As cloud technology continues to evolve with vast amount of data being transmit daily, it has added another form of complexity in forensic investigation. It is very difficult to analyse system logs during forensic investigation as cloud service providers may not be willing to share their customers’ information with investigators. Furthermore a virtual machine set up in the cloud which hosts attacks might be shut down and thus logs associated with software and network access from the virtual machine would be lost. Additionally, cloud system logs transmitted over UDP or TCP packets without a robust encryption mechanism can be tampered. A further issue is that of dependency chains in the cloud where a user may use a service in one particular cloud, which in turn uses a service provided by another cloud
and so on. Time and location disparities add further to the complexity. In a traditional physical network, users have significant control on their service providers (ISP) through contract agreements and policies. Cloud users lose control due to their dependency on the services which in turn depend on other services. The keynote presentation will outline the difficulties of Cloud forensics and offer some solutions.

Published in: World Congress on Internet Security (WorldCIS-2017)

  • Date of Conference: 11-14 December 2017
  • DOI: 10.2053/WorldCIS.2017.0004
  • ISBN: 978-1-908320-81-0
  • Conference Location: University of Cambridge, UK