Digital Forensic Framework for a Cloud Environment

The advent of cloud computing provides good opportunities for both good and malicious use. Cloud computing is at its infancy stage and its security is still an open research issue. Malicious users take advantage of the current lack of advanced security mechanisms in the cloud. Cloud computing paradigm enables users to access computing resources without necessarily owning physical infrastructures. It is therefore easy for an attacker who intends to perform malicious activities in the cloud to create a remotely hosted desktop, perform their activities and then destroy the desktop later. With the remotely hosted desktop destroyed, there is very little evidence left that can be collected by forensic experts using traditional static digital forensic methods. A scenario such as this therefore requires live digital forensic processes as a large amount of evidence can be gathered while the system is running. Key issues in cloud forensics include, but are not limited to, identity, encryption, and jurisdiction and data distribution. Digital forensic investigators currently face a challenge when criminal incidences occur as there are no well developed tools and procedures for conducting digital forensic investigations in the cloud. This paper proposes a novel framework that addresses issues of digital forensics in the cloud computing environment.