Cloud Forensics (Enterprise Cloud Log Audit Trail Framework )

Abstract

Cloud forensic refers to the digital forensic investigations performed in cloud computing environment. Cloud related services and data storage migration by organization has resulted to logs trail for digital investigations in computing and any potential crime using the digital forensic evidence from a virtual environment (VM) that is hosting several operating system using various system platform and hardware plates distributed across several locations e.g hypervisor event logs from different applications. It is evidenced that in cloud digital log forensics, work on the forensic reconstruction of evidence on VM hosts system is required to ascertain the activities within the said host ,though with the complexity and heterogeneous involved with a private enterprise cloud, not to mention public cloud distributed environments, there is a possible Web Services-centric approach which may be required for such log supported investigations and which can be achieved through logs audit trail framework. A data cloud log forensics audit trail framework for this type of forensic examination and data comparison needs to allow for the reconstruction of transactions spanning multiple Virtual environment hosts, platforms and applications. This research project paper will explores the requirements of a cloud log forensics framework for performing effective private cloud forensics investigations which will give a lead and can be used in law enforcement. The framework will be important and necessary in order to develop investigative and forensic auditing tools and techniques for use in cloud based log-centric virtual environment through the audit trail logs from the log controller server and web interface. Cloud computing services is currently one of the most fast growing trans-formative technologies in the history of computing technologies which has revolutionize the world in the current times. Cloud service providers and customers have yet to establish adequate forensic capabilities that can be used to support investigations of criminal activities in the cloud due to the fact that most of the Service Level Agreement are signed with the third parties who are normally not controlled neither by the providers or the customers. 1 There is need for a growing understanding of how to conduct digital forensic analysis on cloud devices by the providers and clients for proper logs audit trails. However, there is little understanding of how to apply digital forensic methodologies in Cloud computing because of its dynamism, and even less understanding in how to apply forensic methodologies in Cloud investigation by the forensic experts. The aim of this project is to identify the challenges of Cloud computing forensics and come up with a framework to test current cloud computing forensic tools, methodologies and procedures with a clear indicative solution which can be applied across all the platforms universally. “Both Encryption and cloud computing threaten forensic visibility in much the same way. No matter whichever way critical information is stored in an unidentified server “somewhere in the cloud” or stored on the subject’s hard drive inside a True Crypt volume, these technologies deny investigators access to the case data. While neither technology is invincible, both require time and frequently luck to circumvent” (Casey and Stellatos, 2008). Cloud computing in particular may make it impossible to perform basic forensic steps of data preservation and isolation on systems of forensic interest.