Abstract:
Cloud computing is the most demanding technology and is widely used all over the world. It provides on-demand services to industries and individual consumers. It includes the capability of a cloud in providing infrastructure-as-a-service (IaaS) where organizations shift their whole business to a virtual environment and pay the cloud service provider (CSP) rent for their services. Other than potential users attackers have also started using cloud services to launch massive attacks and committing cybercrimes.
Digital forensic experts use a traditional approach where investigator collect the evidence from the resources having physical access of particular source. In the case of cloud computing data is being stored on remote servers within the different jurisdiction where they have no physical access to servers, logs and to the data. This makes a great challenge for forensic experts in acquiring the evidence to solve a particular case. For this scenario, an investigator needs to collaborate with the service provider for the acquisition of data. Also, the verifiable chain of custody which will be presented to the court becomes a challenge.
Considerable work has been proposed over the last few years on evidence acquisition in cloud infrastructure, however verifiable chain of custody in the cloud is still an issue. Existing literature explains about evidence acquisition from remote places in the cloud and they focused on discussing the future perspective of maintaining chain of custody. Researchers have an emphasis on working in this domain but few have presented the methodology in this regard.
In this thesis, we have proposed a framework which will provide a solution to acquire the evidence from the cloud and will also provide the chain of custody. The evidence acquisition activity will be performed by the organization and will be forwarded to the forensic investigators with a complete chain of custody which can be trusted and can be presented in a court of law.
