Abstract
Cloud computing environments add an inherent layer of complication to a digital forensic investigation. The content of this article explores current forensic acquisition processes, how current processes need to be modified for cloud investigations, and what new acquisition methods can help when it is necessary to garner evidence from a cloud computing-based environment. A section will be included that provides a recommendation on how to acquire evidence from cloud-based environments while maintaining chain of custody. A final section will include recommendations for additional areas of research in the area of investigating cloud computing environments and acquiring cloud computing-based evidence.
TopBackground
Cloud Computing Environments
Cloud computing is encompassed in the capabilities of almost all existing technologies. The cloud market is growing at a rate of 20 percent to 25 percent a year, and reached a size of $127 billion dollars in 2018. Approximately 30 percent of worldwide enterprise applications are offered via the cloud (Kathuria, Mann, Khuntia, Saldanha, & Kauffman, 2018). The concept behind cloud computing is a production environment in which resources and software services do not function locally. Instead, the Internet or the internal network of an organization seamlessly connects numerous host machines running on a virtualized platform (Skemp, 2019).
Joe-Wong and Sen (2018) provide a general layered architecture of cloud infrastructures as a basic model by classifying the architecture into three abstract layers using two models: deployment and service, along with a set of characteristics. The layers from the bottom up are infrastructure, platform, and application. The infrastructure layer provides fundamental computing resources such as processing, storage, and networks. The platform layer delivers higher-level services and abstractions for integration of the ability to perform application functions in the environment. The application layer allows the capability for applications as a service (AaaS).
These three layers are further broken down into service models, deployment models, and attributes. The three well-recognized cloud service models are infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS). The four cloud deployment models are community, hybrid, public, and private. The attributes consist of measured and on-demand self-service, resource pooling, rapid elasticity, and broad network access. This is the exact layered architecture outlined by National Institute of Standards and Technology (NIST) in the final issuance of the cloud computing definition dated September 2011.
Key Terms in this Chapter
Service-Level Agreement (SLA).: An SLA is a binding contract between service providers and purchasing organizations that specifies the service parameters and recourse if an unexpected business interruption occurs.
Platform as a Service (PaaS): PaaS is an Internet delivered virtual environment in which the service provider supplies cloud platform services that include the operating system and other platform-associated services.
Elasticity: Elasticity is the dynamic allocation of cloud resources so that an organization can use the exact amount of resources required during any given time period.
Infrastructure as a Service (IaaS): IaaS is an Internet delivered virtual environment in which the service provider supplies cloud infrastructure services that can include software, hardware, and networking equipment.
Virtual or Virtualized: Virtual or virtualized is a term used to explain the process of running an environment other than the native computing environment.
Cloud Computing: Cloud computing is an environment in which the Internet or the internal network of an organization seamlessly connects numerous host machines running on a virtualized platform to provide resources and software services.
Multitenancy: Multitenancy is a software architecture in which one server hosts a multitude of different virtual environments for unrelated organizations, or tenants.
Digital forensics: Digital forensics is the division of forensic science that focuses on investigating and analyzing information artifacts located on digital devices involved in computer crime cases.
Software as a Service (SaaS): SaaS is an Internet delivered virtual environment in which the service provider supplies commercial applications, eliminating associated purchasing and installation costs for the organization.