requirements for setting up of high-cost computing infrastructure for IT-based solutions and services that the industry uses. It promises to provide a flexible IT architecture, accessible through internet from lightweight portable devices. This would allow multi-fold increase in the capacity and capabilities of the existing and new software. In a cloud computing environment, the entire data resides over a set of networked resources, enabling the data to be accessed through virtual machines. Since these datacenters may be located in any part of the world beyond the reach and control of users, there are multifarious security and privacy challenges that need to be understood and addressed. One can never deny the possibility of a server breakdown that has been witnessed, rather quite often in the recent times. There are various issues that need to be addressed with respect to security and privacy in a cloud computing environment. This extensive survey paper aims to elaborate and analyze the numerous unresolved issues threatening the cloud computing adoption and diffusion affecting the various stake-holders associated with it.

This research proposed in this paper focuses on gathering evidence from devices with Windows 10 operating systems in order to discover and collect artifacts left by cloud storage applications that suggest their use even after the deletion... more

This research proposed in this paper focuses on gathering evidence from devices with Windows 10 operating systems in order to discover and collect artifacts left by cloud storage applications that suggest their use even after the deletion of the Google client application. We show where and what type of data remnants can be found using our analysis which can be used as evidence in a digital forensic investigations. Introduction Cloud computing is a quite recent term to describe computer resources available as a service accessible over a network, The National Institute of Standards and Technology (NIST) define cloud computing in its publication (SP 800-145)[1]:" Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models."

In recent years, cloud computing has become popular as a cost-effective and efficient computing paradigm. Unfortunately, today's cloud computing architectures are not designed for security and forensics. To date, very little research has... more

In recent years, cloud computing has become popular as a cost-effective and efficient computing paradigm. Unfortunately, today's cloud computing architectures are not designed for security and forensics. To date, very little research has been done to develop the theory and practice of cloud forensics. Many factors complicate forensic investigations in a cloud environment. First, the storage system is no longer local. Therefore, even with a subpoena, law enforcement agents cannot confiscate the suspect's computer and get access to the suspect's files. Second, each cloud server contains files from many users. Hence, it is not feasible to seize servers from a data center without violating the privacy of many other users. Third, even if the data belonging to a particular suspect is identified, separating it from other users' data is difficult. Moreover, other than the cloud provider's word, there is usually no evidence that links a given data file to a particular suspect. For such challenges, clouds cannot be used to store healthcare, business, or national security related data, which require audit and regulatory compliance. In this paper, we systematically examine the cloud forensics problem and explore the challenges and issues in cloud forensics. We then discuss existing research projects and finally, we highlight the open problems and future directions in cloud forensics research area. We posit that our systematic approach towards understanding the nature and challenges of cloud forensics will allow us to examine possible secure solution approaches, leading to increased trust on and adoption of cloud computing, especially in business, healthcare, and national security. This in turn will lead to lower cost and long-term benefit to our society as a whole.

Digital forensic science is very much still in its infancy, but is becoming increasingly invaluable to investigators. A popular area for research is seeking a standard methodology to make the digital forensic process accurate, robust, and... more

Digital forensic science is very much still in its infancy, but is becoming increasingly invaluable to investigators. A popular area for research is seeking a standard methodology to make the digital forensic process accurate, robust, and efficient. The first digital forensic process model proposed contains four steps: Acquisition, Identification, Evaluation and Admission. Since then, numerous process models have been proposed to explain the steps of identifying, acquiring, analysing, storage, and reporting on the evidence obtained from various digital devices. In recent years, an increasing number of more sophisticated process models have been proposed. These models attempt to speed up the entire investigative process or solve various of problems commonly encountered in the forensic investigation. In the last decade, cloud computing has emerged as a disruptive technological concept, and most leading enterprises such as IBM, Amazon, Google, and Microsoft have set up their own cloud-based services. In the field of digital forensic investigation, moving to a cloud-based evidence processing model would be extremely beneficial and preliminary attempts have been made in its implementation. Moving towards a Digital Forensics as a Service model would not only expedite the investigative process, but can also result in significant cost savings – freeing up digital forensic experts and law enforcement personnel to progress their caseload. This paper aims to evaluate the applicability of existing digital forensic process models and analyse how each of these might apply to a cloud-based evidence processing paradigm.

Cloud forensics introduce processes for resolving incidents occurring in cloud computing environments. However, designing cloud services capable to assist a cloud investigation process is of vital importance and recent research efforts... more

Cloud forensics introduce processes for resolving incidents occurring in cloud computing environments. However, designing cloud services capable to assist a cloud investigation process is of vital importance and recent research efforts concentrate on these directions. In addition, digital forensics methods cannot support a cloud investigation since cloud environments introduce many differences compared to traditional IT environments. This paper moves current research one step further by identifying the major concepts, actors and their relationships that participating in a cloud forensics process through the introduction of a new meta-model. The paper presents a running example as well for better understanding the suggested concepts.

Cloud forensics is an intelligent evolution of digital forensics that defends against cyber-crimes. However, centralized evidence collection and preservation minimizes the reliability of digital evidence. To resolve this severe problem,... more

Cloud forensics is an intelligent evolution of digital forensics that defends against cyber-crimes. However, centralized evidence collection and preservation minimizes the reliability of digital evidence. To resolve this severe problem, this paper proposes a novel digital forensic architecture using fast-growing Software-Defined Networking (SDN) and Blockchain technology for Infrastructure-as-a-Service (IaaS) cloud. In this proposed forensic architecture, the evidence is collected and preserved in the blockchain that is distributed among multiple peers. To protect the system from unauthorized users, Secure Ring Verification based Authentication (SRVA) scheme is proposed. To strengthen the cloud environment, secret keys are generated optimally by using Harmony Search Optimization (HSO) algorithm. All data are encrypted based on the sensitivity level and stored in the cloud server. For encryption, Sensitivity Aware Deep Elliptic Curve Cryptography (SA-DECC) algorithm is presented. For every data stored in the cloud, a block is created in the SDN controller and the history of data is recorded as metadata. In each block, the Merkle hash tree is built by using Secure Hashing Algorithm-3 (SHA-3). Our system allows users to trace their data by deploying Fuzzy based Smart Contracts (FCS). Finally, evidence analysis is enabled by constructing Logical Graph of Evidence (LGoE) collected from the blockchain. Experiments are conducted in an integrated environment of java (for cloud and blockchain) and network simulator-3.26 (for SDN). The extensive analysis shows that proposed forensic architecture shows promising results in Response time, Evidence insertion time, Evidence verification time, Communication overhead, Hash computation time, Key generation time, Encryption time, Decryption time and total change rate.

There are times we need to grant access to open ports and services only to certain or authorized users while they are inaccessible or hidden to others. Thus, there is needs for an effective authentication system which enables privileged... more

There are times we need to grant access to open ports and services only to certain or authorized users while they are inaccessible or hidden to others. Thus, there is needs for an effective authentication system which enables privileged users to secretly knock in close ports. Web-Knocking, is a variation of PortKnocking (PKn), transmits data through web pages instead of closed ports. Traditional methods of PKn could be subject to sniffing and DoS (Denial of Service) attacks. In this paper put forward, a novel method called Enhanced Secure Web-Knocking (SWKn). SWKn is shields against sniffers through cryptography and One-Time Password (OTP), parries DoS-Knocking attacks by making the service invisible, and eliminates the client’s need for sophisticated and special applications to knock. This method has been successfully implemented on Router-OS and Linux operating systems.

One of the most important areas in the developing field of cloud computing is the way that investigators conduct researches in order to reveal the ways that a digital crime took place over the cloud. This area is known as cloud forensics.... more

One of the most important areas in the developing field of cloud computing is the way that investigators conduct researches in order to reveal the ways that a digital crime took place over the cloud. This area is known as cloud forensics. While great research on digital forensics has been carried out, the current digital forensic models and frameworks used to conduct a digital investigation don’t meet the requirements and standards demanded in cloud forensics due to the nature and characteristics of cloud computing. In parallel, issues and challenges faced in traditional forensics are different to the ones of cloud forensics. This paper addresses the issues of the cloud forensics challenges identified from review conducted in the respective area and moves to a new model assigning the aforementioned challenges to stages.

Cloud Storage is recently as emerging topic in these eras. As the data are increasing, the storage become major issue for the people. There are different kind of Cloud Storage application such as One Drive, Sky Drive, Drop Box and Google... more

Cloud Storage is recently as emerging topic in these eras. As the data are increasing, the storage become major issue for the people. There are different kind of Cloud Storage application such as One Drive, Sky Drive, Drop Box and Google Drive. Google Drive is gaining more popularity as it is user friendly than any other Cloud Storage Application. Google Drive is a Cloud Storage Application which allows user to store, share and edit the file in the cloud. In these paper, the authors will perform forensics of Google Drive via di1fferent technique such as using client software, Google Drive access via browser, Memory Analysis, Network Analysis and other techniques. From that the Authors will find, what type of data remnants can be found in user device.

In recent years, cloud computing has become popular as a cost-effective and efficient computing paradigm. Unfortunately, today's cloud computing architectures are not designed for security and forensics. To date, very little research has... more

In recent years, cloud computing has become popular as a cost-effective and efficient computing paradigm. Unfortunately, today's cloud computing architectures are not designed for security and forensics. To date, very little research has been done to develop the theory and practice of cloud forensics. Many factors complicate forensic investigations in a cloud environment. First, the storage system is no longer local. Therefore, even with a subpoena, law enforcement agents cannot confiscate the suspect's computer and get access to the suspect's files. Second, each cloud server contains files from many users. Hence, it is not feasible to seize servers from a data center without violating the privacy of many other users. Third, even if the data belonging to a particular suspect is identified, separating it from other users' data is difficult. Moreover, other than the cloud provider's word, there is usually no evidence that links a given data file to a particular suspect. For such challenges, clouds cannot be used to store healthcare, business, or national security related data, which require audit and regulatory compliance.

Cloud computing is used by consumers to access cloud services. Malicious actors exploit vulnerabilities of cloud services to attack consumers. The link between these two assumptions is the cloud service. Although cloud forensics assists... more

Cloud computing is used by consumers to access cloud services. Malicious actors exploit vulnerabilities of cloud services to attack consumers. The link between these two assumptions is the cloud service. Although cloud forensics assists in the direction of investigating and solving cloud-based cyber-crimes, in many cases the design and implementation of cloud services fall back. Software designers and engineers should focus their attention on the design and implementation of cloud services that can be investigated in a forensic sound manner. This paper presents a methodology that aims on assisting designers to design cloud forensic-enabled services. The methodology supports the design of cloud services by implementing a number of steps to make the services cloud forensic enabled. It consists of a set of cloud forensic constraints, a modeling language expressed through a conceptual model and a process based on the concepts identified and presented in the model. The main advantage of the proposed methodology is the correlation of cloud services' characteristics with the cloud investigation while providing software engineers the ability to design and implement cloud forensic-enabled services via the use of a set of predefined forensic-related tasks. Keywords Cloud forensics · Cloud forensic methodology · Cloud forensic process · Cloud forensic conceptual model · Cloud forensic constraints

In recent years, there has been an increasing interest in the authentication process due to the key role that it has in the network security. Port Knocking (PKn) is an authentication method in which data transmits through the closed... more

In recent years, there has been an increasing interest in the authentication process due to the key role that it has in the network security. Port Knocking (PKn) is an authentication method in which data transmits through the closed ports. This method is prone to attacks when attackers sniff the network. This paper proposes a new method which is called “Secure Port Knock-Tunneling” to eliminate both DOS-Knocking and NATK-nocking attacks. The possibility of implementation of this method is investigated on the Mikrotik devices.

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence... more

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence of a particular file in a given storage system. Unfortunately, it is very hard to do so in a cloud given the black-box nature of clouds and the multi-tenant cloud models. In clouds, analyzing the data from a virtual machine instance or data stored in a cloud storage only allows us to investigate the current content of the cloud storage, but not the previous contents. In this paper, we introduce the idea of building proofs of past data possession in the context of a cloud storage service. We present a scheme for creating such proofs and evaluate its performance in a real cloud provider. We also discuss how this proof of past data possession can be used effectively in cloud forensics.

Along with the increasing use of cloud services, security threats are also increasing and attack methods are becoming more diverse. However, there are still few measures and policies to deal with security incidents in the cloud... more

Along with the increasing use of cloud services, security threats are also increasing and attack methods are becoming more diverse. However, there are still few measures and policies to deal with security incidents in the cloud environment. Although many solutions have been proposed through research on digital forensics for responding to security incidents, but it is still difficult to prove the integrity of evidence collection and storage in the cloud environment. To solve these problems, in this paper, we propose a blockchain based data logging and integrity management system for cloud forensics. In addition, compare the performance of the proposed system with the other blockchain based cryptocurrency.

Cloud computing technology attracted many Internet users and organizations the past few years and has become one of the hottest topics in IT. However, due to the newly appeared threats and challenges arisen in cloud computing, current... more

Cloud computing technology attracted many Internet users and organizations the past few years and has become one of the hottest topics in IT. However, due to the newly appeared threats and challenges arisen in cloud computing, current methodologies and techniques are not designed for assisting the respective forensic processes in cloud environments. Challenges and issues introduced, require new solutions in cloud forensics. To date, the research conducted in this area concerns mostly the identification of the major challenges in cloud forensics. This paper focuses on the identification of the available technical solutions addressed in the respective literature that have an applicability on cloud computing. Furthermore it matches the identified solutions with the respective challenges already mentioned in the respective literature. Specifically, it summarizes the methods and the proposed solutions used to conduct an investigation, in comparison to the respective cloud challenges and finally it highlights the open problems in the area of cloud forensics.

Traditional business applications and platforms are too complicated and expensive. They need a data center, a complex software stack and a team of experts to run them. Also, maintenance is as expensive as the implementation. In case of a... more

Traditional business applications and platforms are too complicated and expensive. They need a data center, a complex software stack and a team of experts to run them. Also, maintenance is as expensive as the implementation. In case of a maintenance activity, the whole business goes down for the few days.

The advances of the ICT industry in recent years has led to huge popularity of Cloud Computing Services. Due to the fact that the Cloud is distributed and hosts numerous users, its use to commit crimes becomes a critical issue. Proactive... more

The advances of the ICT industry in recent years has led to huge popularity of Cloud Computing Services. Due to the fact that the Cloud is distributed and hosts numerous users, its use to commit crimes becomes a critical issue. Proactive cloud forensics becomes a matter of urgency: its capability to collect critical data before crimes happen, thus saving time and energy for the investigations is its primary objective. In this paper, we discuss the basis of Cloud Forensic Readiness, because we believe that such a system is of huge necessity. We begin by carefully defining Digital Forensic Readiness in the Cloud Computing context. We propose a reference architecture for a Cloud Forensic Readiness System (CFRS) together with its features, components, and challenges.

Cloud services are offered by many cloud service providers, but most companies generally build a private cloud computing. Cloud systems abuse can be done by internal users or due to misconfiguration or may also refer to the weaknesses in... more

Cloud services are offered by many cloud service providers, but most companies generally build a private cloud computing. Cloud systems abuse can be done by internal users or due to misconfiguration or may also refer to the weaknesses in the system. This study evaluated ADAM (Advanced Data Acquisition Model) method. Referring to the results of the investigation process by using ADAM Method, it can be verified that there are several parameters of the success investigation; therefore the investigation by using ADAM can be succesed properly and correctly. Another contribution of this study was to identify the weaknesses of the service system that used owncloud in users list of the same group can change another's user's password.

One of the most important challenges for software engineers is the design and implementation of trustworthy cloud services. Information system designers face an important issue, the design of cloud forensic-enabled systems that could... more

One of the most important challenges for software engineers is the design and implementation of trustworthy cloud services. Information system designers face an important issue, the design of cloud forensic-enabled systems that could assist investigators solving cloud-based cyber-crimes. Although digital forensics assists on this direction, limited evidence of cloud-based forensic approaches exist. These approaches don’t support information systems developers as they focus on the investigation only and also they don’t support modelling potential cases of forensics investigations. This paper aims to fill this gap by introducing a modelling language, presented in terms of a meta-model. Since most respective efforts focus on the investigation part a thorough analysis and a suggestion of a generic cloud forensic process is included as the main input for designing the proposed language.

Cloud computing technology attracted many Internet users and organizations the past few years and has become one of the hottest topics in IT. However, due to the newly appeared threats and challenges arisen in cloud computing, current... more

Cloud computing technology attracted many Internet users and organizations the past few years and has become one of the hottest topics in IT. However, due to the newly appeared threats and challenges arisen in cloud computing, current methodologies and techniques are not designed for assisting the respective forensic processes in cloud environments. Challenges and issues introduced, require new solutions in cloud forensics. To date, the research conducted in this area concerns mostly the identification of the major challenges in cloud forensics. This paper focuses on the identification of the available technical solutions addressed in the respective literature that have an applicability on cloud computing. Furthermore it matches the identified solutions with the respective challenges already mentioned in the respective literature. Specifically, it summarizes the methods and the proposed solutions used to conduct an investigation, in comparison to the respective cloud challenges and finally it highlights the open problems in the area of cloud forensics.

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence... more

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence of a particular file in a given storage system. Unfortunately, it is very hard to do so in a cloud given the black-box nature of clouds and the multi-tenant cloud models where many users share the same storage and the content of the storage changes frequently. In clouds, analyzing the data from a virtual machine instance or data stored in a cloud storage only allows us to investigate the current content of the cloud storage, but not the previous contents. In this paper, we introduce the idea of building proofs of past data possession in the context of a cloud storage service. We present a scheme for creating such proofs and evaluate its performance in a real cloud provider. We also discuss how this proof of past data possession can be used effectively in cloud forensics.

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence... more

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence of a particular file in a given storage system. Unfortunately, it is very hard to do so in a cloud given the black-box nature of clouds and the multi-tenant cloud models where many users share the same storage and the content of the storage changes frequently. In clouds, analyzing the data from a virtual machine instance or data stored in a cloud storage only allows us to investigate the current content of the cloud storage, but not the previous contents. In this paper, we introduce the idea of building proofs of past data possession in the context of a cloud storage service. We present a scheme for creating such proofs and evaluate its performance in a real cloud provider. We also discuss how this proof of past data possession can be used effectively in cloud forensics.

LA MINUTE TECH : "De nouvelles recherches ont mis au jour des failles notables au bénéfice des acteurs disposant des bons outils de déchiffrement, concernant la sécurité qu'offrent les deux systèmes d'exploitation phares sur le marché des... more

LA MINUTE TECH : "De nouvelles recherches ont mis au jour des failles notables au bénéfice des acteurs disposant des bons outils de déchiffrement, concernant la sécurité qu'offrent les deux systèmes d'exploitation phares sur le marché des smartphones : iOS et Android."

Cloud storage services are widely getting acceptance and gaining popularity, since it is used mostly by companies and students in Malaysian higher learning institutions. While cloud storage services got popular within last two years, most... more

Cloud storage services are widely getting acceptance and gaining popularity, since it is used mostly by companies and students in Malaysian higher learning institutions. While cloud storage services got popular within last two years, most of the people are still trying to adapt to this new technology and some people still does not fully understand what cloud storage services are. In this paper, the authors present the results and an analysis of survey conducted on the awareness and concerns of Malaysians about cloud storage services, and its forensics and security issues. Questionnaires were administered to two hundred fifty users of cloud storage in Malaysia and fifty to the public to get the responses of people, especially student concerning about the cloud storage services. The responses from participants revealed valuable information about the public awareness and knowledge on cloud services. Relevant areas that required improvements are also investigated and discussed in this paper.

There is a growing demand for cloud storage services such as Dropbox, Box, Syncplicity and SugarSync. These public cloud storage services can store gigabytes of corporate and personal data in remote data centres around the... more

There is a growing demand for cloud storage services such as Dropbox, Box, Syncplicity and SugarSync. These public cloud storage services can store gigabytes of corporate and personal data in remote data centres around the world, which can then be synchronized to multiple devices. This creates an environment which is potentially conducive to security incidents, data breaches and other malicious activities. The forensic investigation of public cloud environments presents a number of new challenges for the digital forensics community. However, it is anticipated that end-devices such as smartphones, will retain data from these cloud storage services. This research investigates how forensic tools that are currently available to practitioners can be used to provide a practical solution for the problems related to investigating cloud storage environments. The research contribution is threefold. First, the findings from this research support the idea that end-devices which have been used to access cloud storage services can be used to provide a partial view of the evidence stored in the cloud service. Second, the research provides a comparison of the number of files which can be recovered from different versions of cloud storage applications. In doing so, it also supports the idea that amalgamating the files recovered from more than one device can result in the recovery of a more complete dataset. Third, the chapter contributes to the documentation and evidentiary discussion of the artefacts created from specific cloud storage applications and different versions of these applications on iOS and Android smartphones.

This article contributes to the foundational understanding of the security vulnerabilities and risk towards wireless grid Edgeware technology. Since communication networks and devices are subject to becoming the target of exploitation by... more

This article contributes to the foundational understanding of the security vulnerabilities and risk towards wireless grid Edgeware technology. Since communication networks and devices are subject to becoming the target of exploitation by hackers (e.g., individuals who attempt to gain unauthorised access to computer systems), these individuals are gaining ever-increasing knowledge of the often widely-reported exploitable vulnerabilities in these types of innovative technologies; and thus are able to craft increasingly effective computer network attacks (CNA) against such technologies. This research responds to the overall proposition: what security vulnerability enumerations would contribute to the degradation and risk in using a wireless grid Edgeware application in a virtualised cloud environment? Using supporting research pertaining to cyber-attacks and vulnerabilities towards a wireless cloud (e.g., the integration of a cloud computing and a wireless grid architecture), security vulnerabilities in virtualisation environments and specific vulnerabilities exploited against a wireless grid Edgeware application, this research provides a greater understanding of the practical ways wireless grid Edgeware technology can be attacked and the risk in utilising this technology.-Director for the Wireless Grids Testbed (WiGiT) at Syracuse University and is an IEEE senior member. He has more than 20 years of professional experience in the design, development and production of complex information systems/architectures, as well as leading the effort to develop secure information systems architectures for the US DoD. His research interests are in the fields of cyber-security, information assurance, information security architecture and internet of things architectures. He received his Doctorate in Information Management from Syracuse University.

Облачные ит-услуги: анализ судебного ит-эксперта. Понятие облачных ИТ-услуг Согласно концепции облака мощности ИТ-технологий (каких бы то не было) должны предостав-ляться таким же образом, как коммунальные предприятия предоставляют воду,... more

Облачные ит-услуги: анализ судебного ит-эксперта.
Понятие облачных ИТ-услуг Согласно концепции облака мощности ИТ-технологий (каких бы то не было) должны предостав-ляться таким же образом, как коммунальные предприятия предоставляют воду, электричество, газ и другие услуги. На основе подхода по типам услуг, эти услуги могут быть классифицированы в следующие 3+1 категории: – Software as a Service (SaaS) – программное обеспечение как услуга → использование приложений сервис-провайдера – Platform as a Service (PaaS) – платформа как услуга → выполнение приложений клиента – Infrastructure as a Service (IaaS) – инфраструктура как услуга → прокат вычислительных, сетевых и других ёмкостей и ресурсов – Storage as a Service (StaaS) – хранение данных как услуга → хостинг (которую можно класси-фицировать как услугу IaaS, но в связи с популярностью этой услуги, она может быть рассмотрена и отдельно). С точки зрения информатики, эти системы можно рассматривать в качестве услуг реального вре-мени, появляющихся в виртуальной среде, строящиеся на физической инфраструктуре и значительное отличающиеся от исследуемого предмета «Digital Forensic Science» т.е. от компьютера или от хранения данных [1]. В этой среде на практике судебного ИТ-эксперта (согласно собственной статистике автора) самым распространённым является исследование облачных ИТ-услуг SaaS. Предметом исследования может быть, например, учётная запись Google Mail, содержание хранения сервисов OneDrive, Google Drive или прочего облачного хранения подозреваемого. Удобство и простота использования извлеченных данных в качестве доказательств, кроме методологии восстановления, зависит главным образом от того, что мы рассматриваем в качестве (цифрового) доказательства. Давайте кратко рассмотрим вен-герские и международные определения. Цифровые доказательства По закону XIX от 1998 года об уголовном процессе (УП) средства доказывания следующие: «76. § (1) Средствами доказывания являются свидетельские показания, заключения экспертов, вещественные доказательства как средства доказывания, документы и показания обвиняемых». Доказательства информационного содержания (как ни странно) принадлежат к категории вещественных доказательств, но иногда косвенно встречаются и в заключениях экспертов. О вещественных доказательствах УП говорит: «115. § (1) Вещественными доказательствами считаются все такие предметы (вещи), которые под-ходят для доказательства доказываемого факта, ...сохранили на себе следы преступника или возника-ют путём совершения преступления, которые служили орудиями преступления или на которые были направлены преступные действия». Более точная дефиниция, чем приведённое выше определение информационных доказательств, ста-ла известной в определении «International Organization on Computer Evidence (IOCE)» согласно которой: Digital Evidence – information stored or transmitted in binary form that may be relied upon in court: циф-ровое доказательство – информация, хранимая или передаваемая в форме двоичного кода, которая может использоваться в суде. Original Digital Evidence – physical items and those data objects, which are associated with those items at the time of seizure: оригинальное цифровое доказательство – физические предметы и объекты данных, которые связаны с этими элементами в момент ареста.

Recent developments of wireless communication devices have increased the interest in wireless networks. The hidden node problem is one of the major problems which leads to packet dropping and transfer delays via blind collisions. In this... more

Recent developments of wireless communication devices have increased the interest in wireless networks. The hidden node problem is one of the major problems which leads to packet dropping and transfer delays via blind collisions. In this paper, we discuss the design factors of some existing mechanisms to deal with hidden node avoidance, and present a timeline of the development of these mechanisms. We classify and characterize the existing mechanisms into three categories, which are handshaking, busy tone multiple accesses, and routing management mechanisms. This classification and characterization provides a better qualitative comparison and presents a clear picture of the strengths and weaknesses of these mechanisms. Finally, we highlight the open issues that still need to be addressed.

Cloud forensics assist investigators on solving cloud-based cyber-crimes. Although investigators use forensic methods and tools to cope with incidents, there are other aspects that put barriers to the whole investigation process. One of... more

Cloud forensics assist investigators on solving cloud-based cyber-crimes. Although investigators use forensic methods and tools to cope with incidents, there are other aspects that put barriers to the whole investigation process. One of these aspects is the way cloud services are designed and implemented. Software engineers are responsible for the design and implementation of them but in many cases, cloud services are not designed nor implemented as cloud forensic-enabled, introducing issues to the outcome of the potential investigation. To design cloud services capable of assisting investigators to solve an incident is a challenge. To overcome this issue, in this paper we present a requirements engineering framework to support software engineers in the elicitation of forensic requirements and the design of forensic-enabled cloud services. The framework considers a set of cloud forensic constraints and a modelling language for the successful collaboration of them with the rest of the requirements engineering concepts. The main advantage of the proposed model is the correlation of cloud services' characteristics with the cloud investigation while providing software engineers the ability to design and implement cloud forensic-enabled services via the use of process patterns.

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence... more

Cloud computing has emerged as a popular computing paradigm in recent years. However, today's cloud computing architectures often lack support for computer forensic investigations. A key task of digital forensics is to prove the presence of a particular file in a given storage system. Unfortunately, it is very hard to do so in a cloud given the black-box nature of clouds and the multi-tenant cloud models. In clouds, analyzing the data from a virtual machine instance or data stored in a cloud storage only allows us to investigate the current content of the cloud storage, but not the previous contents. In this paper, we introduce the idea of building proofs of past data possession in the context of a cloud storage service. We present a scheme for creating such proofs and evaluate its performance in a real cloud provider. We also discuss how this proof of past data possession can be used effectively in cloud forensics.

Cloud has introduced a new concept of provision of on-demand resource to services on internet. Cloud provides an attractive model while allowing the service providers to save cost. It allows users to free themselves of tasks of resource... more

Cloud has introduced a new concept of provision of on-demand resource to services on internet. Cloud provides an attractive model while allowing the service providers to save cost. It allows users to free themselves of tasks of resource management i.e. most efficient use of resources. It also allows centralization of information and resources so that the users can access them from anywhere using the internet. Generally the resources used to provide services belong to a third party. As the users don’t have to invest capital in such resources it decreases costs. Even though cloud model is lucrative, users have been hesitant in adopting it, the major reason being security concern regarding their private data. In this paper we discuss about various security concerns in cloud environment.

Cloud forensics is an intelligent evolution of digital forensics that defends against cybercrimes. However, centralized evidence collection and preservation minimizes the reliability of digital evidence. To resolve this severe problem,... more

Cloud forensics is an intelligent evolution of digital forensics that defends against cybercrimes. However, centralized evidence collection and preservation minimizes the reliability of digital evidence. To resolve this severe problem, this paper proposes a novel digital forensic architecture using fast-growing Software-Defined Networking (SDN) and Blockchain technology for Infrastructure-as-a-Service (IaaS) cloud. In this proposed forensic architecture, the evidence is collected and preserved in the blockchain that is distributed among multiple peers. To protect the system from unauthorized users, Secure Ring Verification based Authentication (SRVA) scheme is proposed. To strengthen the cloud environment, secret keys are generated optimally by using Harmony Search Optimization (HSO) algorithm. All data are encrypted based on the sensitivity level and stored in the cloud server. For encryption, Sensitivity Aware Deep Elliptic Curve Cryptography (SA-DECC) algorithm is presented. For every data stored in the cloud, a block is created in the SDN controller and the history of data is recorded as metadata. In each block, the Merkle hash tree is built by using Secure Hashing Algorithm-3 (SHA-3). Our system allows users to trace their data by deploying Fuzzy based Smart Contracts (FCS). Finally, evidence analysis is enabled by constructing Logical Graph of Evidence (LGoE) collected from the blockchain. Experiments are conducted in an integrated environment of java (for cloud and blockchain) and network simulator-3.26 (for SDN). The extensive analysis shows that proposed forensic architecture shows promising results in Response time, Evidence insertion time, Evidence verification time, Communication overhead, Hash computation time, Key generation time, Encryption time, Decryption time and total change rate. INDEX TERMS Software-defined networking, blockchain, evidence collection, cloud forensics, security.

ABSTRACT This article contributes to the foundational understanding of the security vulnerabilities and risk towards wireless grid Edgeware technology. Since communication networks and devices are subject to becoming the target of... more

ABSTRACT This article contributes to the foundational understanding of the security vulnerabilities and risk towards wireless grid Edgeware technology. Since communication networks and devices are subject to becoming the target of exploitation by hackers (e.g., individuals who attempt to gain unauthorised access to computer systems), these individuals are gaining ever-increasing knowledge of the often widely-reported exploitable vulnerabilities in these types of innovative technologies; and thus are able to craft increasingly effective computer network attacks (CNA) against such technologies. This research responds to the overall proposition: what security vulnerability enumerations would contribute to the degradation and risk in using a wireless grid Edgeware application in a virtualised cloud environment? Using supporting research pertaining to cyber-attacks and vulnerabilities towards a wireless cloud (e.g., the integration of a cloud computing and a wireless grid architecture), security vulnerabilities in virtualisation environments and specific vulnerabilities exploited against a wireless grid Edgeware application, this research provides a greater understanding of the practical ways wireless grid Edgeware technology can be attacked and the risk in utilising this technology.-Director for the Wireless Grids Testbed (WiGiT) at Syracuse University and is an IEEE senior member. He has more than 20 years of professional experience in the design, development and production of complex information systems/architectures, as well as leading the effort to develop secure information systems architectures for the US DoD. His research interests are in the fields of cyber-security, information assurance, information security architecture and internet of things architectures. He received his Doctorate in Information Management from Syracuse University.

Recent developments of wireless communication devices have increased the interest in wireless networks. The hidden node problem is one of the major problems which leads to packet dropping and transfer delays via blind collisions. In this... more

Recent developments of wireless communication devices have increased the interest in wireless networks. The hidden node problem is one of the major problems which leads to packet dropping and transfer delays via blind collisions. In this paper, we discuss the design factors of some existing mechanisms to deal with hidden node avoidance, and present a timeline of the development of these mechanisms. We classify and characterize the existing mechanisms into three categories, which are handshaking, busy tone multiple accesses, and routing management mechanisms. This classification and characterization provides a better qualitative comparison and presents a clear picture of the strengths and weaknesses of these mechanisms. Finally, we highlight the open issues that still need to be addressed.