Comparative Study of Cloud Forensic Investigation Using ADAM And NIST 800-86 Methods in Private Cloud Computing

Abstract

As information technology advances, associated risks also increase, particularly in the field of private cloud computing services. These services are subject to potential internal abuse risks, either due to system vulnerabilities or other factors. However, the investigation of these incidents in private cloud computing varies greatly due to the different frameworks and unique characteristics of each cloud service. The lack of a standardized approach to analyzing and assessing investigative processes in cloud computing services has been a persistent problem. This lack of consensus affects the accuracy, efficiency, and data acquisition process when dealing with digital evidence in each method, causing concern among researchers. To overcome this, a comparative study was carried out with a focus on the ADAM (The Advanced Data Acquisition Model) method and the NIST (National Institute of Standards and Technology) method. The goal is to identify the most effective investigative process to deal with cyber attack incidents on both the server and client side of cloud computing services. By testing these methods in a network that is built on private cloud computing services, then the results from this research include the weaknesses and strengths of the ADAM and NIST methods are found when applied to cloud computing case studies and these have not been identified in previous research, then produce recommendations for investigators when conducting investigations on case studies on cloud computing, and in this study managed to find a bug in the ownCloud application version 10.9.1. Then this study also aims to provide researchers with valuable references to carry out analysis and assessment in the investigative process, where standardization is still an unresolved issue.