Cloud Computing Services and Infrastructure

Describe about the Case study for Computer Science and Digital Forensics.

A technology to provide services virtually to all their end-uses across the world is termed as the Cloud Computing by the experts and professionalist. Anything that is shared and received via internet facilities starting from the storing the data and information through e-mails or download some information from the internet resembles the cloud computing facilities. Martini and Choo (2012) depicts that, the primary objective for the enhancement of this technology is to provide the end-users the facility for not taking any external hard disks or storage device with them. These services allow the users and business organization to utilize software or the hardware provided to them form their respective organization that is managed by a third parties somewhere in the remote location. Cloud services are comprises of private cloud, community cloud, public cloud or hybrid cloud. Dykstra and Sherman  (2013) elaborates this terminology as, the cloud infrastructure is operated solely by a single individual and is manged by themselves or by a particular organization in a private cloud, whereas in the community cloud, the cloud service is utilized by several organization or a pool of infrastructure and is managed by a cloud service provider. Ultimately, the hybrid cloud technology is the combination of the two cloud facility defined above.

Privacy Threshold Assessment (PTA) and Privacy Impact Assessment (PIA) are the two procedures that cloud service provider can assess during the violation like disclosure or transference of any personal information (Alnemr et al. 2015). Every organization in order to fulfil the privacy obligation undertakes to protect these data form misuse, unauthorized information access or modification of the stored data in the cloud. Chen (2014) illustrates that, there are various legislations like Copyright Act 1968, Crime and Corruption Act 2001, Information Privacy Act 2009, Right to Information Act 2009 and Information Standard 18, 26, 34, 40, 44 for Information security, Internet, Metadata, Record Keeping, Information Asset Custodianship respectively. There are also some policies related with the cloud computing crime, these are the Administrative Access Scheme policy, ICT Information Management and Security Policy, Records Disposal Policy and Procedure, Right to Information Policy etc. Hooper et al. (2013) depict that all these legislations or regulation is against the violation of the cloud computing ethics and appropriate steps are taken against the intruder.

However, Grispos et al. (2013) denies the positive impact of the cloud computing technology by focussing on its negative consequences. With the increasing publicity and popularity of this modern technology, the greatest advantage that is the flexibility of this modern technology is highly misused by some of the person or intruder. Al Fahdi et al. (2013) also tells that they also intend to harm the community in numerous ways starting from the highly automated online banking theft to uploading malicious information in their personal database. This assignment is nevertheless is a comparative essay relying on two case studies that is based on the issues developed form the cloud computing crimes and their relevant measures to overcome the evolved circumstances and formulating a framework for accountability and trust in the concerned technology that is the could computing. The researcher also provide some examples regarding the dilemma raised by cloud computing and its consequences followed by appropriate solutions.

Laws and Regulations for Privacy and Security in Cloud Computing

In the year 2009, Information Technological professionals conducted a survey and found that 66% of the total IT industries are in favour of the fact to invest in the modern technologies like cloud computing (Ko and Choo 2015). It is also found that 71% of them strictly belief that the cost for this technology will grow in the upcoming years (Ko and Choo 2015). It is evident that the growth in the popularity of a technology also boosts the growth in number of crimes related to information technologies and that also gets enhanced with respect to all the previous years. As a consequence, a number of institutes correspondingly got established, who works for the imposing law enforcement against these crimes. Furthermore, Kerrigan (2013) portrays that the imposition of the law are based on the digital evidence that enable them to identify the perpetrators, the methods of the crime undertaken, the victims affected due to this crime and the timing of the computer crime in the cloud computing.

Digital forensic practitioners have to intensify their skills as well as their approach in cloud computing environment and also in the cloud costumers and organization for developing their capability and reducing the security risks.  Stated by the (), the definition of the cloud computing illustrates “Digital forensic is the application of science to the identification, examination, collection and analysis of data while preserving the information and maintain a strict chain of custody for the data”.

Image 1: Cloud Layers and Services

(Source: Aydin and Jacob 2013)

Cloud computing techniques offer a wide range of services on the daily basis and Storage-as-a-service where everyone can store data. One of the positive consequences arises when any intruder wants to infect the cloud-computing provider. The virtual infrastructure offers an alternative for constructing application prior to their top of the standard physical hardware, offering scalable, reliable and cost-effective infrastructure components while not investing in the hardware management cost as everything is stored virtually.

Image 2: Service layer provided by the cloud computing

(Source: Dykstra and Sherman 2012)

Image 3: Layers represents the Application, Platform and Infrastructure section

(Source: Espadas et al. 2013)

The forensic experts gives value to the service layer provided by the cloud computingfor conducting what values are to be provisioned. Software as a Service(SaaS), here the user can utilize the facility to use the provider’s cloud application executing on the cloud services. The intruder has the benefit for not maintain any cloud infrastructure and hence they can be able to put any adverse affect on the technology, where as in the Platform as a Service (PaaS)relies on the infrastructural layer of the virtual networking system. In this layer, the individuals does not need to manage the virtual machines; however, this layers allows them to create application in the existing API or programming language, Infrastructure as a service (IaaS) constructs an the virtualization layer by providing the users a virtual machines as a service to it user (Dykstra and Sherman 2012). These users can either create or remove the virtual machines at their own will instead of purchasing servers or hosted servers. In this way, the cloud computing technology offers the individual to eliminate the need regarding the procurement and operate in the physical servers, networking resources and the data storage system.

Cloud Computing Crimes and their Consequences

There are three so called dimension in this kind of forensics (Mahmood et al. 2015):

Pichan et al. (2015) illustrates that the first one is the Technical Dimension, which resembles the technical ability of the forensic experts that comprises of the set of tools and procedures required to carry out the digital forensic procedures. This approach reflects the data collection methodology, elastic/live or static forensic approach, evidence segregation, investigation for the identification of the crime and most importantly the pro-active preparation. The next dimension is the Organizational dimensions that enlighten the aspect for the presence of two parties, one is the consumers of the cloud service and the other is the Cloud Service Provider (CSP). The approach for the investigation gets widen up when this CSP outsources their service to other sources (Sushil and Chaudhary 2015). In order to accomplish this job, the organization needs to formulate a department that is crucial for supervising the internal and external matter to enrich the investigating capability of the investigators, IT professionals, legal advisors, externa, assistance and the incident handers.The last section of the dimension deals with the chain of dependencies. Ruan et al. (2012) portrays that there are numerous cloud Service Providers that are dependent on each other and these dependencies are highly dynamic in nature. High dynamicity means in such situation the investigation will occur by checking each link in the chain to maintain the complexity of the dependencies of each of the collaborators. Apart from the problem raised by some intruder, another negative consequence occurs when the interruption or corruption in any of those links or the situation even can be more worst if there is no coordination among these parties.

This assignment is based on the digital forensics that is somewhat different from the forensic odontology or anthropology. In the digital forensic, it encompasses a wide range of offensive activities or non-legal accomplishments. There are many professionals conducted and found that 61% of the modern civilization agreed on the benefits of the digital forensics while the remaining percentage doubts on the efficiency of the technology as both the legal and non-legal investigations uses the same software for the forensic activities. (Ruan et al. 2012) mentions that cloud computing being a new arrived technology thus its applicability is not yet found with much effective evidence. However, (Harrington 2014) also refutes the acceptance of this technology as cloud computing is itself a technology that provide the facility for data storage and preservation and hence it is impossible to perform isolation on system of forensics. Moreover, no solutions are presented when it comes to the violation of the legal complications in the cloud. 

The Need for Digital Forensics in a Cloud Computing Environment

Experts suggested some security practices concerning the cloud computing crimes. Simou,  et al. (2014) depicts that these steps are to identify the problems at the appropriate stage in a first go, the experts clearly defining their objectives by listing down the security priorities and challenges in order to resolve the difficult circumstances. The identification of the problem is then followed by the access control that is the security concern regarding the location of the stored data (Alqahtany et al. 2015). In order to maintain the security access control the authorities have to take effective steps regarding the authentic authorization of the individuals so that the cloud provider can track all the suspicious activities. Vulnerability testing is another aspect that can be taken as animportant ally in cloud security management (Daryabar et al. 2013).

(Fernandes et al. 2014) mention the ‘Notorious Nine’ that is related with the cloud computing crime and these are the measures that the system must have to avoid in order to resolves the malicious attack in their system. These nine factors comprise of data breaches in the cloud architecture for storing the data that are typically occurred when there is a flaw in the cloud application design (Sidhu 2013). Another consequence is the data loss, that occurred due to a malicious attack by some intruder like the one the researcher has opted that is to upload offensive videos or misuse the techniques of the cloud computing technology (Liu et al. 2015). These intruders hijack the cloud provider’s account with using the methodology of the phishing or fraud to attain the account details. Tang and Liu (2015 depicts that the chief factor for the occurrence of such circumstances can occur due to the insecure interface of the cloud provider in order to resolve the dilemma for authenticity, access control procedures and encryption of the important information.

Aydin and Jacob (2013) depicts that these intruder have the most innovative minds that they utilize in the non-legal work by denying the service access of the genuine consumers access. The dilemma occurs resembles the worst condition when the some member of the cloud provider team itself associated with such offensive activity for the data breaches. It is then difficult for the system to identify the intruder as these people themselves are aware of the system’s pitfalls and can cause harm to the community (Xiao and Xiao 2013). These persons are often termed as malicious insiders. Some hackers abuse the overall cloud service by using the limitless access of the available cloud resources to crack the encryption of the encrypted data. These intruders staged a DDoS attack that is impractical to resolve by the limited hardware (Negi et al. 2013).

Suggesting another aspect for the occurrence of the cloud computing crime, Shirkhedkar and Patil (2014) illustrate that lack of conscientiousness for the undertaken approach for the cloud-computing can also be the reason for the occurrence of the crime and failing to resolve the situation. This will cost the risk or rush in the migration procedures that can expose the information the organization’s information to others. Khorshed et al. 2012 depicts that another aspect is due to the community cloud method where a single cloud infrastructure is shared among many organizations. The primary pitfall of such system is that, not every organization work ethically with their collaborators and it is not easy for the management to identify their intention and prevent the future negative consequence (Khan et al. 2015). This scenario can be considered as one of the difficult situation as the organization has to share their vulnerable with the collaborative organization, which may results in a monumental consequence.

There are mainly three effective and efficient forensic activities,which experts follow to resolve digital crime. Firstly, there is Law Enforcement, who prioritizes the prosecution of the criminals while the organization prioritizes the availability of the service (Ko and Zaw 2015). There might be some situation when these two priorities clashes in the targeted organization. It is then the responsibility of both of them to coordinate with each other for a development of the effective mutual understanding and resources confiscation. Another forensic activity is the Third Parties. These third parties plays their role when it comes to the auditing in any adverse circumstances, then the organization must have to work with corporative (Zawoad and Hasan 2013). Academia is another aspect that any organization has to undertake to train theirstaffsso thatthey can very well identify what will be the consequences in occurrence of any adversity and they can enhance their capability to resolve those adverse circumstances with effectiveness.

In the first learning, the study based on the crime committed by a person named Polly, who transfers corrupted videos of child pornography by setting a cloud services to stores these large collection of video excerpts and also allows the users to load and upload such contraband videos and images anonymously. Klein (2014) depicts that the initiation of such a powerful technology developed with the help of the remote or multi-layered storage provides numerous opportunities for criminal behaviour like this.  Amazon Elastic Compute Cloud (EC2) is a web service that allows the users to hack the account of an individual by cracking their passwords very easily and cheaply and commit cyber-crime by providing resizable computing capacity in the cloud (Kranz et al. 2015). The intruder can also use the DAH architecture to transcode the video in the cloud. Polly in this circumstance uses this facility to store such offensive images and videos. The benefit of the cloud computing technology that is to store and use data for the cloud anonymously is misused by this person by contacting the cloud provider for suspending the offending services and violates the perseverance of the evidence. As tracking down the user is difficult in such a vast technology, there is an extreme less chance for Polly to get caught.

Image 4: Architecture for scheduling a video transcoding in Cloud Computing

Source: Kranz et al. 2015

The figure above illustrates the overall architecture of the DASH in the cloud. McDonald, (2014) mentions that, the server loads balancer accepts the video and assigns it to the HTTP server in a no time. There are some circumstances when an individual can upload a video with no time that is while taking the video itself. This can be done by connecting the media device with the cloud enabled equipment like android cloud. This enables any person to create crime by sharing these excerpts while not leaving any evidence for the credential of the intruder. The HTTP server then forwards the request with the video transcoding job in the job scheduler that stores the video in the repository (Mulazzani 2014). These job schedulers also maintain the queues for uploading the video in the cloud by using Pqueue methodology where an individual gets the facility to upload something in the cloud with high priority.

Another consequence is that these job schedulers have the ability to make a note of the time of transcoding and allows the job scheduler to upload the video segment and offers other non-encoded segment to fetch the desired segments form the cloud repository. The streaming procedure is done in the storage when all the desired performances are finished and the processor sends both the encrypted video segments and the MPD (Eggestein and Knapp 2014). Cyber-crime occurs in such scenario as these video segments contain some offensive materials that are banned or even non-acceptable in the society. However, there are some persons who intend to spread such crime and support these activities. According to Losavio,  et al. (2015) these persons are also termed as the mobile client sends a video retrieving, the web server forward the requested video to the desired location of the person. In such case, the streaming is occurred between the mobile client and the cloud repository.

According to the view point of Aminnezhad et al. (2012) the solution regarding this concerned circumstance is to develop a remote forensic agent like EnCase Enterprise that would help the Digital forensic experts to image the virtual machine and expose the intruder’s functionalities. However, this is rather a very challenging task to accomplish as the suspect’s credentials and functionality are unknown within the cloud. To overcome the situation the expert follow the conventional procedure that is to note down all the malicious websites and take necessary snapshots or video recording. Urias et al. (2014) illustrates that the expert can also track the credit card details of some individuals, who desire to pay money for downloading those videos. Another scenario suggested tracking down the timing of the uploading and retrieving the video segments as these details are available on the cloud storage. These timing gets noticed down by the cloud provider servers and hence can be utilized by the experts for the investigation purpose. Such Cloud subscriber information or provider access log-ins details or NetFlow logs enable the Digital Forensic experts to achieve some relevant information of the intruder (Dara 2014). Appropriate Law enforcement will be charged against those persons.

The solution regarding the first scenario, where Polly is spreading crime by uploading videos on child pornography in the cloud and creates hassle for the common being. Forensics experts often suggested for blocking those websites or by avoiding such location in order to get unaffected form such offensive activities. These activities can be resolved by proper investigation, where the experts utilize the cloud crime policy regulation in multi-jurisdictional and multi-tenant environments (Graham et al. 2014). Further steps can be taken on the suspicious activities of the intruder on very transactions; operations and cloud incident response.The experts of the digital forensics can further carry out these investigationsto punish Polly according to the punishable activity. The forensic experts can accesses the offending websites and take the necessary snapshots as a collection of the evidence and saving the address of the homepage outside the website.

The next step that the experts can perform is the troubleshooting for finding data and hosts physically and virtually in the cloud provider environment. The forensic expert then determine the root cause for the occurrence of the activity Polly has created and then train their staffs accordingly to resolve similar circumstances in the future. Dinh et al. (2013) portrays that this will help those staffs to identify the main reason for the adversity and can recognize the best possible solution with their acquired knowledge and experience. This will also enable the staff’s capability or handle the security incidents in the cloud environments as well as the solving any functional and operational issues in the concerned system.

The examiner in the state of affairs of the Polly wants to illustrate on the fact how web service works. The very first ting that the researcher desires to depicts whether there is any difference between conventional web services and the cloud services.Until the revolution of the cloud computing technology, people follow the traditional web services that provide developers the methodology for integrating Web applications on the internet. The standard that is used by the users to tag data, transfer and describe the list services are available using by the means of XML, SOAP, UDDI and WSDL. These methodologies allows the user to share data while not sharing data without having direct access of knowledge of system beyond thefirewall that is use to protect the system fromthe unauthorized or malicious access. API performs as the communicators in the web application services and confirms the interface between each other and the concerned link to Graphical User Interface (GUI) to offer end-user applications.

Previously, unless and until a trading procedure has a convincing reason for not maintain their data and information, the concerned business use web services. Thus, to overcome the scenario, the cloud service has been initiated to provide the data storage capacity and access, security, scalability and the required updates. These services are the backbone of the conventional web services and help them to function. One of the famous procedurethat is used for the encryption of the data that is used in the cloud computing technology is the Amazon EBS Encryption. Zawoad and Hasan (2015) illustrates that this technology enables the system for simple encryption of the installed data and the EBS volumes so that it is difficult of the common people to hack it or to harm itinthe initial stages. This procedure gains the popularity,as the individual does not need to formulate, maintain and thinks for the security of their key management infrastructure. Wherever, a user creates an encrypted EBS volume and perform the attachment in order to provide support the instant type, the following data are encrypted by the cloud service providers:

-The volume of the data that is rest inside the file that is given by the user for encryption

-All the pictorial images created for the volume

-The input and output disk

Image 5: procedure of data encryption and data decryption in the Cloud System

(Source: Grahamn et al. 2014)

The encryption is performed on the servers that the EC2 illustrates, and then the data-in-transit form Amazon EC2 provides the encryption of the data to EBS Storage. This technology uses the AWS Key management also known as AWS KMS and customer master keys (CMK) while formulating encrypted volume (Son et al. 2013). This may incur some snapshots or the video excerpts from the encrypted volumes. Likewise, in the scenario, Polly uses the child pornography videos to encrypt and send it to the cloud server.When the user encrypts any data for the first time, a default CMK is created automatically. Unless the user created a CMK separately according to their requirements, the created key is used by the Amazon EBS encryption (Rowe 2016). The personalised key provides more flexibility added with the further facility like the ability to generate, rotate, immobilize, define access controls and audit the encryption keys.

The Amazon EBS encryption also provides encryption feature for the snapshots ofthe encrypted volumes. Snapshot taken and volume created are automatically encrypted and they are said to be protected from intruders. The researcher also depicts the detailed procedure for the encryption key management. Each key that is created or the newly created volume has a unique 256-bit key; furthermore, any video that is included in this volume or any malicious volume that is itself created by the video excerpts also shares the same key. These data and its associated keys are encrypted by using the industry standard AES-256 algorithm (Rowe 2016). The advantage that Polly had taken is that it is not possible to change the CMK key volume that is already associated by those pornography videos that the individual intends to inject in the cloud server. In such scenario, the forensic experts can utilize an alternate procedure for creating a copy of the infected file, in this way, they can change the value of the CMK and can utilize it to track down the history of the intruder and can enable the experts to identify the intruder and their motive (Zawoad and Hasan 2015). This technology also uses the Federal Information Processing Standards (FIPS) 140-2 that is an approved cryptographic algorithm. The volume encryption keys are also used in the memory on the cloud server, which can never be stored in the disk through plain text.

Image 6: Encrypted Data Storage

(Source: Damshenas et al. 2013)

Yusoff et al. 2014) illustrates the procedure of the encrypted data Storage. Here in this image the stored video excerpts splits into the source file in the clock of 128 characters and encrypt everything. Firstly, the digital forensic team also known as the Third parties Auditor calculate the Block Status Table (BST) that is the small structure used to access the outsourced encrypted file from the cloud service provider (CSP). Secondly, the authorized investigators send the data access request to the cloud server. Thirdly, the third parties auditor verifies the authenticity of the user that further can be taken as the procedure for implementing the solution regarding the uploading of the child pornography videos (Damshenas et al. 2013). Fourthly, the created hash tables and the encrypted file are then sending to the user in order to provide them the desired file they are looking for. After that in the fifth step, the cloud service provider sends these tables to the user. In the sixth step the user verifies the file and the hash table provided to them whether it is the desired file or not. If so, then the BST and the encrypted files are received from the cloud server and then verify with the hash values received from the forensic experts (Damshenas et al. 2013). The last step comprises of the scenario when both the values get identifies and verified and further procedures are undertaken for receiving a data encryption key and performs the desired data blocks.

The decryption of a code comprises of the following procedures. Whenever an individual selects a file to read or requires editing something from the shared folder from the cloud provider services, decryption of the file is necessary. Ali et al. (2014) depicts that, the requirement of the decryption is essential, as there are millions of file stored by the millions of people in the cloud services. As a consequence, the experts formulated a procedure where all the files gets encrypted that is only understands by the programed cloud technology and those same files gets decrypted whenever the individual wants to download the same file. The intermediate functionalities remain hidden from the users that allow them to utilize the system with ease and without difficulty. Exampling the procedure of the decryption of the data, whenever the client tries to download any file from the cloud server, the running application looks for the situation whether the login credentials are present in the encrypted file header in the first attempt. The step is to group names in the file header in order to identify whether there is any match with the login credentials that belongs to the user groups. The procedure for decryption of the files is programed in such a way that if the system found any match between the login user groups and the present group in the cloud infrastructure. After that, the user will get the private key for that group and after using the files after the work gets accomplished, the entire application automatically flush for the memory. Ma et al. (2015) portrays that the File Encrypted Key (FEK) also termed as the systematic key will be decrypted accordingly with the help of the private key, otherwise an error message got popped up like “files cannot be decrypted”. In the former stage, for the encryption of a certain file the systematic key is used, the encrypted coding is decrypted by using the File Encrypted Key (FEK). Message Authentic Code (MAC) is the content of the file that is created after the decryption of the file. Ali et al. (2014)  also depicts that after these steps, the application executing at the clients end queries the cloud provider services whether the created message authentic Code generated and the previously saved Message Authentic Codes are identical or not. These queries can be made from the internal cloud server with the help of the file ids.

Another negative consequence that can be related with the Polly’s case is that those files are corrupted in terms of their contents. However, it is difficult for anyone to demine that in the first attempt. These files contain some code depending on which the cloud also gets the corruptness of the file after getting investigation by some forensic experts (Reichert et al. 2014). Whenever, the generated MAC and the saved MAC code in the cloud server does not match an error message “corrupted file” is shown to the user. This can be used as evidence by the forensics regarding the offensive activity of the intruder. However, concerning the alternative aspect that is when the MAC code gets matched the cloud server checks for the present database form their side to match the login details and the content of the files also. In this way, the experts can able to attain the intruder’s details and can punish them according to the severity of their crime. (McGrew 2014) also emphasizes on the modification of these details that relies on the fact that whether the file opened by the user either the intruder or the digital forensics experts in the read mode or not. The user cannot get the privilege to alter the details if the file is opened in the read mode; however, in the write mode the user can change the details by either adding or deleting the content of the file that reflects the changes in the future.

The second scenario that is depicted in the first academic paper is regarding a hacker named Mallory, who intends to exploit random individuals by placing a malicious webpage in the cloud provider system (TaheriMonfared 2015). Mallory accomplishes this crime by using a rootkit that is programmed to inject the malicious Hyper Text Mark-up Language (HTML) pages on their used webpages while hiding the offensive activities from the operative system. This crime is different than the first case study as in this section the victim is the computer system rather than some individual like in the first case study. Buzz Coffee shop is the concerned area where this crime is developing without the knowledge of the managing authorities of the coffee shop and hence they decided to conduct an investigation for tracking down the occurrence of such malicious activities. McGrew (2014) illustrates that ACM. Those investigation teams advocated the situation by constructing the cloud provider from a secured cannel and trying to retrieve the required credentials and source files. The main issue regarding this scenario is that after receiving the files by the forensics nothing suspicious items are found in those files as those things are hidden from the operating system of the coffee shop. The circumstance gets worse when everyone gets the hint of the occurrences of the malicious activity; however, no such prove of that is found by the experts. To resolve the situation, the method of NetFlow logs is being undertaken that have the capability to collect IP address of the main computer from where the entire activity is preceded by Mallory.

(Graham et al. 2014) illustrate the characteristics of the NetFlow logs that they can identify the source and the destination IP traffic and the class of the service accessed by the targeted computer.

Image 7: NetFlow Architecture

(Source: Graham et al. 2014)

The setup NetFlow comprises of three components that the researcher inked with the problem evolved in the case study given. They are:

Flow exporter: Proceeding with this way the experts can able to collect the packet flow that the intruder is injecting in the Buzz Coffee Shop’s website and also exports these packets towards one or more collectors.

Flow Collector: These are the websites or the victim’s those are targeted by the intruder for affecting them with malwares in their computer system. These are the packets that are received by the consumers and the experts have the evidence of these situations while having no knowledge regarding the initiation of such websites.

Analysis Application: This is the main area where the forensic experts have to acknowledge their expertise by identifying or analysing the source IP address in order to resolve the adverse situation by intrusion detection or traffic profiling.

Another aspect when a website gets attacked by the malware is by uploading some infected files. These files contain malicious code often called as virus, Trojan Horses or malware (Dlamini et al. 2014). In the second scenario where the Mallory spreads such activity may be possibly dine by hiding these codes inside an image files that is very difficult to find; however, the code is executed and the intruder gets successful in their activities when the common user of the web services is infected just by opening the file image. TUREL (2013) also depicts the scenario where if the forensic experts follows a certain path say a specific URL, it is equally dangerous as these files gets easily executed immediately after downloading the files.

According to the view point of (Patrascu and Patriciu 2013), the experts can proceed with some steps in order to identify the intruder. These steps comprise of the whitelist of the allowed file types that creates hassle in the common being of the Buzz Coffee Shop. Proceeding in this way, the experts can be aware of the type of the infected files and taking proper measures these retrieving procedures can be rejected depending on their approval types.  Those whitelisted websites are very crucial in terms of identifying the intruder with an effective architecture of the computer system used by the experts. The system they opt is either a client or server-side input validation for ensuring the circumvention techniques that is avoided by the programmers by rejected the bypassing of those white listed malicious webpages (Khan et al. 2014). Another preventive measure that can be taken by the forensic experts that is to set the directory of the downloaded files outside the website root. In this way, the malicious contents in the form of image file can be prohibited for further adversity. The adverse circumstances also arise due to the same name of the file of two different files.

Exampling a scenario, where there is a normal file having the name XYZ and also a malicious file injected by the intruder on the cloud with the same name XYZ. This situation can be happen intentionally by the intruder or by un-internationally. Common individual when tries to download their respective file, it may get infected by the malware name with the same file. These experts often suggested openingthe files by passing it through antivirus software in order to avoid any suspicious file present in the downloaded folder. However, these techniques cannot guarantee the genuineness of the downloaded files every time; the experts are continuously trying to work for the better solution for the files present in the cloud server.

Moreover, in the second paper that is provided for this assignment also enlightens the challenges concerning the event that is created by the Mallory. These challenges are termed as the Evidence segregation and it is quite difficult even for the experts to resolve. Povar and Geethakumari (2016) mention that, in the challenge the various instances of virtual machines are executing on the same physical machine. These virtual machines are isolated from each other through hypervisor.  This isolation is done in such a way that it seems like they are on completely a separate location. In this circumstance, it is rather difficult for the forensic experts to access to other physical machines despite of the fact that they are hosted by the same physical entity. Moreover, Patrascu and Patriciu (2013) depicts that the betterment in this scenario that the cloud-computing technicians can implement is to improve the provisioning and the de-provisioning in their technology in order to allow the providers and law enforcement agents to maintain the segregation without breaching the ethical consideration by sharing the same physical hardware.

In the case study given for the Mallory, were the malevolent content within the operating system. Here the operating system and the service are controlled by the cloud service provider. The measure taken by the forensic experts isto approach the cloud provider with an order and requests to give all the data and the forensic copies of the virtual machines (Banas 2015). Their responsibility starts by listing out all the infected websites and provide safety measures in order to tackle the situation for not being attacked by the malicious websites. In this case scenario, the experts suggested the managing authorities of the Buzz Coffee house by regulating some rules so that their customers can avoid the adverse consequence of their false steps. These preventive measures are as follows:

The experts also suggested the people of the coffee shop never click on the provided linked that is attached with the e-mail. They also suggested the same even if the e-mail they received is form someone they trust. Soares et al. (2014) depicts that the preventive measure regarding this scenario is to type the link in the browser and then open it. People often overlook this as they think that this is very time consuming and hence they simply click on the link and then proceed with their work. They also suggested them not to open a link is it appears strange to them. This resembles the presentation of the website. The reason for this is that not every hacker has lot of money to sink in the website design. Khorshed et al. (2012) portrays that these intruders often put a bunch of generic sites all at once and use any random domain name that they got in their hands and then thrown them online. Content of such websites also plays an important role in order to identify that the concerned website is infectious. Mallory’s intention is to infect the computer system or their operating system in the underlying computer. This intruder must have to formulate many tricky websites content n order to get attack the common being. In such scenario, the forensic experts suggested the people whenever any websites ask them to download something or claim a prize that they won, their prime responsibility is to search for that particular websites and make relevant survey to verify their originality. Another consequence is that if these websites asked for downloading any software that is for the better performance of their computer system they can also Goggle the name of the software to ensure their existence and if existed then to make them knowledgeable regarding that software (TUREL 2013). These doubt can also arises by looking for the sign of legitimacy that means whether the sign resembles with any real-worlds symbol, if not he forensics suggested to contact them through telephonic calls or electronic mails.

Carefully going through the provide URL also enough for identifying whether the website malicious or not in the initial stages. Crosbie (2012) suggested that checking whether the URL spelled correctly or not can also helps the targeted victims to identify the intruder’s intention. Mallory may set up almost identical to the spelling of an existing website and an accidental mistype will led into a fraudulent version of the site. Users may judge the validity of a website by checking the properties of the provided links in the webpage by right clicking on the hyperlink. This will reveal the true destination of the link.

Proceeding on the above measures, the Buzz Coffee shop can easily defined that the adverse situation that the customers are facing in attributed to Mallory. The unsafe webpage that is created by the intruder that can be access by all the partners who are participated in crime (Gai et al. 2015).  It is also possible for identifying the physical location of the virtual machines. The most instantaneous and the straight method for the recognition of the location of the virtual machines is to use a system management tools like Microsoft’s System Centre. Another tool is the VMware’s vCentre Server. Another factor that is to be considered is the law enforcement concerning the creation of a website (Quick and Choo 2013). These laws are Copyright Act 1968, Crime and Corruption Act 2001, Information Privacy Act 2009 and many others. Initiating the measures for the creation of a website, they also have to obey some rules of the governing authorities in order to avoid the initial hassle. Primarily the hosting of a website has the ethical consideration of the fair-use of the resources; however, intruder like Mallory violates the resources they intended to provide to their customers. It is also expected to them to not use and SPAM or Unsolicited Commercial Email. The law enforcement reading the violation of this task is the digital experts denied the access to the network to prevent the further violation.

Regarding the solution that the forensic experts provided by the expert is suggested that whenever the user will find that the website asks for the sensitive information like credit card details or personal number, the initiative that should be taken by the user is to create powerful password with a tough combination of some alphanumeric character (Gopularam et al. 2015). In order to avoid such circumstances, the users must have to make sure that a secured cloud service provider encrypts the website properly. One such solution is to check the term “https” rather than “http” as the entire genuine website’s URL is started by https. The extra ‘s’ is for the indication that the website is saved or secured. These connections use the Secure Sockets Layer (SSL). Furthermore, Chen et al. (2015) that the experts suggested is that to look on the ‘lock’ icon that is displayed on the window of the web browser. All these preventive measures suggested by the digital forensic experts depicts the components of trust in cloud computing.

These components are the security that relies on the encryption methodology that will create a circumstances that will create a barrier for the intruder or uneconomical for the intruder to access some information. The next measure is Security that resembles the protection against the exposure of the confidential details form the intruder. User may use the technology of Personally Identifiable Information (PII). The Buzz Coffee shop is responsible for any kind of action that is related with their safety issues. Thus, Ko (2014) defined the situation of accountability that is the performance of the concerned organization of the agreed upon expectation of their consumers. Furthermore, a very crucial aspect that is concerned by Zuech et al. (2015) is the effective auditabilty services that the selected coffee shop must have to be undertaken.

Lastly, Mohamed (2013) mention the opportunities that the expert can implement in the cloud technology. These are the cost effectiveness of the cloud technology,which resembles the accomplishments of the things in a cost-efficient manner so that every common being can utilize the usage of the cloud technology and experience the technology. Another aspect that the researcher emphasizes on is the data abundances that can ensure the robustness of the overall system. The circumstances raised so as numerous consumers are there who uploads file with same of different contents at the same time, it may be the situation when the data get redundant and it is practically hard to delete the similar data and improve the likelihood of the recovery of the data (Gopularam et al. 2015). Thirds aspect regarding the opportunity of the cloudcomputing technology is the formulation of the ethical standards and the policies, so that no one can harm the methodology by violating the established standards. Forensic in real terminology treated as afterthoughts and regarded as the measures taken for resolving a circumstance; however, forensics in cloud computing, formulation of the legislation and the policies can be established while the technology is still in its formative years.

Conclusion

The entire study makes the researcher to conclude that in spite of being developed in the technologies over the years, there are some persons who finds a wat to harm the technology or try to hack the system to prove their efficiency. The first given assignment however deals with the study where a person uploads videos of the child pornography that is considered to be an offensive action in the society and treated as a crime on which the digital forensics tries to identify the intruder and take appropriate procedures against the same. The next case study is related with the attacking the operating system of a Coffee Shop by injecting malicious contents in the webpages with the help of some images or attractive things that make the common people fool to click that thing and then get injected that makes their computer system slow and unable the machine to perform properly. The researcher also concludes that whether in the first case study, the intruder attack the cloud service provider, while on the other hand in the second case study, another intruder attack the machine itself. One attack a virtual state and other attacks the physical entity; however, in both the case the activity are not ethical and hence the experts took preventive measure in order to find the pitfalls of the system and trying to resolve it.

Further study regarding the solution to the both cases, the researcher finds that in case of Polly, the forensics experts must have to scrutinize the entire process form the scratch that is to check the procedure for the data encryption and its relevant decryption procedures to find out any pitfalls. For this the researcher also analysed the cloud architecture. In the second case, the forensic can take the preventive action by shortlisting gall the malicious or suspicious websites as it can be easily identify whether some activities are unethical or not. Thus, forensics has to work in parallelwith the formulation of such activities and as a result numerous law enforcements institutes are also established in order to resolve these situations. Challenges in the digital forensics are new and hence effective training must have to be provided to the staffs in these departments so that they can identify the occurrence of the crime relying on their experience and take appropriate step regarding that. Co-operation with the cloud service provider and the effective law enforcements or regulations empower the ethical and unethical consumers knowledgeable about the risks and also provide them the leverages to prosecute criminal actions. While on the other hand, the second paper that is provided for the assignment is on the establishment of the urgent need concerning the cloud accountability. This section holds the information for preventing such criminal activities in the cloud servers that is undertaken by the digital forensic experts. However, for the crime identification methodology the researcher focused on the file-centric perspective rather than to give the values to the conventional system-centric or the logging credential perspective to resolve the evolved situation of the crime.

The researcher also focused on the opportunity regarding the usage of the cloud computing services. The primary reason concerning this action is that cloud computing technology ae one of the recent technology that is emphasized by the digital scientists and hence there is a high probability for them to make this approach a great success by making the procedure more reliable and less prone to the malicious attack. This will not only make this new technology popularized among the community; however, it also enables them to enhance their trust and using their technology in order to match the traits of the modern civilization.

References

Al Fahdi, M., Clarke, N.L. and Furnell, S.M., 2013, August. Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions. In Information Security for South Africa, 2013 (pp. 1-8). IEEE.

Ali, S.T., Sivaraman, V. and Ostry, D., 2014. Authentication of lossy data in body-sensor networks for cloud-based healthcare monitoring. Future Generation Computer Systems, 35, pp.80-90.

Alnemr, R., Cayirci, E., Dalla Corte, L., Garaga, A., Leenes, R., Mhungu, R., Pearson, S., Reed, C., de Oliveira, A.S., Stefanatou, D. and Tetrimida, K., 2015. A data protection impact assessment methodology for cloud. InPrivacy Technologies and Policy (pp. 60-92). Springer International Publishing.

Alqahtany, S., Clarke, N., Furnell, S. and Reich, C., 2015, April. Cloud Forensics: A Review of Challenges, Solutions and Open Problems. In Cloud Computing (ICCC), 2015 International Conference on (pp. 1-9). IEEE.

Aminnezhad, A., Dehghantanha, A. and Abdullah, M.T., 2012. A survey on privacy issues in digital forensics. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 1(4), pp.311-323.

Banas, M., 2015. Cloud Forensic Framework For IaaS With Support for Volatile Memory.

Chen, H.Y., 2014, September. Cloud crime to traditional digital forensic legal and technical challenges and countermeasures. In Advanced Research and Technology in Industry Applications (WARTIA), 2014 IEEE Workshop on (pp. 990-994). IEEE.

Chen, Z., Xu, G., Mahalingam, V., Ge, L., Nguyen, J., Yu, W. and Lu, C., 2015. A Cloud Computing Based Network Monitoring and Threat Detection System for Critical Infrastructures. Big Data Research.

Crosbie, M., 2012. Hack the cloud: Ethical hacking and cloud forensics.Cybercrime and Cloud Forensics: Applications for Investigation, Processes, pp.42-58.

Damshenas, M., Dehghantanha, A., Mahmoud, R. and bin Shamsuddin, S., 2013. Cloud computing and conflicts with digital forensic investigation.International Journal of Digital Content Technology and its Applications, 7(9), p.543.

Dara, S., 2014, October. Network Telemetry Anonymization for Cloud Based Security Analysis-Best Practices. In Cloud Computing in Emerging Markets (CCEM), 2014 IEEE International Conference on (pp. 1-7). IEEE.

Daryabar, F., Dehghantanha, A. and Udzir, N.I., 2013. A review on impacts of cloud computing on digital forensics. International Journal of Cyber-Security and Digital Forensics (IJCSDF), 2(2), pp.77-94.

Dinh, H.T., Lee, C., Niyato, D. and Wang, P., 2013. A survey of mobile cloud computing: architecture, applications, and approaches. Wireless communications and mobile computing, 13(18), pp.1587-1611.

Dlamini, M., Venter, H., Eloff, J. and Eloff, M., 2014, March. Requirements for Preparing the Cloud to Become Ready for Digital Forensic Investigation. In 13th European Conference on Cyber Warfare and Security ECCWSâ€Â2014 The University of Piraeus Piraeus, Greece (p. 242).

Dykstra, J. and Sherman, A.T., 2012. Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques. Digital Investigation, 9, pp.S90-S98.

Dykstra, J. and Sherman, A.T., 2013. Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform. Digital Investigation, 10, pp.S87-S95.

Eggestein, J.V. and Knapp, K.J., 2014. Fighting Child Pornography: A Review of Legal and Technological Developments. The Journal of Digital Forensics, Security and Law: JDFSL, 9(4), p.29.

Espadas, J., Molina, A., Jiménez, G., Molina, M., Ramírez, R. and Concha, D., 2013. A tenant-based resource allocation model for scaling Software-as-a-Service applications over cloud computing infrastructures. Future Generation Computer Systems, 29(1), pp.273-286.

Fernandes, D.A., Soares, L.F., Gomes, J.V., Freire, M.M. and Inácio, P.R., 2014. Security issues in cloud environments: a survey. International Journal of Information Security, 13(2), pp.113-170.

Gai, K., Qiu, M., Tao, L. and Zhu, Y., 2015. Intrusion detection techniques for mobile cloud computing in heterogeneous 5G. Security and Communication Networks.

Gopularam, B.P., Dara, S. and Niranjan, N., 2015, February. Experiments in Encrypted and Searchable Network Audit Logs. In 2015 International Conference on Emerging Information Technology and Engineering Solutions (EITES) (pp. 18-22). IEEE.

Graham, M., Winckles, A. and Moore, A., 2014. Botnet Detection in Virutal Environments Using NetFlow.

Grispos, G., Storer, T. and Glisson, W.B., 2013. Calm before the storm: the challenges of cloud. Emerging digital forensics applications for crime detection, prevention, and security, 4, pp.28-48.

Harrington, S.L., 2014. Cyber Security Active Defense: Playing with Fire or Sound Risk Management?. Rich. JL & Tech., 20, pp.12-14.

Hooper, C., Martini, B. and Choo, K.K.R., 2013. Cloud computing and its implications for cybercrime investigations in Australia. Computer Law & Security Review, 29(2), pp.152-163.

Kerrigan, M., 2013. A capability maturity model for digital investigations.Digital Investigation, 10(1), pp.19-33.

Khan, S., Gani, A., Wahab, A.W.A. and Bagiwa, M.A., 2015, June. SIDNFF: Source identification network forensics framework for cloud computing. InConsumer Electronics-Taiwan (ICCE-TW), 2015 IEEE International Conference on (pp. 418-419). IEEE.

Khan, S., Shiraz, M., Abdul Wahab, A.W., Gani, A., Han, Q. and Bin Abdul Rahman, Z., 2014. A comprehensive review on adaptability of network forensics frameworks for mobile cloud computing. The Scientific World Journal, 2014.

Khorshed, M.T., Ali, A.S. and Wasimi, S.A., 2012. A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Generation computer systems, 28(6), pp.833-851.

Khorshed, M.T., Ali, A.S. and Wasimi, S.A., 2012. A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing. Future Generation computer systems, 28(6), pp.833-851.

Klein, C.A., 2014. Digital and divergent: sexual behaviors on the internet.Journal of the American Academy of Psychiatry and the Law Online, 42(4), pp.495-503.

Ko, A.C. and Zaw, W.T., 2015, June. Digital forensic investigation of dropbox cloud storage service. In Network Security and Communication Engineering: Proceedings of the 2014 International Conference on Network Security and Communication Engineering (NSCE 2014), Hong Kong, December 25–26, 2014 (p. 147). CRC Press.

Ko, R. and Choo, R., 2015. The Cloud Security Ecosystem: Technical, Legal, Business and Management Issues. Syngress.

Ko, R.K., 2014. Data accountability in cloud systems. In Security, Privacy and Trust in Cloud Systems (pp. 211-238). Springer Berlin Heidelberg.

Kranz, M., Möller, A. and Michahelles, F., 2015. Large-Scale Research via App Stores: Challenges and Opportunities at the. Emerging Perspectives on the Design, Use, and Evaluation of Mobile and Handheld Devices, p.269.

Liu, Y., Sun, Y.L., Ryoo, J., Rizvi, S. and Vasilakos, A.V., 2015. A Survey of Security and Privacy Challenges in Cloud Computing: Solutions and Future Directions. Journal of Computing Science and Engineering, 9(3), pp.119-133.

Losavio, M., Song, Y., James, J.I., Marrington, A. and Chow, K.P., 2015. World Information Order-Privacy and Security in a Hyper-Networked World of Data and Analysis, A. N. Ky. L. Rev., 42, p.315.

Ma, H., Shen, G., Chen, M. and Zhang, J., 2015. The Research of Digital Forensics Technologies under Cloud Computing Environment. International Journal of Grid and Distributed Computing, 8(3), pp.127-134.

Mahmood, W., Jahankhani, H. and Ozkaya, A., 2015. Cloud Forensics Challenges Faced by Forensic Investigators. In Global Security, Safety and Sustainability: Tomorrow’s Challenges of Cyber Security (pp. 74-82). Springer International Publishing.

Martini, B. and Choo, K.K.R., 2012. An integrated conceptual digital forensic framework for cloud computing. Digital Investigation, 9(2), pp.71-80.

McDonald, S.A., 2014. Authenticating Digital Evidence from the Cloud. Army Law., p.40.

McGrew, D., 2014, November. Privacy vs. Efficacy in Cloud-based Threat Detection. In Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security (pp. 3-4). ACM.

Mohamed, H.A.I., 2013. Cloud Computing Security, An Intrusion Detection System for Cloud Computing Systems.

Mulazzani, M., 2014. New challenges in digital forensics: online storage and anonymous communication (Doctoral dissertation, Vienna University of Technology).

Negi, P., Mishra, A. and Gupta, B.B., 2013. Enhanced CBF packet filtering method to detect DDoS attack in cloud computing environment. arXiv preprint arXiv:1304.7073.

Patrascu, A. and Patriciu, V.V., 2013, May. Beyond digital forensics. A cloud computing perspective over incident response and reporting. In Applied Computational Intelligence and Informatics (SACI), 2013 IEEE 8th International Symposium on (pp. 455-460). IEEE.

Pichan, A., Lazarescu, M. and Soh, S.T., 2015. Cloud forensics: technical challenges, solutions and comparative analysis. Digital Investigation, 13, pp.38-57.

Povar, D. and Geethakumari, G., 2016. Digital Forensic Architecture for Cloud Computing Systems: Methods of Evidence Identification, Segregation, Collection and Partial Analysis. In Information Systems Design and Intelligent Applications (pp. 213-225). Springer India.

Quick, D. and Choo, K.K.R., 2013. Digital droplets: Microsoft SkyDrive forensic data remnants. Future Generation Computer Systems, 29(6), pp.1378-1394.

Reichert, Z., Richards, K. and Yoshigoe, K., 2014, October. Automated forensic data acquisition in the cloud. In Mobile Ad Hoc and Sensor Systems (MASS), 2014 IEEE 11th International Conference on (pp. 725-730). IEEE.

Rowe, N.C., 2016. Privacy Concerns with Digital Forensics. Ethical Issues and Citizen Rights in the Era of Digital Government Surveillance, p.145.

Ruan, K., James, J., Carthy, J. and Kechadi, T., 2012. Key terms for service level agreements to support cloud forensics. In Advances in Digital Forensics VIII (pp. 201-212). Springer Berlin Heidelberg.

Shirkhedkar, D. and Patil, S., 2014. Design of digital forensic technique for cloud computing. International Journal, 2(6).

Sidhu, S.K., 2013. A study of NIST SP 800-144 standard on IT risk management in cloud computing: Creating a novel framework for implementing it in Small and Medium sized Enterprises (SMEs) by applying COSO and ISACA’s Risk IT frameworks.

Simou, S., Kalloniatis, C., Kavakli, E. and Gritzalis, S., 2014, June. Cloud forensics: identifying the major issues and challenges. In Advanced Information Systems Engineering (pp. 271-284). Springer International Publishing.

Soares, L.F., Fernandes, D.A., Gomes, J.V., Freire, M.M. and Inácio, P.R., 2014. Cloud security: state of the art. In Security, Privacy and Trust in Cloud Systems (pp. 3-44). Springer Berlin Heidelberg.

Son, N., Lee, Y., Kim, D., James, J.I., Lee, S. and Lee, K., 2013. A study of user data integrity during acquisition of Android devices. Digital Investigation, 10, pp.S3-S11.

Sushil, R. and Chaudhary, J., 2015. Cloud Forensics: Need for an Enhancement in Intrusion Detection System.

TaheriMonfared, A., 2015. Software-Defined Networking Architecture Framework for Multi-Tenant Enterprise Cloud Environments.

Tang, C. and Liu, J., 2015. Selecting a trusted cloud service provider for your SaaS program. Computers & Security, 50, pp.60-73.

TUREL, Y., 2013. Survey on cloud computing vulnerability and cyber attacks: a defensive approach. Task Quarterly, 17(1-2), pp.95-107.

Urias, V., Young, J. and Hatcher, S., 2014. Implications of Cloud Computing on Digital Forensics. GSTF Journal on Computing (JoC), 1(1).

Xiao, Z. and Xiao, Y., 2013. Security and privacy in cloud computing.Communications Surveys & Tutorials, IEEE, 15(2), pp.843-859.

Yusoff, M.N., Mahmod, R., Abdullah, M.T. and Dehghantanha, A., 2014. Performance measurement for mobile forensic data acquisition in Firefox OS. International Journal of Cyber-Security and Digital Forensics (IJCSDF),3(3), pp.130-140.

Zawoad, S. and Hasan, R., 2013. Cloud forensics: a meta-study of challenges, approaches, and open problems. arXiv preprint arXiv:1302.6312.

Zawoad, S. and Hasan, R., 2015, August. Digital Forensics in the Age of Big Data: Challenges, Approaches, and Opportunities. In High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conferen on Embedded Software and Systems (ICESS), 2015 IEEE 17th International Conference on (pp. 1320-1325). IEEE.

Zuech, R., Khoshgoftaar, T.M. and Wald, R., 2015. Intrusion detection and big heterogeneous data: A survey. Journal of Big Data, 2(1), pp.1-41.