[Retracted] Critical Retrospection of Security Implication in Cloud Computing and Its Forensic Applications

Raghavendra, S.; Srividya, Putty; Mohseni, Milad; Bhaskar, Seelam Ch. Vijaya; Chaudhury, Sushovan; Sankaran, K. Sakthidasan; Singh, Bhupesh Kumar

doi:https://doi.org/10.1155/2022/1791491

Security and Communication Networks

On this page

Abstract Introduction Literature Review Conclusion Data Availability Conflicts of Interest References Copyright Related Articles

Research Article Retraction

!

This article has been Retracted. To view the article details, please click the ‘Retraction’ tab above.

Special Issue

Recent Advances in IoT and Blockchain-Based Security/Privacy in Advent Technology

View this Special Issue

Research Article | Open Access

Volume 2022 | Article ID 1791491 | https://doi.org/10.1155/2022/1791491

[Retracted] Critical Retrospection of Security Implication in Cloud Computing and Its Forensic Applications

S. Raghavendra,¹Putty Srividya,²Milad Mohseni,³Seelam Ch. Vijaya Bhaskar,⁴Sushovan Chaudhury,⁵K. Sakthidasan Sankaran,⁶and Bhupesh Kumar Singh⁷

Academic Editor: Mukesh Soni

Received21 Mar 2022

Revised12 Apr 2022

Accepted18 Apr 2022

Published17 May 2022

Abstract

Using cloud computing, businesses can adopt IT without incurring a significant upfront cost. The Internet has numerous benefits, but model security remains a concern, which affects cloud embracing negatively. The security challenge gets too difficult underneath data center, while additional dimensions such as model design, multitenancy, elasticity, and the layers dependency stack have been added to the problem scope. We present a thorough examination of the cloud security challenge in this article. We looked at the issue from the standpoints of network infrastructure: cloud-provided features, cloud consumers, and cloud service delivery methods. Based on this research, we developed an in-depth characterization of the data protection challenge and recommended security solutions that should address the critical aspects of the issue. Cloud computing is an exploding field of research that relies on distributing computing power instead of using dedicated computers or smart devices. Most of the growth in this sector is attributed to the indispensability of electronic and digital gadgets and the shift from a traditional IT subscription model to a unique cloud model. Cloud computing offered a significant danger and difficulty for information system projects, but it also provided them with several possibilities to improve their data processing. It has also been noted that cloud users and consumers do not yet have the necessary forensic skills to detect illegal activity in the cloud. Although the cloud offers potential technological and economic advantages, consumers have been reluctant to adopt it primarily due to security concerns and the difficulty of conducting an appropriate investigation into the cloud. Some study has been done in this area, and strategies for conducting forensic investigations have been proposed. In this research paper, we begin by analyzing the intrusion detection progress made by other academics, and then we analyze and evaluate our conclusions in order to assess the potential difficulties that cloud forensics face based on these findings.

1. Introduction

Cloud technology is the next phase of Intertubes, realistically distributed databases that deliver computing power “as a service.” NIST proposes the most frequently used description of the cloud services concept as “a paradigm for providing on-demand networking provisioning of customizable computational power (e.g., networking, computers, memory, programs, and activities) that may be swiftly provided and dispersed with minimum administrative labor or network operator ability to interact.” Figure 1 shows the structure of cloud computing. A cloud can be either private or public. Anyone with access to the Internet can purchase services from a public cloud. A private cloud is a closed network or data center that offers platform as a service to a small number of individuals who have particular access and rights. The goal of cloud computing, whether private or public, is to provide speedy, scalable access to data and information technology services [1, 2].

Cloud computing refers to a collection of networks and the data that flows across them. Users typically choose to use a third-party intermediary source for Internet connection instead of creating their personal physical systems in cloud computing, and they can use its ways forever.

In other words, the cloud is a browser technology that offers quality services to its clients, such as data and software, over distant servers. People can get beneficial results from the cloud without spending more time and money on things like computers and software to manage the data. When using cloud computing, clients’ needs and applications are met without an entire physical and logical platform. Data can be accessed from almost anywhere, which has primary advantages of cloud computing for consumers. For example, cloud-based apps such as e-mail, video calling, and customer relationship management (CRM) operate on the cloud.

Furthermore, it presents its users with several features such as access to a large number of purposes without the need for permission, purchasing, or downloading files from any of these services. Cloud computing networks manage a service load because the workload is moved to mitigate the demand. As a result, client system requirements are reduced since the demand for local computers is not high, while the activity is operating. High-speed Internet service and a web browser are necessary for all cloud apps, and customers only pay for the services they have actually used.

Cloud computing is an intriguing idea since it provides a viable opportunity for a new educational approach. On-demand web browsers encourage students and managers to swiftly and affordably access a broad range of different apps and services. This instantly decreases organizational expenditures while also providing more robust operational capacity. For academy operations, the progressive reduction of software licensing expenses, cost of data, and infrastructure costs provides considerable scalability. IT employees at academic institutions can get a lot of help from the advantages of the cloud. They do not have to keep the university's computer systems up and running, which is a huge help. Cloud computing gives quick universal systems, removes the need for hardware and software licensing, improves efficiency, and facilitates scaling. It is helpful to minimize the problems and expenses associated with backup and recovery by using a redundant cloud network. However, there are also several drawbacks to consider. There are always shortcomings with service providers, service-level agreements (SLAs), and cybersecurity. Furthermore, cloud service providers have varying degrees of technical expertise.

In addition, we do not claim that cloud computing is a perfect solution for every company, so companies should conduct a well-informed analysis of its impact before adopting it.

Industry benefits of cloud computing are several; the first is that cloud computing greatly helps decrease the obstacle for smaller businesses to benefit from computation-intensive digital marketing, which was formerly only available to the larger enterprises. These analytical activities often need a considerable number of physical systems for a brief period, and cloud computing enables optimal resources available for small companies. Furthermore, cloud computing allows businesses to grow their services, which are progressively dependent on precise information, to meet customer requirements. Because hardware resources are controlled by software, they would be efficiently applied as new procedures occur. Finally, cloud computing has the potential to decrease IT constraints. For example, as seen by the numerous potential startups, from the enormously powerful web programs such as Facebook and YouTube to more specialized applications such as TripIt (for organizing one’s trip) or Mint (for planning one’s money).

Needless to say, cloud computing has its own set of disadvantages for the industry as well; first and foremost, there are political issues arising due to international restrictions imposed by governments. It is critical to maintain cloud computing apart from political concerns if it is to keep developing throughout the globe. Several leading world countries are considering legislation that sometimes impedes the expansion of the international cloud. There is a risk of losing information security if systems belonging to Canadians are used on American networks, such as those belonging to the US Patriot Act. Thus, corporation can not maintain that company data was on a certain centralized server in a given area. The second one is Security and Privacy. When it comes to cloud computing security, there is a considerable amount of ambiguity since it is a new novel technology (e.g., host and application). Because of this unpredictability, information experts have increasingly said that security is their top worry using cloud computing. In today’s world, organizations confront several rules and regulations aimed at protecting the security of users’ valuable data. It is unclear if the cloud computing platform appropriately shields such data; rather, it causes firms to break the legislation.

The cloud model has two main elements: multitenancy and elasticity. Multitenancy allows several tenants to share the same service instance. Figure 2 shows the Multitenancy path for resource sharing [3]. The connection between the front and rear ends is managed by a centralized computer. The central server uses protocols to make data exchange easier. The central server uses both software and middleware to manage communication between many client devices and cloud servers. Each program or job usually has its own dedicated server [4, 5].

(a)

(b)

Elasticity allows a service’s resources to be scaled up and down in response to the current service needs. Figure 3 shows the classification of the elasticity mechanisms [6]. Both features are aimed at maximizing resource usage, lowering costs, and increasing accessibility. Industry and academics have embraced cloud services to serve a broad range of applications, from cognitively complex queries to lighter services, thanks to the virtual machine. Small and medium enterprises will benefit from the approach since it allows them to embrace IT without having to spend on infrastructure, software licensing, or other necessary items upfront [7]. Furthermore, governments are becoming increasingly crucial of cloud computing to decrease IT expenses while also increasing the abilities and mobility of their offered services.

To fully benefit from these modern computing models, which provide a creative economic structure for businesses to use IT without a large upfront investment, increased security risks must be addressed. Although virtualization can help businesses achieve more through splitting the physical bonds that exist among an information systems infrastructure and its consumers, it should be conquered in order to profit from this modern computing framework, which provides e-commerce strategy for businesses to implement IT beyond a large capital outlay [8, 9]. Cloud computing is now one of the most contentious problems in the telecommunication sector, prompting many businesses to move their information to the server since it offers several technological and economic advantages. Figure 4 shows the data organization mechanisms under cloud [10]. Competitive servers include Google, Microsoft’s Cloud Data Capabilities, and Amazon Web Services. In addition, several open-source web platforms, such as Solar Common Cloud Infrastructure and Phoenix, have persuaded consumers to use the Internet than in the past [11]. When telecommunication companies began selling virtual private networks, the term “cloud” was coined. McCarthy proposed the fundamental notion of cloud computing, stating that “calculation may ultimately be structured as a public service.” Prior to VPN, telecommunication providers offered specialized step data connections, which squandered capacity. As a result, VPN connections are often used to transfer traffic in order to manage networking use, and information technology expands this to include servers and network architecture. According to a Gartner assessment on cloud services sales in 2009, the cloud sector was worth USD 58.6 billion, USD 68 billion in 2010, and USD 148 billion by 2014. Cloud computing appears to be a viable platform; on the other side, it piques hackers’ attention in exploiting any known flaws in the design [12].

Overall, in terms of the goal of cloud technology in information technology services, cloud computing is so termed since the data collected resides in the cloud. Companies’ cloud computing services allow clients to access information and programs on distant data centers and transfer the files over the network, notably the Internet. There is no need for a certain location to obtain it; thus, the user can operate from anywhere. In other words, it removes the burden of handling and storing data from the gadget you carried or interacted with. Additionally, it sends the workload to robust systems in cyberspace far away. As a result, the Internet acts as a cloud, allowing users to access their data and online services from virtually anywhere on the planet. Data processing has evolved into numerical computation, edge computing, and, most frequently, cloud computing over the network.

However, the effectiveness of global norms, the convenience of final consumers, and, very prominently, the level of information security and privacy provided by modern technologies are all significant aspects in their success. Cloud computing is a new and fast expanding information technology that is transforming the way IT building solutions are created, put, and presented as a result of a change in emphasis to the issue of data storage virtualization and local network virtualization, which are two instances of virtualization (infrastructure). In the current study, we express the existing problems and issues surrounding security and efficiency [13, 14]. These concerns are divided into four categories: architectural design concerns, process improvement design concerns, cloud particular type concerns, and cloud decision maker concerns. Our goal is to figure out where the cloud model’s flaws are. We provide a thorough study of each shortcoming to highlight the underlying causes. The security challenge turns to be very challenging underneath the cloud paragon at fresh aspects such as model design, elasticity, and layer dependency stack, which are introduced into the problem scope [15, 16]. These findings will support cloud suppliers and security sellers to understand the problem well. Moreover, it allows investigators to determine the current scale and flaws of the problem.

The following is a breakdown of our paper’s structure. In part two, we look back at prior attempts to define cloud security issues and concerns. Parts III through VII look at analyzing the security issue from several angles. The major security enablers in the cloud paradigm are discussed in Section 8. Section 9 summarizes our findings and identifies the essential characteristics that some cloud security answers should address. Furthermore, in part X, we talk about upcoming effort focused on privacy factors we talked about previously. Figure 5 shows the flow of paper.

2. Literature Review

Numerous authors address the problems and problems related to cloud computing security. The Cloud Services Use Factors division delves into the many usage event situations and connected needs that might be found in the cloud computing platform. Users, designers, and system administrators all contribute to their analysis of use cases. ENISA looked into the many security concerns related to cyber adoption, the assets involved, and the hazards’ probability and effects. CSA discusses similar attempts in “Top Risks to Cloud Services.” Kandukuri et al. [17] go over the privacy SLA’s requirements and goals for data storage, separation, and rescue. Problems with high-level security in the cloud computing paradigm, like data quality, invoicing, and confidential information protection, are reviewed by Popovic and Hocenski, talked on ITIL, ISO/IEC 27001, and the Open, Virtualization Format, among other incident response standards (OVF) [18]. XML-attacks, browser-related assaults, and flooding attacks are among the technological security concerns raised by implementing the cloud computing architecture, according to Jensen et al. [19]. Grobauer and his colleagues examine the cloud network’s security flaws [20]. The system divides the critical threats into three categories: innovation, cloud-related, and security controls-related. Subashini and Kavitha, concentrating on the SaaS model, examine the security problems of cloud service delivery models [21]. The CSA addresses the most important aspects of cloud computing. In each category, they suggest a series of cloud provider best practices, customers, and campaign featured to monitor. For several of these topics, the CSA produced a set of thorough reports. In our study, we looked at the cloud model in depth to determine the fundamental causes and major contributing aspects in the privacy problems addressed in earlier studies [22]. It will aid in a greater understanding of the issue and the delivery of remedies.

3. Data Analysis

To support this research, we gathered 47 relevant articles on forensic investigation and subjected them to a study quality evaluation, keyword research, and the research framework, which served as a data collecting technique. This is critical to research since it gives a clear picture of the research topic in the subject. As shown in Figure 6, recent research advances in cyber forensics are mostly focused on concerns and dangers in cloud computing, as well as the obstacles that cloud forensic poses. In this sense, several publications are either two or three types of study. There are a total of 22 articles that discuss these concerns, indicating that knowledge of cloud security vulnerabilities has grown over time as computing evolved.

The lowest amount of study attention is on articles that illustrate existing forensic processes and legislative strategy towards the web platform; this may imply that the present forensic strategy has failed to address cloud computing. Scientists, on either side, are suggesting new regulations, techniques, and frameworks to improve the capacity to do cloud forensics, as seen by the 18 papers we examined in this area. Moreover, phrases convey to users the overall theme of a document. Strong relevance was carried out in this study to determine the pattern of presence of specific terms in the cyber science industry among the evaluated articles, as shown in Figure 7.

Information technology is mentioned 21 times out of 47 times in all the articles. Computer evidence and data encryption are both close behind, with 15 and 14 times, respectively. Specific keywords like digital attribution, incident generation, and 16 additional phrases, on either side, have only been mentioned once. The importance of the findings reveals that the majority of studies focused on the overall field of cloud forensics rather than a specialized one.

4. The Cloud Computing Architecture and Security Implications

There are three performance management methods and three major technology architectures in the Cloud Computing paradigm [23, 24]. The three existing solutions are (1) private cloud, that is, a database server specific to a given organization, (2) public cloud, that is, a cloud platform publicly accessible for registration and use of basic facilities, and (3) hybrid cloud, that is, a hybrid cloud that can be broadened to usage funds in community clouds. Since cloud services are open for customers to serve their operations, including malevolent users, they are the most susceptible main contributions. Figure 8 demonstrates different types of cloud computing. Also, Figure 9 shows different layers in cloud computing.

The following are examples of cloud initiatives, as shown in Figure 10.

As shown in Figure 10, every care model contains a variety of alternative solutions, complicating the creation of a common security architecture for every service delivery model. Furthermore, various service provision methods may cohabit in a single virtual machine, complicating the risk management further.

Infrastructure-as-a-Service (IaaS): cloud services offer computational power, memory, and networking as web operations. The network virtualization underpins this service architecture. The most well-known IaaS supplier is Amazon EC2. Figure 11 shows the offering services and their connections by IaaS.

Platform-as-a-Service (PaaS): cloud services give systems, resources, and some other professional services that let clients create, publish, and maintain their own apps while configuring some of these systems or supplementary services through their own computers The PaaS paradigm can be built on top of an IaaS model or immediately in front of data centers. The most well-known PaaS is the Google App Engine and Windows Server Azure. Figure 12 shows the offering services and their connections by PaaS.

Software-as-a-Service (SaaS): when cloud suppliers provide programs housed on network infrastructure as a web resource to end customers, rather than needing the consumers to download the apps on their PCs. This approach may be served in front of PaaS, IaaS, or network infrastructure directly. Salesforce CRM is an instance of a SaaS application. Figure 13 shows the offering services and their connections by SaaS.

Figure 14 shows a review of the three models of cloud computing and services, which are supported by each of them.

4.1. Identify the Objects under Protection

This study identifies seven protection layers as per the cloud service's delivery method [25]. Control points in cloud information management include standard control points as well as cloud-related control points. Cloud-based protection objects and traditional approaches are compared in Table 1. It is also vital that the cloud system protect the abstract resource security and the software platform layers. In the end, virtualization devices must be protected on the host side and in the network layer [26].

4.2. Trust and Security Models in Cloud Computing

The capacity to interact with AR displays is perhaps one of the most important features. A partnership of five Japanese institutions, comprising JAIST, launched the enPiT-Security training plan (also known as SecCap) in April 2013. Tohoku University, Nara University of Science and Technology, Keio University, and the University of Management Safety are all the other cooperation participants.

The SecCap program is intended for undergraduates and aims to acquire the skills needed by IT security professionals through lectures and hands-on actions on protection elements of web browsers, programs, networking, and malicious software defenses and techniques [27].

5. Cloud Computing Characteristics and Security Implications

Cloud services must enhance resource usage and, yet, lower costs in order to achieve effective resource use. At the same time, users must be able to acquire assets only as far as they are required, with the ability to raise or reduce energy usage in response to real demand [28]. The cloud computing model provides a win-win solution by including two essential features: integrons and mobility. All traits have major consequences for the privacy of the cloud paradigm.

Multitenancy means that tenants share computing resources, storage, services, and applications [29]. Figure 15 depicts the various ways to multitenancy implementation. Each tenant has their own dedicated instance with their own modifications in method 1 (customization may include special development to meet customer needs).

Approach 1 is called the single Tenant. A single client is served by a single instance of the application and its corresponding infrastructure. There is just one instance of the program running on a single computer with a single tenant. In essence, this choice does not allow for any kind of sharing. Essentially, there is no sharing happening with this option. It has some advantages and disadvantages. There are several advantages to a single-client environment, such as increased security and dependability due to the abundance of resources and safe physical systems that come with having a whole environment devoted to just one client and always accessible. Furthermore, it benefits from customization since it has complete control over the data, making it possible for customization and new features if necessary.

On the other side, the drawbacks of a single-client environment include the need for frequent maintenance to keep the system operating smoothly and effectively since a single-tenant system often involves more jobs. Additionally, setup/management is a disadvantage since SaaS multitenant configurations are simple to install and run. Last but not least, there is Cost, which is single-tenant that often provides for greater resources, however, at a more significant expense since there is just one user for the whole system.

In method 2, every tenant has their own specialized server, similar to strategy 1; however, all versions have distinct settings. All tenants utilize the same example with real-time customization in method 3 (the program is separated into main network elements and additional components that are launched given current tenant requests, similar to Amazon web services [30].

In method 4, tenants are routed to a cloud infrastructure, which routes their requests to the most appropriate example depending on the load on the current context. The most dangerous approaches are 3 and 4 because tenants share the same storage and equipment [31]. This information sharing compromises the anonymity of tenants' IT property, necessitating the use of protected virtualization. To prevent coordinated attacks that tries to founder with the accuser funds, there must be segregation between tenants' information (at remainder, storing, and transformation) and destination accountability, during which tenants have really no expertise or regulate from over particular location of their assets (could have a high ranking influence on data preservation like nation or continent extent) [32].

Separation in IaaS must take into account VM capacity, processor, cognition, cached storage, and networking. Segregation in PaaS must comprise isolating among operating services and API calls [33]. Separation in SaaS must be applied to distinct telecommunications service in the same example by numerous occupants, in addition to tenant information.

Flexibility is the capability of adjusting the amount of resources given to an on-demand based system [34]. Tenant contributions can be scaled up and down to use the tenant's given threshold value assets in the development of other tenants. But this could cause security concerns [35]. The reduction of tenant A frees up resources, which are now shared by tenant A and tenant B, allowing them to determine tenant A's former contents. In addition, flexibility provides a mechanism for allocating resources based on the number of eligible assets attributed to a vendor [10].

6. Cloud Computing Stakeholders and Security Implications

Various people are engaged in the cloud computing platform: private cloud (an entity that schedules to cloud users), Internet supplier, and trade customer [36]. Every participant has its current security technologies, as well as obligations (specifications) and abilities (provided) from many other participants. As a result, (1) a collection of protection criteria defined on a system by several tenants may be incompatible [37, 38]. As a result, every provider's protection specifications must be preserved and implemented at the provider recommended intervals and at execution time, taking into consideration the potential of new conditions given current users' requirements to ameliorate potential risk; (2) the user and provider must try negotiating and cooperate on the imposed system security. However, there are no basic security specification expressions that cloud participants may use to describe and argue about the security features they offer/require.; and (3) every participant can have their safety new strategies for defining resources, anticipated risks, and their consequences, as well as how to avoid problems. Both cloud service suppliers and cloud users (who are unaware of the materials and security measures of activities based on their technologies) lose control when they embrace the public cloud. Security SLA was made critical as an element of the strategy for defining, enforcing, and analyzing security characteristics [39]. SLAs, on the other hand, still leave security characteristics out of their requirements. Furthermore, SLAs are greater contracts that do not include the specifics of security rules and controls, as well as how to alter them in real-time.

Data centers, on the other hand, can not implement efficient and safe security measures since they are unaware of the designs of managed services [6]. Moreover, computing resources are confronted with a slew of new safety regulations, even while maintaining a diverse set of security controls that must be maintained. The protection controllers’ jobs are made much more difficult by this [40]. Between cloud producers and recipients, they must be informed about what safety is implemented, what dangers are present, and what breakdowns happen on the cloud infrastructure and infrastructure components [41]. This is referred to as “trust but verify,” in which cloud users should have faith in their suppliers, but cloud services should give tools to assist users in verifying and monitoring privacy compliance [42].

7. Security and Trust Model in Cloud

Aside from a basic inspection, numerous associated recent studies have generated many approaches for forensic investigation, particularly in the security and trust areas. There are some who use the Internet who are not necessarily specialists in the area of computers. Traditional firms handle all sensitive information inside and have total control over their personnel, which is one of the most noticeable issues found [43].

According to Dimitri [44], cloud migration has reduced the development of effective security procedures. Since the cloud's characteristics vary from architectural design, this is being reevaluated. So, as to secure the secrecy and reliability of data, it is advised that you use a suggested trustworthy third party; it can be regarded as a protection system in the cloud that forms a network of confidence.

In this context, it is argued that even if the cloud model is not completely open, suppliers can exercise some openness in order to outline what is really being performed in a certain region and also discusses the necessity of cloud providers proposing security rules and the many types of security problems [45]. In terms of privacy, corporation is accountable for all of their sensitive data; moreover, there is a fundamental weakness in organizations that are unfamiliar with data storage and control [46, 47]. The major barrier for adopting cloud services, as shown in Figure 16, is data protection safety problems around the cloud, which span over seven phases of the information life cycle, including data production, transmission, usage, sharing, storage, archive, and elimination.

They do, however, give a few information securities that are now available. Standard process techniques are not designed for companies and data in the cloud since organizational borders have been stretched to the cloud. They also bring up the question of computer security.

7.1. Cloud Forensic Issues and Challenges

Scientists have attempted to develop conceptualizations to solve these challenges; nevertheless, only a few of these accepted standards for data gathering and proper work on the Internet [48]. They suggest an iteration platform based on the currently utilized McCamish and NIST frameworks, which have common similarities but different methods. They propose that forensic experts produce evidence using a methodology in addition to current forensic methods. Regarding trust in a cloud context, it emphasizes the need for a security-based certification that includes technology in order to improve cloud service confidence. It also demonstrates that the present use of SAS 70 (II) certification as an business standard is merely the start and that it currently can not offer consumers the safety features that they want [49]. In addition to targeting consumers who profit from cloud platform providers’ offerings, criminals will look at cloud computing to exploit any potential vulnerability in this new architecture and operating model [50]. They argued that, in order to prevent cybercrime, service providers (SLAs) should be strong. They also stress that safety must be a type of cloud solution, with designers focusing on management, hazard, and management as part of the design. There appears to be a tendency in existing standards to a better knowledge of the cloud environment and tailoring business standards to it. We stated that while cloud service providers can be used for a variety of purposes, they can also be misused by customers with bad intentions; for instance, a consumer can use the public cloud to launch a Dispersed Rejection of Service (DDoS) offensive on other customers or the cloud on its own, causing the services to go inactive. It is difficult to tell the difference between legal content demands and malicious ones, but cloud services can deliver resources quickly in the case of a DDoS attack [51]. The cloud is subject to the same types of assaults as other Internet services, which makes appropriate management challenging. According to the authors, cloud providers should establish tight access controls to prevent unauthorized access by users who abuse the network and limit access to customers' data in order to improve data security.

According to Birk and Wegener, cloud computing offers significant technological and economic benefits; nevertheless, many chambers are still uncertain to change their systems to the cloud because of cloud security fears and unknown dangers [52]. The researchers looked at a variety of cloud settings and came up with methods to help these systems overcome their flaws. To summarize, security concerns in the virtual environment are primarily driven by the lack of a uniform worldwide cloud specification.

7.2. Cloud Forensic

Currently, digital gadgets are growing at a breakneck pace, and analyzing the data created by these devices necessitates a massive amount of processing power [49]. The notion of a “Forensic Cloud” has been presented, with the goal of allowing a researcher to concentrate entirely on the investigative process [53].

In terms of cloud computing, according to Biggs and Vidalis, criminal users represent significant difficulties and dangers to end customers who use the cloud service supplier’s products [54]. The hackers will also investigate big data to see if there are any flaws in this new idea, architecture, or business strategy in cloud forensics. They argued that, in order to prevent cybercrime, service level agreements (SLAs) must be strong. They also mention bridge laws as a key concern. Various nations, digital investigators, and their capacity to perform successful investigations may be harmed. They also looked at the influence of cloud technology on criminal examination and discovered that, despite its efforts to be safe, cloud technology is still not suited for forensic science. Yan addressed the present cloud system’s dangers, which include big data, individual rights, and provider (CSP) trust issues [55]. He claimed that the cloud ecosystem is more vulnerable to cybercrime than in the past, necessitating the use of digital forensics. In terms of the CSP, it claims that finale consumer data are kept and housed in the data center of the cloud provider, which saves business money on equipment and operations. Some organizations are unsure about the legal consequences of how CSP manages data passed over by consumers, which is one of the primary reasons to designate data centers to maintain the benefits of cloud computing. He also mentioned that the cloud ecosystem had issues with cybercrime forensics and proof retention. In the article, he also suggested architecture for the cloud process that involves a dynamic allocation management system and an information gathering and analysis engine to address these challenges. Mason and George discuss the data flow of electronic data and the use of cloud computing for forensic investigation as a trend [56]. That has gotten greater attention in recent years and, as a result, generates uncertainty in the present judicial system, which is not equipped to deal with cloud technology. The scientists clearly illustrate how to conduct an inquiry using the UK legal system, as well as how to collect evidence from foreign countries, in their article.

7.3. Concerns about Cloud Computing’s Privacy and Associated Risks

Cloud technology is a technical system in which users entrust their data to third parties who store it on a web computer [30]. As stated, virtualization has received only a small level of publicity from a private and legal standpoint. As Hou et al. pointed out, cloud computing comes with clear privacy and user hazards that must be addressed [57]. Remote forensics, also known as cloud forensics, allowed researchers to gather evidence without physically visiting the place and examining the storage devices. The danger act, risk cause, and risky things of a cloud system can all be analyzed and created on a cloud system's protection matters. In Table 2, some of the risks associated with cloud computing are described briefly [26].

As mentioned in Table 2, when users use the virtual machine as their protection object, the attacker can attack the virtual machine itself or its OS (operation system). Because monitoring software is running on a virtual machine, they are vulnerable to being attacked since the software does not have enough shield to protect users’ privacy. Also, when the protection object is cloud data, the administrators can misuse and mismanage information since all of the information is in their hands, and each user does not have access to them at a higher level. Finally, when business application systems are considered as a protection object, the attacker again can take advantage of them and sabotage not only OS, but also associated databases with them, for example, in a PaaS.

Parts of the cloud's fragmented data may belong to numerous data owners, while other parts are useless to a computer crime investigation. Evidence may disperse, resulting in the cloning of data exposing unnecessary features to investigators without the authorization of cloud providers [58]. When a search is obtained, the server supervisor could collect necessary data and pass it on to detective, but this is contradictory to the objective of the case's secrecy [59]. Rather than relying on individual keywords to find relevant evidence across many files, he offers a system that maintains the inquiry’s confidentiality while only extracting data that’s relevant to the inquiry.

Zhu et al. [31] developed the concepts of proof of retrievability (POR) and proven data presence (PDP) in this respect, arguing that audit services are essential for ensuring data integrity and availability. They suggested that audit services may be implemented using cryptographic techniques such as PDP. They also talked about the present challenges of checking the accuracy of data in a cloud context. Key encryption solutions for data integrity, depending on neural networks and sign systems, they claim, cannot operate on data owners without a local memory of the information. They claim that most current systems cannot provide security properties versus untrustworthy CSP's deceit and forgery. As a result, they argued that a new framework is needed in cloud inspection services that enable the safety of the traditional authentication method. They suggested an analytical review exporting infrastructure for validating the security of contracted online storage using the cryptography evaluation method. They also construct a sample of an inspection system to assess the suggested technique. The efficiency of the aforementioned techniques and algorithms has been confirmed by their experimental findings. Their solution also has a reduced computationally and requires less additional storage for validation, according to the results. To assess the suggested method, they designed an architecture for audit service outsourced and built a prototype. The efficacy of mentioned methods and algorithms has been confirmed by their experimental findings. By understanding the prevalent digital forensic investigation methods that are linked with security, they are confident that the cloud computing model is in straight contradiction with a numerical forensic investigation.

8. Cloud Forensic Investigations

In the case of cybercriminals or other illegal activity, various police authorities frequently conduct digital forensics inquiries [60]. They follow processes and standards that must be obeyed when dealing with evidence collected, which are outlined in standards. This is required to guarantee that the information found during the procedure meets legal standards and may be presented in court [61]. Because of its fleeting nature, cloud inquiries provide a unique set of challenges for these forensic experts.

9. Cloud-Based Forensic Investigations: Issues to Consider

We explored the many types of difficulties that detectives face when working by Internet and discovered the examining cloud services using the present methodologies, which were inefficient. The most important difficulties appeared to be the researchers' physical, personal, and legal restrictions. When it comes to cloud investigations, this can be much more difficult since it involves thousands of virtual machines, many systems, and a huge number of cloud users, just one of which is relevant to the matter. It would cause service interruptions for people who are not participating in the lawsuit [42]. The machines are connected to the data center and communicate with each other without the participant’s awareness. Furthermore, because of the accessible nature of the cloud, the only way to maintain identification when there is no physical connection is to utilize user IDs and passwords, which may be captured and misused by unauthorized users. As a result, there is a significant gap in the technologies that can help detectives in working with cloud data centers. It is tough to build these technologies for forensic information gathering since there are a lot of bridge creation and a lack of resources standardization [3].

10. Summary of Solutions Presented

After some thought, we have included some of the answers given in the selected articles in this section. First, we looked for cloud-based digital forensics options. Cloud suppliers offer software as a service, which includes a specialized investigative system for researchers to use. Because the researchers would have to deal with huge disk disks, they also offer investigations as a service. This platform may offer investigators terabytes of data of memory to handle numerous pictures and can also assist them in cracking cryptography keys. Another suggested framework integrated the conservation and recognition stages to aid data protection; the framework’s distinctiveness resides in the iterative process necessary for evaluating consumer equipment as evidence. In addition, to cope with the continuously changing cloud environment, a new data tracking system is recommended, as well as a data gathering and processing system to handle cloud-related difficulties. We have discovered solutions for specific stages of standard sensitivity analysis. For difficulties with the identification phase, it was proposed that a capability to monitor the status of client usage and logging be added to the software as a service architecture. Some innovative approaches were also presented. Afterward, there are approaches to safety, faith, and confidentiality problems in the cloud, with a secure informed cloud that uses a cloud authentication scheme being offered as a solution. It has an inner confidence element, which is performed using the physical system's hardware security module. In summary, the majority of cloud security issues are caused by the lack of a single standard paradigm. This can increase scientific researchers' capacity to conduct examinations by ensuring that worldwide standards are followed. Table 3 shows a comparison of cloud forensic, cloud computing's privacy and associated risks, and forensic approach for cloud forensic, which are discussed in this paper.

11. Conclusion

After some thought, we have included some of the answers given in the selected articles in this section. First, we looked for cloud-based digital forensics options. Cloud suppliers offer software as a service, which includes a specialized scientific server for researchers to use. Because the researchers would have to deal with huge hard drives, they also offer investigations as a solution. This service may offer investigators terabytes of data of memory to handle numerous pictures and can also assist them in cracking security keys. One of the suggested systems integrated the conservation and recognition stages to aid data protection; the program’s distinctiveness resides in the iterative process necessary for evaluating a client’s equipment as proof. Additionally, a data management framework was presented as well as a data gathering and processing system to address the concerns of the continuously changing cloud environment. We have discovered solutions for specific stages of standard forensics frameworks. For difficulties with the analysis phase, it was proposed that a capability to monitor the condition of customer consumption and reporting be added to the software as a service architecture. We also presented an innovative approach for establishing a minimum value for a remote monitoring system. There is now a way for a safe, trusted, and private cloud to be offered as a solution to the problems of security, trust, and privacy in the cloud. It has an inner trust component, which is performed using the physical system’s trusted platform component.

In summary, the majority of cloud security issues are caused by a lack of a uniform general framework, which can increase forensic analysts’ capacity to conduct examinations through the correct application of world standards. Despite the fact that governments can strive to establish agreements to protect privacy for the sake of bridge inquiry, choosing which court or judicial system to present the subject remains problematic. However, the tools that are ready to facilitate a thorough audit cannot be used to conduct a forensic examination on the Internet. As a result, appropriate application of worldwide standards aids detectives in improving cloud performance. The big data paradigm is one of the most promising computing paradigms for telecom operators, virtual servers, and cloud clients. However, we must plug in the present security weaknesses in order to get the most out of the model. The following is a summary of the Internet security concerns based on the facts supplied as follows:(i)Many security vulnerabilities, like as virtualization and SOA, are handed down from the technology used.(ii)Multitenancy and isolation are significant aspects of the data protection challenges that necessitate a vertical approach from the SaaS level to physical infrastructure.(iii)To oversee and monitor such a large number of needs and procedures, risk management is necessary.(iv)As indicated in Figure 3, the hybrid cloud should have a thorough security layer such that every contact with any cloud platform asset must first pass through security features. We propose that cloud computing security solutions be implemented:(v)Focus on the abstract of the problem, using model-based approaches to capture several security perspectives and connect them in a unified cloud security model.(vi)A feature of the data center. A flexible regulatory interface should be provided through delivery mechanisms (such as flexibility motors) and APIs.(vii)Project integration for multitenancy (each user can only see their own contributed data) and flexibility (you can scale up or down depending on the scenario).(viii)Assist with the integration and coordination of other security measures at various tiers so that integrated security may be provided.(ix)Adapt to environmental changes and the demands of users.

12. Future Work

We are taking a look at the current cloud security issue. As a consequence of the adoption of the cloud designer, a security gap has formed between cloud users’ and cloud providers’ system security measures. To solve this problem, we must(1)describe various investors’ regulatory standards from varied angles and levels of care,(2)chart security standards to surface structure, safety shapes, and protection criminal laws, and(3)give information to cloud suppliers and customers on existing security condition. In order to address the challenge of cloud system security, we suggest using an adaptive model-based method. Patterns will aid in the abstraction of problems and the capture of different stakeholders’ security needs at various degrees of detail. Adaptability will aid in the delivery of a cloud security paradigm that is interconnected, flexible, and enforced. The vicious circle will track system security in order to improve the present cloud security paradigm and keep cloud users informed about the protection of their property.

Data Availability

Data are available from the corresponding author upon request.

Conflicts of Interest

There are no conflicts of interest.

References

G. S. Sriram, “Edge computing vs. cloud computing: an overview of big data challenges and opportunities for large enterprises,” International Research Journal of Modernization in Engineering Technology and Science, vol. 4, no. 1, pp. 1331–1337, 2022.
View at: Google Scholar
U. Iqbal and S. Shafi, “Formally validated authentication protocols for WSN,” Advances in Intelligent Systems and Computing, Springer, Singapore, pp. 423–432, 2019.
View at: Publisher Site | Google Scholar
N. Goyal, K. P. Anand, K. G. Shashi, and P. Rashmi, “Suppleness of multi-tenancy in cloud computing: advantages, privacy issues, and risk factors,” in Proceedings of the International Conference on Sustainable Computing in Science, Technology and Management (SUSCOM), Amity University Rajasthan, Jaipur, India, February 24, 2019.
View at: Google Scholar
F. Ajaz, M. Naseem, S. Sharma, M. Shabaz, and G. Dhiman, “COVID-19: challenges and its technological solutions using IoT,” Current Medical Imaging Formerly: Current Medical Imaging Reviews, Bentham Science Publishers Ltd, vol. 18, no. 2, pp. 113–123, 2022.
View at: Publisher Site | Google Scholar
J. Bhola, S. Soni, and J. Kakarla, “A scalable and energy-efficient MAC protocol for sensor and actor networks,” International Journal of Communication Systems, vol. 32, no. 13, 16 pages, 2019.
View at: Publisher Site | Google Scholar
Y. Al-Dhuraibi, F. Paraiso, N. Djarallah, and P. Merle, “Elasticity in cloud computing: state of the art and research challenges,” IEEE Transactions on Services Computing, vol. 11, no. 2, pp. 430–447, 2018, ‏.
View at: Publisher Site | Google Scholar
P. Mell and T. Grance, “The NIST Definition of Cloud Computing,” 2009, http://www.wheresmyserver.co.nz/storage/media/faq-files/cloud-%20def-v15.pdf.
View at: Google Scholar
V. Jagota, M. Luthra, J. Bhola, A. Sharma, and M. Shabaz, “A secure energy-aware game theory (SEGaT) mechanism for coordination in WSANs,” International Journal of Swarm Intelligence Research, vol. 13, no. 2, pp. 1–16, 2022.
View at: Publisher Site | Google Scholar
S. Deshmukh, K. Thirupathi Rao, and M. Shabaz, “Collaborative learning based straggler prevention in large-scale distributed computing framework,” Security and Communication Networks, Hindawi Limited, vol. 2021, Article ID 8340925, pp. 1–9, 2021.
View at: Publisher Site | Google Scholar
J. K. R. Sastry and M. T. Basu, “Securing multi-tenancy systems through multi DB instances and multiple databases on different physical servers,” International Journal of Electrical and Computer Engineering, vol. 9, no. 2, p. 1385, 2019.
View at: Publisher Site | Google Scholar
S. Saralch, V. Jagota, D. Pathak, and V. Singh, “Response surface methodology based analysis of the impact of nanoclay addition on the wear resistance of polypropylene,” The European Physical Journal - Applied Physics, vol. 86, no. 1, pp. 10401–10413, 2019.
View at: Publisher Site | Google Scholar
C. Dou, L. Zheng, W. Wang, and M. Shabaz, “Evaluation of urban environmental and economic coordination based on discrete mathematical model,” Mathematical Problems in Engineering, vol. 2021, Article ID 1566538, 11 pages, 2021.
View at: Publisher Site | Google Scholar
G. S. Sriram, “Security challenges of big data computing,” International Research Journal of Modernization in Engineering Technology and Science, vol. 4, no. 1, pp. 1164–1171, 2022.
View at: Google Scholar
U. Iqbal and H. M. Ajaz, “Secure and practical access control mechanism for wsn with node privacy,” Journal of King Saud University-Computer and Information Sciences, 2020.
View at: Publisher Site | Google Scholar
S. Sanober, I. Alam, S. Pande et al., “An enhanced secure deep learning algorithm for fraud detection in wireless communication,” Wireless Communications and Mobile Computing, vol. 2021, Article ID 6079582, 14 pages, 2021.
View at: Publisher Site | Google Scholar
D. Y. Jiang, H. Zhang, H. Kumar et al., “Automatic control model of power information system Access based on artificial intelligence technology,” Mathematical Problems in Engineering, vol. 2022, Article ID 5677634, 6 pages, 2022.
View at: Publisher Site | Google Scholar
B. R. Kandukuri, R. Paturi, and A. Rakshit, “Cloud security issues,” in Proceedings of the 2009 IEEE International Conference on Services Computing, pp. 517–520, Bangalore, India, September. 2009.
View at: Publisher Site | Google Scholar
K. Popovic and Z. Hocenski, “Cloud computing security issues and challenges,” in Proceedings of the Third International Conference on Advances in Human-Oriented and Personalized Mechanisms, pp. 344–349, Technologies, and Services, Nice, France, August 2010.
View at: Google Scholar
M. Jensen, J. Schwenk, N. Gruschka, and L. Lo Iacono, “On technical security issues in cloud computing,” in Proceedings of the 2009 IEEE International Conference on Cloud Computing, pp. 109–116, Bangalore, India, September 2009.
View at: Google Scholar
B. Grobauer, T. Walloschek, and E. Stocker, “Understanding cloud computing vulnerabilities,” IEEE Security and Privacy Magazine, vol. 9, no. 2, pp. 50–57, 2011.
View at: Publisher Site | Google Scholar
S. Subashini and V. Kavitha, “A survey on security issues in service delivery models of cloud computing,” Journal of Network and Computer Applications, Press, vol. 34, no. 1, 2011.
View at: Publisher Site | Google Scholar
D. K. Holstein and K. Stouffer, “Trust but verify critical infrastructure cyber security solutions,” in Proceedings of the 2010 43rd Hawaii International Conference on System Sciences, pp. 1–8, Kauai, HI, USA, January 2010.
View at: Publisher Site | Google Scholar
Z. Wenjun, “Integrated security framework for secure web services,” IITSI, pp. 178–183, 2010.
View at: Publisher Site | Google Scholar
Y. Zhu, H. Hongxin, J. A. Gail, H. Yujing, and C. Shimin, “Collaborative integrity verification in hybrid clouds,” in Proceedings of the 7th International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom), IEEE, Orlando, FL, USA, Octobert. 2011.
View at: Publisher Site | Google Scholar
B. Wang, H. E. Huang, L. X. Yuan, and J. M. Xi, “Open identity management framework for SaaS ecosystem,” in Proceedings of the 2009 IEEE International Conference on e-Business Engineering, pp. 512–517, Manhattan, NY, USA, October 2009.
View at: Google Scholar
X. Chen, C. Chen, Y. Tao, and J. Hu, “A cloud security assessment system based on classifying and grading,” IEEE Cloud Computing, vol. 2, no. 2, pp. 58–67, 2015, ‏.
View at: Publisher Site | Google Scholar
F. Elizabeth and V okun, “web application scanners: definitions and functions,” in Proceedings of the 40th Hawaii International International Conference on Systems Science (HICSS-40 2007), p. 280b, Big Island, HI, USA, January 2007.
View at: Google Scholar
H. Guo, T. Shang, and B. Jin, “Forensic Investigations in Cloud Environments,” in Proceedings of the Computer Science and Information Processing (CSIP), pp. 248–251, Xi’an, Shaanxi, September 2012.
View at: Google Scholar
J. Lee and D. Hong, “Pervasive forensic analysis based on mobile cloud computing,” in Proceedings of the International Conference on Multimedia Information Networking and Security, pp. 572–576, Shanghai, China, December 2011.
View at: Google Scholar
F. Daryabar, A. Dehghantanha, and H. G. Broujerdi, “Investigation of malware defence and detection techniques,” International Journal of Digital Information and Wireless Communications, vol. 1, no. 3, pp. 645–650, 2012.
View at: Google Scholar
Y. Zhu, H. Hu, G. Ahn, and M. Yu, “Cooperative Provable Data Possession for Integrity Verification in Multi-Cloud Storage,” IEEE Transactions on Parallel and Distributed Systems, vol. 23, no. 12, 2012.
View at: Google Scholar
D. Liu, J. Lee, J. Jang, S. Nepal, and J. Zic, “A cloud architecture of virtual trusted platform modules,” in Proceedings of the IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, pp. 804–811, Hong Kong, China, december 2010.
View at: Google Scholar
C. Kessler, “Anti-forensics and the digital investigator,” in Proceedings of the 5th Australian Digital Forensics Conference, Perth Western, Australia, December 2007.
View at: Google Scholar
M. Damshenas, A. Dehghantanha, R. Mahmoud, and S. Bin Shamsuddin, “Forensics investigation challenges in cloud computing environments,” in Proceedings of the Cyber Warfare and Digital Forensics (CyberSec), pp. 190–194, Kuala Lumpur, Malaysia, June 2012.
View at: Google Scholar
F. Daryabar, A. Dehghantanha, F. Norouzi, and F. Mahmoodi, “Analysis of virtual honeynet and vlan-based virtual networks,” in Proceedings of the Science & Engineering Research (SHUSER), pp. 73–70, Kuala Lumpur, Malaysia, June 2011.
View at: Google Scholar
S. H. Mohtasebi and A. Dehghantanha, “Defusing the hazards of social network services,” International Journal of Digital Information, vol. 1, pp. 504–515, 2012.
View at: Google Scholar
A Dehghantanha, R Mahmoud, and N. I Udzir, “Towards green frameworks for digital forensics investigation,” Journal of Convergence Information Technology, vol. 8, no. 2, pp. 669–678, 2013.
View at: Publisher Site | Google Scholar
M. Sidheeq, A. Dehghantanha, and G. Kananparan, “Utilizing trusted platform module to mitigate botnet attacks,” International Conference on Computer Applications and Industrial Electronics, vol. 2, no. 5, pp. 111–117, 2010.
View at: Publisher Site | Google Scholar
A. Aminnezhad, A. Dehghantanha, and M. T. Abdullah, “A survey on privacy issues in digital forensics,” International Journal of Cyber-Security and Digital Forensics, vol. 1, no. 4, 2013.
View at: Google Scholar
H. Salehi, R. Boostani, and A. Aminnezhad, “A new hybrid algorithm to solve the task scheduling problem in grid computing,” International Journal of Computer Applications, vol. 62, no. 4, pp. 37–40, 2013.
View at: Publisher Site | Google Scholar
V. Jagota and R. K. Sharma, “Wear volume prediction of AISI H13 die steel using response surface methodology and artificial neural network,” Journal of Mechanical Engineering and Sciences, vol. 14, no. 2, pp. 6789–6800, 2020.
View at: Publisher Site | Google Scholar
A. Dehghantanha, R. Mahmod, N. I Udzir, and Z. A. Zulkarnain, “User-centered privacy and trust model in cloud computing Systems,” Computer And Network Technology, pp. 326–332, 2009.
View at: Publisher Site | Google Scholar
C. Sagaran, A. Dehghantanha, and R. Ramli, “A user-centered context-sensitive privacy model in pervasive systems,” in Proceedings of the Communication Software and Networks, pp. 78–82, Singapore, February. 2010.
View at: Google Scholar
N. Dimitri, “Pricing cloud IaaS computing services,” Journal of Cloud Computing, vol. 9, no. 1, pp. 14–11, 2020, ‏.
View at: Publisher Site | Google Scholar
A. Dehghantanha, N. I. Udzir, and R. Mahmod, “Evaluating user-centered privacy model (UPM) in pervasive computing systems,” Computational Intelligence in Security for Information Systems, vol. 6694, pp. 272–284, 2011.
View at: Publisher Site | Google Scholar
A. Dehghantanha and R. Mahmod, “UPM: user-centered privacy model in pervasive computing systems,” in Proceedings of the Future Computer and Communication, pp. 65–70, Kuala Lumpar, Malaysia, April 2009.
View at: Google Scholar
Y. Zhang, X. Kou, Z. Song, Y. Fan, M. Usman, and V. Jagota, “Research on logistics management layout optimization and real-time application based on nonlinear programming,” Nonlinear Engineering, vol. 10, no. 1, pp. 526–534, 2021.
View at: Publisher Site | Google Scholar
S. H. Mohtasebi, A. Dehghantanha, and H. G. Broujerdi, “Smartphone forensics: a case study with nokia E5-00 mobile phone,” International Journal of Digital Information and Wireless Communications, vol. 1, no. 3, pp. 651–655, 2012.
View at: Google Scholar
F. N. Dezfouli, A. Dehghantanha, and R. Mahmoud, “Volatile memory acquisition using backup for forensic investigation,” in Proceedings of the Cyber Warfare and Digital Forensic, pp. 186–189, Kuala Lumpur, Malaysia, June 2012.
View at: Google Scholar
T. Ristenpart, E. Tromer, H. Shacham, and S. Savage, “Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds,” in Proceedings of the presented at the Proceedings of the 16th ACM conference on Computer and communications security, Chicago, IL, USA, November 2009.
View at: Publisher Site | Google Scholar
J. Bhola and S. Soni, “Information theory-based defense mechanism against DDOS attacks for WSAN,” Advances in VLSI, Communication, and Signal Processing. Lecture Notes in Electrical Engineering, Springer, Singapore, vol. 683, 2021.
View at: Publisher Site | Google Scholar
D. Birk and C. Wegener, “Technical issues of forensic investigations in cloud computing environments,” in Proceedings of the Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, IEEE, Oakland, CA, USA, May 2011, ‏.
View at: Publisher Site | Google Scholar
M. Ibrahim, MT. Abdullah, and A. Dehghantanha, “VoIP evidence model: a new forensic method for investigating VoIP malicious attacks Cyber Security,” in Proceedings of the Cyber Warfare and Digital Forensic, pp. 201–206, Kuala Lumpur, Malaysia, June 2012.
View at: Google Scholar
S. Biggs and S. Vidalis, “Cloud computing: the impact on digital forensic investigations,” in Proceedings of the 2009 International Conference for Internet Technology and Secured Transactions (ICITST), p. ‏, IEEE, London, UK, November. 2009.
View at: Publisher Site | Google Scholar
C. Yan, “Study on forensic investigation of network crime in cloud computing environment,” Advanced Engineering Forum, Trans Tech Publications Ltd, ‏, vol. 1, 2011.
View at: Publisher Site | Google Scholar
S. Mason and E. George, “Digital evidence and 'cloud' computing,” Computer Law & Security Report, vol. 27, no. 5, pp. 524–528, 2011, ‏.
View at: Publisher Site | Google Scholar
S. Hou, T. Uehara, S. M. Yiu, L. C. K. Hui, and K. P. Chow, “Privacy-Preserving multiple keyword search for confidential investigation of remote forensics,” in Proceedings of the International Conference on Multimedia Information Networking and Security, pp. 595–599, Shanghai, China, November. 2011.
View at: Publisher Site | Google Scholar
N. Borhan, R. Mahmod, and A. Dehghantanha, “A framework of TPM, SVM and boot control for securing forensic logs,” International Journal of Computer Application, vol. 50, pp. 65–70, 2009.
View at: Google Scholar
F. Daryabar, A. Dehghantanha, and N. I. Udzir, “Investigation of Bypassing Malware Defenses and Malware Detections,” in Proceedings of the Conference on Information Assurance and Security (IAS), pp. 173–178, Melacca, Malaysia, December 2011.
View at: Publisher Site | Google Scholar
A. Dehghantanha, N. I Udzir, and R. Mahmod, “Towards a Pervasive Formal Privacy Language,” in Proceedings of the Advanced Information Networking and Applications Workshops (WAINA), pp. 1085–1091, Perth, WA, Australia, April 2010.
View at: Google Scholar
A. Dehghantanha, R. Mahmod, and N. I Udzir, “An XML based, user-centered privacy model in pervasive computing systems,” International Journal of Computer Science and Networking Security, vol. 9, no. 2, pp. 167–173, 2009.
View at: Google Scholar
M. Zhang, Y. U Chen, and J. Huang, “A searchable encryption scheme supporting privacy-preserving fuzzy multikeyword in cloud systems,” IEEE Systems Journal, vol. 15, pp. 2980–2988, 2020, ‏.
View at: Google Scholar
A. Alenezi, H. F. Atlam, and B. W Gary, “Experts reviews of a cloud forensic readiness framework for organizations,” Journal of Cloud Computing, vol. 8, pp. 1–14, 2019, ‏.
View at: Publisher Site | Google Scholar
S. Simou, C. Kalloniatis, S. Gritzalis, and V. Katos, “A framework for designing cloud forensic-enabled services (CFeS),” Requirements Engineering, vol. 24, no. 3, pp. 403–430, 2019, ‏.
View at: Publisher Site | Google Scholar
V. R. Kebande and H. S. Venter, “CFRaaS: architectural design of a Cloud Forensic Readiness as-a-Service Model using NMB solution as a forensic agent,” African Journal of Science, Technology, Innovation and Development, vol. 11, no. 6, pp. 749–769, 2019, ‏.
View at: Publisher Site | Google Scholar
P. Sharma, D. Arora, and T. Sakthivel, “Enhanced forensic process for improving mobile cloud traceability in cloud-based mobile applications,” Procedia Computer Science, vol. 167, pp. 907–917, 2020, ‏.
View at: Publisher Site | Google Scholar
S. Han, K. Han, and S. Zhang, “A data sharing protocol to minimize security and privacy risks of cloud storage in big data era,” IEEE Access, vol. 7, pp. 60290–60298, 2019, ‏.
View at: Publisher Site | Google Scholar
F. Ye, Y. Zheng, X. Fu, B. Luo, X. Du, and M. Guizani, “Tamforen: a tamper‐proof cloud forensic framework,” Transactions on Emerging Telecommunications Technologies, vol. 33, 2020.
View at: Google Scholar
D. R. Rani and G. Geethakumari, “Secure data transmission and detection of anti-forensic attacks in cloud environment using MECC and DLMNN,” Computer Communications, vol. 150, pp. 799–810, 2020, ‏.
View at: Publisher Site | Google Scholar
E. E. D. Hemdan and D. H. Manjaiah, “Digital forensic approach for investigation of cybercrimes in private cloud environment,” Recent Findings in Intelligent Computing Techniques, Springer, Singapore, vol. 707, pp. 25–33, 2019, ‏.
View at: Publisher Site | Google Scholar
H Xu, C Jing, Z Jian, G Liangyi, and G Zhaojun, “A survey: cloud data security based on blockchain technology,” in Proceedings of the IEEE Fourth International Conference on Data Science in Cyberspace (DSC), ‏, Hangzhou, China, June 2019.
View at: Publisher Site | Google Scholar
S. Jones, Z. Irani, U. Sivarajah, and P. E. D. Love, “Risks and rewards of cloud computing in the UK public sector: a reflection on three Organisational case studies,” Information Systems Frontiers, vol. 21, no. 2, pp. 359–382, 2019, ‏.
View at: Publisher Site | Google Scholar
Y. Khan and S. Varma, “Development and design strategies of evidence collection framework in cloud environment,” Social Networking and Computational Intelligence, vol. 100, pp. 27–37, 2020, ‏.
View at: Publisher Site | Google Scholar
T. Rochmadi and D. Heksaputra, “Forensic analysis in cloud storage with live forensics in windows (adrive case study),” International Journal of Cyber-Security and Digital Forensics, vol. 8, no. 4, pp. 292–297, 2019, ‏.
View at: Publisher Site | Google Scholar
M. Fernandez, J. Jaimunk, and B. Thuraisingham, “Privacy-preserving architecture for cloud-IoT platforms,” in Proceedings of the 2019 IEEE International Conference on Web Services (ICWS), IEEE, Milan, Italy, July 2019.
View at: Publisher Site | Google Scholar
S. Bhatia and J. Malhotra, “Forensic based cloud computing architecture–exploration and implementation,” in Proceedings of the 2019 3rd International Conference on Computing and Communications Technologies (ICCCT), IEEE, Chennai, India, Fabruary 2019.
View at: Google Scholar

Copyright

Copyright © 2022 S. Raghavendra et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies

Views

1113

Downloads

610

Citations