Title: A case study on major cloud platforms digital forensics readiness - are we there yet?
Authors: Ameer Pichan; Mihai Lazarescu; Sie Teng Soh
Addresses: School of Electrical Engineering, Computing and Mathematical Sciences, Curtin University, Bentley, Perth, WA 6102, Australia ' School of Electrical Engineering, Computing and Mathematical Sciences, Curtin University, Bentley, Perth, WA 6102, Australia ' School of Electrical Engineering, Computing and Mathematical Sciences, Curtin University, Bentley, Perth, WA 6102, Australia
Abstract: Digital forensics is a post crime activity, carried out to identify the culprit responsible for the crime. The forensic activity requires the crime evidence that are typically found in a log that stores the events. Therefore, the logs detailing user activities are a valuable and critical source of information for digital forensics in the cloud computing environment. Cloud service providers (CSPs) usually provide logging services which records the activities and events with varying level of details. In this work, we present a detailed and methodological study of the logging services provided by three major CSPs, i.e., Amazon Web Services, Microsoft Azure and Google Cloud Platform, to elicit their forensic compliance. Our work aims to measure the forensic readiness of the three cloud platforms using their prime log services. More specifically, this paper: 1) proposes a systematic approach that specifies the cloud forensic requirements; 2) uses a generic case study of crime incident to evaluate the digital forensic readiness. It shows how to extract the crime evidence from the logs and validate them against a set of forensic requirements; 3) identifies and quantifies the gaps which the CSPs failed to satisfy.
Keywords: cloud computing; cloud forensics; cloud log; evidence; forensic artefacts; digital investigation; digital forensics.
International Journal of Cloud Computing, 2022 Vol.11 No.3, pp.268 - 302
Received: 18 Dec 2019
Accepted: 09 Jan 2020
Published online: 15 Jul 2022 *