Digital Forensics Evidence Acquisition and Chain of Custody in Cloud Computing

The new cloud computing concept delivers an adaptable service to many users. This is due to the fact that cloud computing offers an economic solution based on pay-per use idea. At the same time, digital forensics is a relatively new discipline born out due to the growing use of computing and digital solution. Digital forensics in cloud computing brings new technical and legal challenges (e.g. the remote nature of the evidence, trust required in the integrity and authenticity, and lack of physical access.) Digital forensics difficulties in cloud computing comprise acquisition of remote data, chain of custody, distributed and elastic data, big data volumes, and ownership. In the literature, there are many schemes that deal with these issues. In 2013, Hou et al. proposed a scheme to verify data authenticity and integrity in server-aided confidential forensic investigation. The authenticity and integrity are two essential requirements for the evidence admitted in court. The aim of this paper is twofold. First, to introduce a new concept for digital artifacts acquisition in cloud computing as a consolidation between digital forensic and cloud computing. This concept guarantees safe investigation to trusted digital evidence. Secondly, to analyze Hou et al.’s scheme with respect to its claimed integrity and authenticity properties. Our analysis shows that Hou et al.’s scheme does not satisfy the claimed integrity and authenticity in server-aided confidential forensics investigation. To achieve the authenticity, confidentiality and integrity of evidence in cloud, we illustrate how encryption and digital signature algorithms could be used within different designs to ensure confidentiality and chain of custody for the digital forensics process in the cloud.