A survey on issues in cloud forensics with an experiment on time consumption

Abstract

Forensic investigations on cloud platforms are an oft-discussed topic in current digital forensics. Significant growth in cloud platforms is expected in the coming decade. With such growth, cloud forensic investigations may require substantial changes in their approach. The paper surveys the most mentioned issues in cloud forensic literature. It is followed by a description of some of our current work aimed at solving those issues. The first issue that we tried to analyze was the issue of the trustworthiness of the evidence. We identified that the trustworthiness of the Cloud Service Providers is hardly discussed in the literature. Based on previous publications on similar issues on standalone computers, we provided an algorithm as an initial answer to the issue. The algorithm checks for the integrity of the evidence which will be affected in a tampering attempt. The next issue that we considered was time-taken for analysis (time complexity of forensic tools). While the issue has been indicated many times in the literature, we did not find many detailed experiments conducted with tools to observe the processing time over data source size. Therefore, the paper includes the results of an experiment that was performed using an Autopsy forensic tool to measure the time complexity of its operation with a number of source files with increasing sizes. Results indicated that the analyzing times usually increased with the size of the source file and that it might become unmanageable with increasing sizes.