Abstract:
Cloud computing is a relatively new computing paradigm that builds upon virtualisation
technologies to provide hardware, platforms and software as services over the
Internet. The cloud can be deployed in four basic deployment models namely private
cloud, community cloud, public cloud and hybrid cloud. Private cloud is owned and
utilised by a single organisation and may be hosted internally and by a third party.
The community clouds is meant for organisations with similar business interests, while
the public cloud is accessible to the general public over the Internet. The hybrid cloud
is a combination of any of the other cloud deployment models.All the cloud deployment
models are characterised by multi-tenancy, namely data belonging to multiple
users reside on the same physical host. Powering off a multi-tenant host would disrupt
co-hosted services in a physical host which would then affect their availability. This
affects other tenants that are not related to an incident. The cloud is distributed and
often spans multiple jurisdictions. Its distributed nature also prevents conventional
procedures for collecting evidence data and preservation. New approaches in conducting
digital forensic investigations are required. In this thesis, different dimensions of
digital forensic challenges brought by the advent of cloud computing are presented.
The extent to which traditional digital forensic approaches address the issue of digital
forensics in cloud environments are also presented. Digital forensic standards are considered
important in this thesis as they are an aspect that can contribute positively to
investigating cloud environments when multi-jurisdictional collaboration is required.
Standards can also enhance acceptability of digital forensic evidence gathered from
cloud environments. As a solution towards addressing issues of digital forensic investigation
in cloud environments, in this thesis the author presents standard procedures
that can be used to conduct a digital forensic investigation in cloud environments. To enable execution of these procedures, a cloud forensic service model is presented
that guides digital forensic investigators through a standardised collaborative process
of investigating cloud environments. Both proposed digital forensic procedures and
the service mentioned above were evaluated in a private cloud environment. Evaluation
results have shown that a collaborative environment can be used to investigated
cloud-based incident scenes in a standardised and cost efficient manner.
