Internet-based cloud technology is a network of remote data centers often placed beyond the country's legal frontiers worldwide. Contrary to the benefits of cloud computing, it is also a target of cybercriminals who may affect its resources on a larger scale by a single exploit. For protecting the cloud resources and increasing the confidence of cloud users, it is necessary to make one accountable for disrupting its services based on relevant evidence that proves someone's guilt in a court of law. In the literature, various frameworks have been presented for evidence collection against the attack on the cloud service for Cloud Service providers (CSP), but there is no framework for LEAs. Unfortunately, the evidence of a security breach in the cloud resides under the control of CSP, which is the sole custodian of cloud resources. However, the CSP does not fully cooperate with the investigators due to various legal, technical, and operational reasons. Hence the entire prosecution is dependent on the provision of evidence by the CSP, which is a great challenge for law enforcement around the world. The study's objective is to design a framework that mitigates the dependency of CSP by collecting the evidence of a security incident outside the cloud by colluding the Internet Service Providers (ISPs) and law Enforcement for a particular cloud service. The framework integrates the components that can detect the attack on a cloud service earlier at ISP and store the logs of the incident in a forensic server which can be used for forensics purposes as and when required.
Read full abstract