Abstract
A common cloud forensic model proposed by researchers is ‘Cloud-Forensic-as-a-Service’ where consumers have to access it as a service to collect forensic data from cloud environments. The ‘Cloud-Forensic-as-a-Service’ model raises the question of how it collects digital evidence pertaining to an incident which occurred in the cloud. Currently, types of ‘Cloud-Forensic-as-a-Service’ systems in the literature show that the system is controlled and implemented by the cloud provider, where they unilaterally define the type of evidence that can be collected by the system. A serious limitation of this approach is that it does not offer the consumer sufficient means of performing reasonableness checks to verify that the provider is not accidentally or maliciously contaminating the evidence. To address the problem, the paper proposes a conceptual bilateral Cloud-Forensic-as-a-Service model where both consumers and providers can independently collect, verify the equity of the forensic analysis process and try to resolve potential disputes emerging from the independently collected results. The authors have developed a cloud forensic process model to lead common and significant aspects of a bilateral Cloud-Forensics-as-a-Service model. The paper explicitly discusses the concept of a bilateral Cloud-Forensic-as-a-Service model.
Highlights
The focus of this research is on cloud forensic services provided remotely to Cloud Service Consumers (CSCs) over the internet
Some sources of potential digital evidence are on the premises that the provider unilaterally producing forensic data
In cloud forensic there is a need for investigators to adapt and develop a cloud forensic process model that would enable forensic investigators to collect and analyze forensic data on the consumer and provider sides
Summary
The focus of this research is on cloud forensic services provided remotely to Cloud Service Consumers (CSCs) over the internet. The processes of this model include Data Collection, Separation, Aggregation, Analysis and Reporting controlled by a Management Console Authors of this CNFPM has implemented its prototype in an OpenNebula-based IaaS environment and is represented as follows: CNFPM 1⁄4 ffData Collection⇒Separation⇒Aggregation⇒ Analysis⇒Reportingg⇔Managementg: The Open Cloud Forensic Process Model (OCFPM) most recently proposed in [29] is supposed to continuously be supported by the CSPs. The model is built based on the DFPM model and defines six processes such as Preservation, Identification (Incident and Evidence), Collection, Organization (Examination and Analysis), Preservation and Verification. The process model proposed in this study consists of four processes, including determine the purpose of the forensic requirements, identify the types of cloud services, determine the type of background technology and examine physical and logical locations of digital evidence. The LEA uses the non-repudiated FDC and FDP
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
