Digital Forensic Readiness Architecture for Cloud Computing Systems

Abstract

Cloud computing underpins many of the current emergent and established technologies. As a result, cloud computing has an impact on many components of our daily lives, be it from online shopping and banking to usage of mobile apps. Because of this ubiquity, crime related to cloud systems is an ongoing concern. There are, however, many factors that, while enabling cloud systems to function, also make digital forensic investigations on such systems very challenging. While processes and standards are defined for digital forensics, these processes often do not work when applied to cloud systems. Forensic investigations are, by their nature, very disruptive to the operation of a system. This is often unacceptable in a cloud environment. One way to mitigate the risk of a forensic investigation is to proactively prepare for such an event by achieving forensic readiness. This leads to the research conducted for this dissertation. The central question is whether it possible to achieve forensic readiness in a cloud environment, so that a digital forensic investigation can be conducted with minimal or no disruption to the operation of said cloud environment. This dissertation examines the background information of cloud computing, digital forensics and software architecture in order to get a clear understanding of the various research domains. Five possible models for the acquisition of data in a cloud environment are proposed, using the NIST cloud reference architecture as a baseline. A full, technology neutral, architecture for a cloud forensics system is then generated. This architecture allows for the acquisition of forensic data within a cloud environment. The architecture ensures that the data is kept forensically stable and enables the proactive analysis of the captured data. Using one of the acquisition models, a proof of concept implementation is done of the architecture. Experiments are run to determine whether the system meets the set functional requirements and quality attributes to enable forensic readiness in a cloud system. The architecture and implementation are evaluated against the experimental results and possible improvements are suggested. The research is then concluded and possible future avenues of research in the field of cloud forensics are suggested.