Skip to main content
SpringerLink
Log in

An insight into cloud forensic readiness by leading cloud service providers: a survey

  • Regular Paper
  • Published:
Computing Aims and scope Submit manuscript

Abstract

In today’s digital world, it is hard to imagine the Information Technology field without cloud computing as it saves millions of dollars every year and enables it to focus on its core business rather than on managing complex computing infrastructure. However, the adoption of the cloud opens the window for cloud crimes. Hence, cloud forensics is the need of the hour. Law Enforcement Agencies (LEAs) have to depend on Cloud Service Providers (CSPs) for investigating cloud crimes. Unfortunately, the LEAs are not aware of the forensic procedures implemented by the CSPs, nor are the details corresponding to forensic procedures are properly documented by the CSPs. This paper aims to study the forensic readiness of the leading CSPs and present their forensic workflow. We also compared these CSPs against various parameters based on the cloud services provisioned by them for forensics. The recent research published in this domain lists the challenges of cloud forensics and describes the proposed solutions. However, the current forensic procedures implemented by the leading CSPs have not been detailed in any of these papers. Thus, we believe that this survey would help the LEAs, forensic experts, security analysts, and first incident responders with an insight on the current forensic procedures implemented by the leading CSPs and help them in their investigation, designing standard operating procedures, etc.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

Availability of data and material

Not applicable.

Code availability

Not applicable.

References

  1. CapitalOne (2019) Capital one announces data security incident. https://www.capitalone.com/about/newsroom/capital-one-announces-data-security-incident/

  2. Saroha A (2020) U.S. pharma giant suffers data breach, exposes private data of drug users. https://www.thehindu.com/sci-tech/technology/ us-pharma-giant-suffers-data-breach-exposes-private-data-of-drug-users /article32918868.ecel

  3. Amazon (2021) Amazon law enforcement guidelines. https://d1.awsstatic.com/certifications/Amazon_LawEnforcement_Guidelines.pdf

  4. Microsoft (2021) Corporate social responsibility. https://www.microsoft.com/en-us/corporate-responsibility/us-national-security -orders-report ? activetab=pivot_1:primaryr3

  5. Google (2021) Google transparency report. https://transparencyreport.google.com/user-data/us-national-security?hl=en

  6. Garfinkel SL (2010) Digital forensics research: the next 10 years. Digit Investig 7:S64–S73. https://doi.org/10.1016/j.diin.2010.05.009

    Article  Google Scholar 

  7. Simou S, Kalloniatis C, Gritzalis S, Mouratidis H (2016) A survey on cloud forensics challenges and solutions. Secur Commun Netw 9(18):6285–6314. https://doi.org/10.1002/sec.1688

    Article  Google Scholar 

  8. Dykstra J, Sherman AT (2011) Understanding issues in cloud forensics: two hypothetical case studies. UMBC Computer Science and Electrical Engineering Department

  9. Zawoad S, Hasan R (2013) Cloud forensics: a meta-study of challenges, approaches, and open problems. arXiv preprint arXiv:1302.6312https://arxiv.org/pdf/1302.6312.pdf

  10. Ruan K, Carthy J, Kechadi T, Baggili I (2013) Cloud forensics definitions and critical criteria for cloud forensic capability: an overview of survey results. Digit Investig 10(1):34–43. https://doi.org/10.1016/j.diin.2013.02.004

    Article  Google Scholar 

  11. Martini B, Choo KKR (2014) Cloud forensic technical challenges and solutions: a snapshot. IEEE Cloud Comput 1(4):20–25. https://doi.org/10.1109/MCC.2014.69

    Article  Google Scholar 

  12. Group NCCFSW et al (2014) Nist cloud computing forensic science challenges. Technical report, National Institute of Standards and Technology

  13. Herman M, Iorga M, Salim AM, Jackson RH, Hurst MR, Leo R, Lee R, Landreville NM, Mishra AK, Wang Y et al (2020) Nist cloud computing forensic science challenges. Technical report, National Institute of Standards and Technology, https://doi.org/10.6028/NIST.IR.8006

  14. Manral B, Somani G, Choo KKR, Conti M, Gaur MS (2019) A systematic survey on cloud forensics challenges, solutions, and future directions. ACM Comput Surv (CSUR) 52(6):1–38. https://doi.org/10.1145/3361216

    Article  Google Scholar 

  15. Pichan A, Lazarescu M, Soh ST (2015) Cloud forensics: technical challenges, solutions and comparative analysis. Digit Investig 13:38–57. https://doi.org/10.1016/j.diin.2015.03.002

    Article  Google Scholar 

  16. Ruan K, Carthy J, Kechadi T, Crosbie M (2011) Cloud forensics. In: IFIP international conference on digital forensics. Springer, pp 35–46

  17. Raj B, Bob G, Dennis S, David W, Ji K (2020) Magic quadrant for cloud infrastructure as a service, worldwide. https://www.gartner.com/en/documents/3989743/magic-quadrant-for-cloud-infrastructure-and-platform-ser

  18. Amazon (2020) Simplify security incident response and digital forensics on aws. https://aws.amazon.com/mp/scenarios/security/forensics/

  19. Barry Conway MA (2019) Automated forensics and incident response on aws. https://anz-resources.awscloud.com/aws-summit-sydney-2019-secure/automated-forensics-and-incident-response-on-aws-3

  20. Ben Ridgway FS (2016) Microsoft azure security response in the cloud. https://gallery.technet.microsoft.com/azure-security-response-in-dd18c678/file/150826/4/MicrosoftAzureSecurityResponseinthecloud.pdf

  21. Microsoft (2020) Computer forensics in azure. https://docs.microsoft.com/en-us/azure/architecture/example-scenario/forensics/

  22. Zuhuruddin S (2018) Cloud forensics. https://cloud.withgoogle.com/next18/sf/sessions/session/156791

  23. Khan S, Gani A, Wahab AWA, Bagiwa MA, Shiraz M, Khan SU, Buyya R, Zomaya AY (2016) Cloud log forensics: foundations, state of the art, and future directions. ACM Comput Surv (CSUR) 49(1):1–42. https://doi.org/10.1145/2906149

    Article  Google Scholar 

  24. Raju BK, Geethakumari G (2018) Timeline-based cloud event reconstruction framework for virtual machine artifacts. In: Progress in intelligent computing techniques: theory, practice, and applications. Springer, pp 31–42

  25. Raju BK, Gosala NB, Geethakumari G (2017) Closer: applying aggregation for effective event reconstruction of cloud service logs. In: Proceedings of the 11th international conference on ubiquitous information management and communication, pp 1–8. https://doi.org/10.1145/3022227.3022288

  26. Studiawan H, Sohel F, Payne C (2019) A survey on forensic investigation of operating system logs. Digit Investig 29:1–20. https://doi.org/10.1016/j.diin.2019.02.005

    Article  Google Scholar 

  27. Kwon H, Lee S, Jeong D (2020) User profiling via application usage pattern on digital devices for digital forensics. Expert Syst Appl 168:114488. https://doi.org/10.1016/j.eswa.2020.114488

    Article  Google Scholar 

  28. Amazon (2020) Amazon cloudwatch logs user guide. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

  29. Amazon (2020) Centralized logging. https://aws.amazon.com/solutions/implementations/centralized-logging/

  30. Amazon (2020) Collecting metrics and logs from amazon ec2 instances and on-premises servers with the cloudwatch agent. https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Install-CloudWatch-Agent.html

  31. Amazon (2020) Aws security incident response guide. https://d1.awsstatic.com/whitepapers/aws_security_incident_response.pdf

  32. Amazon (2020) Amazon cloudwatch features. https://aws.amazon.com/cloudwatch/features/

  33. Amazon (2016) Native aws security-logging capabilities. https://d0.awsstatic.com/aws-answers/AWS_Native_Security_Logging_Capabilities.pdf

  34. Assaf N (2017) How to protect data at rest with amazon ec2 instance store encryption. https://aws.amazon.com/blogs/security /how-to-protect- data-at-rest-with- amazon- ec2 -instance-store-encryption/

  35. Amazon (2020) Amazon cloudwatch logs. https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html

  36. Brian W, Rita, David C, Piyush M (2019) Azure monitor overview. https://docs.microsoft.com/en-us/azure/azure-monitor/overview

  37. Brian W, David C, Henry S, Swathi D (2021) Review of azure monitor agents. https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview

  38. Brian Wren DC (2021) Log analytics agent overview. https://docs.microsoft.com/en-us/azure/azure-monitor/agents/log-analytics-agent

  39. Azure (2021) Azure log analytics. https://azure.microsoft.com/en-in/blog/tag/log-analytics/

  40. Terry L, David C, Dennis L, Brian W, Dan M, Baldwin M, Barbara K (2019) Azure security logging and auditing. https://docs.microsoft.com/en-us/azure/security/fundamentals/log-audit

  41. Tamra M, David C, Mark H, Norm E (2020) Azure storage encryption for data at rest. https://docs.microsoft.com/en-us/azure/storage/common/storage-service-encryption

  42. Brian W, Swathi D, David C, Bharath N, Yossi Y (2020) Manage usage and costs with azure monitor logs. https://docs.microsoft.com/en-us/azure/azure-monitor/platform/manage-cost-storage

  43. Google (2020) Google cloud’s operations suite. https://cloud.google.com/products/operations

  44. Google (2020) Cloud logging documentation. https://cloud.google.com/logging/docs

  45. Google (2020) Cloud monitoring documentation. https://cloud.google.com/monitoring/docs

  46. Google (2020) Google available logs. https://cloud.google.com/logging/docs/view/available-logs

  47. Google (2020) Hashes and etags: best practices. https://cloud.google.com/storage/docs/hashes-etags#_CRC32C

  48. Google (2020) Encryption at rest in google cloud. https://cloud.google.com/security/encryption-at-rest/default-encryption

  49. Google (2020) Logs retention. https://cloud.google.com/logging/docs/storage

  50. Amazon (2020) How s3 object lock works. https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-overview.html#object-lock-legal-holds

  51. Microsoft (2020) Digital evidence capture. https://github.com/mspnp/solution-architectures/tree/master/forensics

  52. Microsoft (2018) Corporate social responsibility. https://azure.microsoft.com/en-in/blog/immutable-storage-for-azure-storage-blobs-now-generally-available/

  53. Google (2021) Google transparency report. https://cloud.google.com/storage/docs/object-holds

  54. Google (2020) Google rapid response. https://github.com/google/grr

  55. Google (2021) Identity and access management. https://cloud.google.com/iam/docs/overview

Download references

Funding

The authors did not receive support from any organization for the submitted work.

Author information

Authors and Affiliations

  1. School of Computer and Information Sciences, University of Hyderabad, Hyderabad, India

    Pranitha Sanda & Digambar Pawar

  2. Centre for Cloud Computing, Institute for Development and Research in Banking Technology, Hyderabad, India

    Pranitha Sanda & V. Radha

Authors
  1. Pranitha Sanda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Digambar Pawar
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. V. Radha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pranitha Sanda.

Ethics declarations

Conflict of interest

The authors have no conflicts of interest to declare that are relevant to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sanda, P., Pawar, D. & Radha, V. An insight into cloud forensic readiness by leading cloud service providers: a survey. Computing 104, 2005–2030 (2022). https://doi.org/10.1007/s00607-022-01077-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00607-022-01077-2

Keywords

Mathematics Subject Classification

Search

Navigation