ISSN 2319 – 1953 International Journal of Scientific Research in Computer Science Applications and Management Studies

Digital Forensics in Cloud Computing Environment Santhosh B, Nelson Dsouza#2, Akash D Kumbhar*2 #1,Associate Professor, Dept of MCA,AIMIT, Mangaluru, Karnataka, India #2Department of MCA, AIMIT, Mangaluru, Karnataka, India

Abstract— The Internet is growing explosively, as is the • In a lawful manner, preserving, extracting, storing, analyzing number of crimes committed against or using computers. As a and presenting the evidence. response to the growth of computer crime, the field of computer • To gain an insight into the activities and techniques used by forensics has emerged. involves carefully cybercriminals. And find a counter way to solve the loopholes. collecting and examining electronic evidence that not only assesses the damage to a computer as a result of an electronic III. CHALLENGES AND RESEARCH GAPS attack, but also to recover lost information from such a system to prosecute a criminal. With the growing importance of computer The states not available, suspect and court ready becomes a security today and the seriousness of cybercrime, it is important challenge for cloud forensic investigator to recognize the data for computer professionals to understand the technology that is set for them. The increase in data storage capacity in a cloud used in computer forensics. This paper will discuss the need, goal is a disadvantage for a digital forensic investigation as it for computer forensics to be practiced in an effective, legal ways increases the time for analyzing the abundant data. and challenges. Forensics is the process of using scientific Lack of tools and little expertise in cloud forensics is of knowledge for collecting, analyzing and presenting evidence to concern, involves more challenging when encryption, multi- the courts. Forensics deals primarily with the recovery and analysis of latent evidence. jurisdiction and loss of data control are involved. The cloud organizations and cloud subscribers have to establish a cloud forensic capability; else, they are likely to face difficulties Keywords— , Cybersecurity, Virtualisation, during cloud forensic investigations i.e. policy violations and Hypervisors, Cloud Forensics. criminal intrusion. [1] I. INTRODUCTION The situation in the Cyberworld is worse and an ongoing Many things exist but often does not show their presence. war with consumers and criminals. Howard Shrobe, Director Like an engine that is hidden in a particular part of a vehicle, of Cybersecurity at MIT says "There are two kinds of digital evidence and traces are hidden and are not accessible companies today. Those that have experienced a security easily. Only those can comprehend who know to explore it. breach and those that don't know it yet." The sophistication of The Locard‘s Principle by states that ‗It is attacks is rising insanely with the skills required to do it impossible for the criminal to act, especially considering the falling even faster. But "Why is hacking so easy and security intensity of a crime, without leaving traces of his presence‘. so hard?" Hackers like Wakelam say "The defenders trying to The principle states that – there will be an exchange with two secure the computer networks have to close off every possible parties. Similarly, when an entity uses computers, traces of vulnerability. They have to get everything right, every time. activities are created and exchanged between the parties. The attackers just have to find one mistake." Digital Forensics Digital imprints are left in multiple places – on servers, on is the need of the hour. desktops, in switches and routers and also in the database. Unlike the real world forensics much more complex and As computers provide us with numerous benefits, it also extremely challenging, in exponential way. Internet, not being acts as a tool for criminals to commit cybercrimes. Cyber a monopoly of any nation is tough to follow under common crimes like hacking, fraud, credit card cloning, software laws. Hackers use proxy servers to exploit these piracy, virus/Trojan distribution, forgery, denial of service vulnerabilities which makes back tracing impossible. Also attacks(DoS), cyber terrorism, etc., are on the rise. Digital challenges like vastness of data at incident site and lack of Forensics, a field to tackle these activities and punish the skills to analyse it pose a major challenge in this field. Joe responsible Franzi, who heads up the Cyber Security Branch of Australia—says part of the problem is a skills shortage. ‗The II. GOALS demand for cybersecurity professionals is insatiable at the moment, and this is not just an Australian problem. It's a Digital forensics a branch of where global problem,' he says. Prevention is better than cure. More extraction and investigation of material found in digital than 90 percent of the attacks occur because of not following evidence of a crime. Cloud computing, a network of remote common security practices like changing passwords regularly, servers hosted on the Internet to store, manage, and process connecting to a trusted network, downloading untrusted files, data, rather than a local server or a personal computer. using insecure links etc. While a common citizen can The primary goals of Digital Forensics are: safeguard himself to some extent by following secure internet • Identification of criminal and unauthorized activities that is practices, in this world certainly all need many crew of not permissible under law in a given state. security professionals to fight the crisis that if not managed.[2]

IJSRCSAMS Volume 7, Issue 6 (November 2018) www.ijsrcsams.com

ISSN 2319 – 1953 International Journal of Scientific Research in Computer Science Applications and Management Studies

Digital forensics (sometimes known as digital forensic B.Virtual Environment Forensics science) is a branch of forensic science bounding the recovery Virtual Environment Forensics is a cross discipline between and investigation of material found in devices, usually related virtual environment and digital forensicsThere are two types to computer crime. A Digital forensic expert is like the wall of of investigations to collect the digital evidences from the the internet‘s fort. The technical aspect of an investigation is virtual environment as follows: divided into several sub-branches, relating to the type of Investigation of Dead Virtual Environments: In this type of digital devices involved; computer forensics, network investigation, digital investigators and examiners deal with forensics, forensic data analysis, and . virtual machine offline by acquiring hard drive of the virtual The typical forensic process bounds the seizure, forensic machine then performing investigation process to extract and acquisition and analysis of digital media and the production of analysis digital evidence which are collected from it. a report into evidence. Investigation of Live Virtual Environments: In this type of investigation, digital investigators and examiners deal with IV. DIGITAL FORENSICS IN VIRTUAL ENVIRONMENTS virtual machine online by acquiring volatile data of the virtual Nowadays virtualization technology has become important machine from memory which contains vital and valuable technologies for individuals and companies. The virtualization information that may help digital investigators to reconstruct technology has introduced many advantages like cost benefits an event about the committed crime. through decreasing number of different machines required and using the best utilization of hardware resources such as V. INVESTIGATING TYPES storage, processing and computing resources. In the virtual Over the past few decades, cybercrimes have increased to environment, the users can run multiple virtual machines very high rates which include corrupting the data, modifying inside a single physical computer or server to reduce costs and the data of unauthorized. The Aim of Digital forensic is to best utilization of available hardware resources through the find the crimes which are related to computer. It also includes use of virtualization technology. recovering corrupted files and recovering deleted files from Digital Forensics is the process of collecting, extracting and hided part of the hard disk where data are not affected and can recovery of digital evidence Digital forensic is defined at the be recovered[4]Digital Forensic sub-divided into sub-branches first Digital Forensic Research Workshop (DFRWS) as: ―The based on different digital devices like networks computers and use of scientifically derived and proven methods toward the other digital devices. preservation, collection, validation, identification, analysis, Computer Forensics: The main aim is to structure the interpretation, documentation, and presentation of digital unstructured data of the computer. It is very helpful to detect evidence derived from digital sources for the purpose of the crimes which are done on the computer. facilitating or furthering the reconstruction of events found to : The main aim of network forensics is to be criminal, or helping to anticipate unauthorized actions check and manage the network traffic and analysis in both shown to be disruptive to planned operations‖. network local as well as the internet. It performs evidence Virtual Environment Forensics cross between the virtual collection, pre-intrusion detection and post-intrusion detection environment and digital forensics also help in the methods so that we can analysis network crimes. investigation of cybercrimes in the virtual environment. Mobile Device Forensics: It focuses on things like A.Virtualization and Hypervisors identification of mobile data and collects evidence. Investigations aim at call and communications information With the help of Virtualization technology multiple virtual such as Sms and Emails. machines (VMs) which enable and help users to run in single Forensic Data Analysis: It focuses on ordered data with the physical computer/servers. The virtualization manager creates, aims to analyze patterns of false behaviour resulting from the manages and monitors these and simulates set of hardware financial crime. such as hard disk, processor, memory, and other hardware : Investigations are basically done on the components and software needed for each virtual machine. database. Investigations use database contents and files to Hypervisor has characteristics such as the hypervisor has full recover related information. control of managing and monitoring system resources, Investigative Mindset: It aims at interrogating multiple providing an environment for programs to run as running in complex data sets, understands their content and its the physical machine and these programs that run in this implications, and then presents the findings as evidence. environment have very little speed degradation compared Evidence Investigation Process: This evidence acquisition with the physical machine (i.e. host machine). Virtual specialist undergone various training for correct handling of Machines can be used for other purpose also such as testing evidence also they aware of evidence preservation. The development and education.In education virtual machines duplicate is created using imaging tool or drive duplicator. used for understanding how to use different type of Operating Evidence Analysis: There are different analysis tool one of System. In development virtual machines used for developing them is Microsoft‘s COFEE (Computer Online Forensic new applications.In testing virtual machine can be used as Evidence Extractor) with the help of tool forensic isolated environment to test new software applications [5] investigators extract evidence from a computer.

IJSRCSAMS Volume 7, Issue 6 (November 2018) www.ijsrcsams.com

ISSN 2319 – 1953 International Journal of Scientific Research in Computer Science Applications and Management Studies

Evidence Reporting: When an investigation is completed all the information‘s are recorded and reported. Using the COFEE report is generated. On this basis, conclusion is generated.

VI. CONCLUSION Digital forensics is required to counter cybercrime, unauthorized activities in cyberspace and punish the culprits through the legal process. Cybercrime is much more disastrous and has a vast effect than traditional crimes. Digital Forensics is a new field and gaining maturity with time and can be used efficiently to produce evidence in a lawful manner to punish criminals and to counter criminal activities. Since the crimes are on the rise with the use of digital technology and anyone can be a victim of it. Such a rise in crime can be tackled with the use of digital forensics. With exponential advancement in technology, the security has to be kept in pace with it. Cloud computing is the next generation technology which needs more attention for securing the precious data from the crimes. In this paper the goals of the Digital Forensics, challenges for Digital forensics in Cloud Computing, research gaps along with the types of investigation for digital forensics have been identified.

REFERENCES [1] Mark Tangiwai Mathew Piwari, ―Digital Forensics in the Cloud: The reliability and Integrity of the Evidence Gathering Process.‖ M. Eng. thesis,Auckland University of technology, Auckland, New Zealand. [2] Sandeep Godbole, ―Digital Forensics – An Enabler.‖ CSI Communications - Digital Forensics. Volume No. 39 [3] Gobi Ramasamy, ―Digital Forensics: Need of the hour.‖ CSI Communications - Digital Forensics. Volume No. 39. [4] K.Nithya, M.Saranya, ―Overview of Digital Forensics Investigation.‖CSI Communications - Digital Forensics. Volume No. 39. [5] Ezz El-Din Hemdan, Manjaiah D.H., ―Digital Forensics in Virtual Environment.‖CSI Communications - Digital Forensics. Volume No. 39.

IJSRCSAMS Volume 7, Issue 6 (November 2018) www.ijsrcsams.com