AbstractsComputer Science

Cloud computing is an emerging model that separates application and information resources from the underlying infrastructure, and the mechanisms used to deliver them. The elastic nature, cost effective price and convenient connectivity make the cloud become more and more attractive as a storage medium for digital forensic investigators. The increasing volumes of data are also a driver for investigators use of a cloud for storing evidence and performing analysis. However, because of the distributed nature of the cloud (Cruz, & Atkison, 2011, p.306), data stored in the cloud may likely be divided into smaller chunks and placed at different data centres all over the globe. Moreover, the dynamic and remote nature of the cloud, make data relocating from data centre to data centre. Hence, data may be constantly compressed and resized. Thus, it is possible that data may be lost during the transmission; or compromised by attacks in the cloud. Furthermore, redundant storage in multiple jurisdictions (Yan, 2011, p.612) and the lack of transparent real-time information about where data is stored introduces judicial issues and further complications for investigations. Virtualisation also impacts on the privacy of other users (Dahbur, & Mohammad, 2011, p.2) of the cloud. To maintain information security, organisations can encrypt data before storing them in the Cloud; and then decrypt after retrieving the data from the Cloud. The key challenges that a digital investigator is facing before committing to the cloud, is how to ensure that the security of evidence data will be maintained; and privacy will be protected in order to fulfil digital forensic investigation principles. Although solutions such as Hou, Uehara, Yiu, & Hui (2011, p.378) have been proposed to use homomorphic encryption to protect innocent evidence data from being exposed; they are, however, more suited in a relatively static database environment, and the feasibility and performance of such solutions in a public cloud are still yet to be studied and evaluated. To maintain information security, organisations can encrypt data before storing them in the Cloud; and decrypt after retrieving the data from the Cloud. The research will identify, analyse and evaluate whether or not modern encryption algorithms can be used in providing data security and persevering privacy for digital forensic investigation evidence data stored in the cloud. To conduct the proposed research, a trial system was created in a lab controlled environment to simulate commercial situations where data will be relocated and distributed. The normal operation of the trial system was documented as the semi-trusted Storage-as-a-service cloud, in which stored digital forensic investigation data were scattered. Hence, the integrity, confidentiality and availability of digital forensic investigation data were stressed. Then experimental data generated during the research were collected and analysed, in order to test the robustness and performances of selected encryption tools. The methodology…