Comparative Study of Cloud Forensic Investigation Using ADAM And NIST 800-86 Methods in Private Cloud Computing

  • Reza Febriana Indonesian Islamic University
  • Ahmad Luthfi Indonesian Islamic University
DOI: https://doi.org/10.29207/resti.v7i5.5279
Keywords: Framework, ADAM, NIST, Cloud, Comparison

Abstract

As information technology advances, associated risks also increase, particularly in the field of private cloud computing services. These services are subject to potential internal abuse risks, either due to system vulnerabilities or other factors. However, the investigation of these incidents in private cloud computing varies greatly due to the different frameworks and unique characteristics of each cloud service. The lack of a standardized approach to analyzing and assessing investigative processes in cloud computing services has been a persistent problem. This lack of consensus affects the accuracy, efficiency, and data acquisition process when dealing with digital evidence in each method, causing concern among researchers. To overcome this, a comparative study was carried out with a focus on the ADAM (The Advanced Data Acquisition Model) method and the NIST (National Institute of Standards and Technology) method. The goal is to identify the most effective investigative process to deal with cyber attack incidents on both the server and client side of cloud computing services. By testing these methods in a network that is built on private cloud computing services, then the results from this research include the weaknesses and strengths of the ADAM and NIST methods are found when applied to cloud computing case studies and these have not been identified in previous research, then produce recommendations for investigators when conducting investigations on case studies on cloud computing, and in this study managed to find a bug in the ownCloud application version 10.9.1. Then this study also aims to provide researchers with valuable references to carry out analysis and assessment in the investigative process, where standardization is still an unresolved issue.

Downloads

Download data is not yet available.

References

Dwi Kurnia Wibowo, Ahmad Luthfi, Yudi Prayudi, Erika Ramadhani, and Muhamad Maulana, “Faux Insider Hazard Investigation on Non-Public Cloud Computing by Using ADAM’s Technique,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 6, pp. 1028–1036, 2022, doi: 10.29207/resti.v6i6.4714.

T. Sianturi and Kalamullah Ramli, “A Security Framework for Secure Host-to-Host Environments,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 3, pp. 380–386, 2022, doi: 10.29207/resti.v6i3.4018.

Y. Khan and S. Varma, Development and Design Strategies of Evidence Collection Framework in Cloud Environment. 2020. doi: 10.1007/978-981-15-2071-6_3.

H. Ernita, Y. Ruldeviyani, D. Nurul Maftuhah, and R. Mulyadi, “Strategy to Improve Employee Security Awareness at Information Technology Directorate Bank XYZ,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 4, pp. 577–584, 2022, doi: 10.29207/resti.v6i4.4170.

F. Fataftah and B. Isong, “Case Study Analysis of the Use of Cloud Computing for Assessing Big Data Risks,” vol. 5, no. 2, pp. 445–466, 2023, doi: 10.51519/journalisi.v5i2.478.

P. Jain and A. Mahalkari, “Review of Cloud Forensics: Challenges, Solutions and Comparative Analysis,” Int. J. Comput. Appl., vol. 178, no. 34, pp. 28–34, 2019, doi: 10.5120/ijca2019919220.

C.-Y. Cheng, E. Colbert, and H. Liu, “Experimental Study on the Detectability of Man-in-the-Middle Attacks for Cloud Applications,” in 2019 IEEE Cloud Summit, 2019, pp. 52–57. doi: 10.1109/CloudSummit47114.2019.00015.

Bita Parga Zen, Anggi Zafia, and Iwan Nofi Yono Putro, “Network Security Analysis Simulation at the GCS in the UCAV to support the Indonesian Defense Area,” J. RESTI (Rekayasa Sist. dan Teknol. Informasi), vol. 6, no. 5, pp. 824–831, 2022, doi: 10.29207/resti.v6i5.4412.

N. Widiyasono, I. Riadi, and A. Luthfi, “Investigation on the services of private cloud computing by using ADAM Method,” Int. J. Electr. Comput. Eng., vol. 6, no. 5, pp. 2387–2395, 2016, doi: 10.11591/ijece.v6i5.11527.

N. Tissir, S. El Kafhali, and N. Aboutabit, “Cybersecurity management in cloud computing: semantic literature review and conceptual framework proposal,” J. Reliab. Intell. Environ., Jun. 2021, doi: 10.1007/s40860-020-00115-0.

M. H. Hersyah, “A Proposed Model of Digital Forensic on Cloud Computing Security Infrastructure,” Int. J. Innov. Enterp. Syst., vol. 2, no. 02, pp. 18–23, 2018, doi: 10.25124/ijies.v2i02.21.

S. Simou, C. Kalloniatis, S. Gritzalis, and V. Katos, “A framework for designing cloud forensic-enabled services (CFeS),” Requir. Eng., 2019, doi: 10.1007/s00766-018-0289-y.

D. Sudyana and N. Lizarti, “Forensic Investigation Framework on Server Side of Private Cloud Computing,” vol. 10, no. 3, pp. 181–192, 2019, doi: 10.24843/LKJITI.2019.v10.i03.p06.

E. E.-D. Hemdan and D. H. Manjaiah, “An efficient digital forensic model for cybercrimes investigation in cloud computing,” Multimed. Tools Appl., vol. 80, no. 9, pp. 14255–14282, 2021, doi: 10.1007/s11042-020-10358-x.

G. S. Pandi, S. Shah, and K. H. Wandra, “Exploration of Vulnerabilities, Threats and Forensic Issues and its impact on the Distributed Environment of Cloud and its mitigation,” Procedia Comput. Sci., vol. 167, no. 2019, pp. 163–173, 2020, doi: 10.1016/j.procs.2020.03.194.

A. Alenezi, H. F. Atlam, and G. B. Wills, “Experts reviews of a cloud forensic readiness framework for organizations,” J. Cloud Comput., vol. 8, no. 1, 2019, doi: 10.1186/s13677-019-0133-z.

S. Yuan, “Deep Learning for Insider Threat Detection : Review , Challenges and Opportunities,” 2020, doi: https://doi.org/10.48550/arXiv.2005.12433.

T. Morrow, K. Pender, C. Lee, D. Faatz, and N. Richmond, Overview of Risks, Threats, and Vulnerabilities Faced in Moving to the Cloud. apps.dtic.mil, 2020. doi: 10.1184/R1/12363569.v2.

M. Malatji, A. Marnewick, and S. Von Solms, “Computers & Security Validation of a socio-technical management process for optimising cybersecurity practices,” Comput. Secur., vol. 95, p. 101846, 2020, doi: 10.1016/j.cose.2020.101846.

M. Khanafseh, M. Qatawneh, and W. Almobaideen, “A survey of various frameworks and solutions in all branches of digital forensics with a focus on cloud forensics,” Int. J. Adv. Comput. Sci. Appl., vol. 10, no. 8, pp. 610–629, 2019, doi: 10.14569/ijacsa.2019.0100880.

S. Siddiqui, M. Darbari, and D. Yagyasen, “A comprehensive study of challenges and issues in cloud computing,” … Comput. Signal Process., 2019, doi: 10.1007/978-981-13-3600-3_31.

D. C. Le and A. N. Zincir-Heywood, “Evaluating insider threat detection workflow using supervised and unsupervised learning,” Proc. - 2018 IEEE Symp. Secur. Priv. Work. SPW 2018, pp. 270–275, 2018, doi: 10.1109/SPW.2018.00043.

R. Adams, V. Hobbs, G. Mann, V. Hobbs, and G. Mann, “Journal of Digital Forensics , Security and Law The Advanced Data Acquisition Model ( Adam ): A Process Model for Digital Forensic Practice THE ADVANCED DATA ACQUISITION MODEL ( ADAM ): A PROCESS MODEL FOR,” vol. 8, no. 4, 2013, doi: https://doi.org/10.15394/jdfsl.2013.1154.

F. Yuan, Y. Cao, Y. Shang, Y. Liu, J. Tan, and B. Fang, Insider threat detection with deep neural network, vol. 10860 LNCS. Springer International Publishing, 2018. doi: 10.1007/978-3-319-93698-7_4.

M. N. F. Rusydi Umar, Anton Yudhana, “Experimental Analysis of Web Browser Sessions Using Live Forensics Method,” Int. J. Electr. Comput. Eng., vol. 8, 2018, doi: 10.11591/ijece.v8i5.pp2951-2958.

Z. A. Al-Sharif, M. I. Al-Saleh, L. M. Alawneh, Y. I. Jararweh, and B. Gupta, “Live forensics of software attacks on cyber–physical systems,” Futur. Gener. Comput. Syst., vol. 108, pp. 1217–1229, 2020, doi: 10.1016/j.future.2018.07.028.

R. A. Ramadhan, P. Rachmat Setiawan, and D. Hariyadi, “Digital Forensic Investigation for Non-Volatile Memory Architecture by Hybrid Evaluation Based on ISO/IEC 27037:2012 and NIST SP800-86 Framework,” IT J. Res. Dev., vol. 6, no. 2, pp. 162–168, 2022, doi: 10.25299/itjrd.2022.8968.

Published
2023-10-01
How to Cite
Reza Febriana, & Ahmad Luthfi. (2023). Comparative Study of Cloud Forensic Investigation Using ADAM And NIST 800-86 Methods in Private Cloud Computing. Jurnal RESTI (Rekayasa Sistem Dan Teknologi Informasi), 7(5), 1097 - 1110. https://doi.org/10.29207/resti.v7i5.5279
Issue
Vol 7 No 5 (2023): October 2023
Section
Information Technology Articles

Copyright (c) 2023 Jurnal RESTI (Rekayasa Sistem dan Teknologi Informasi)

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Copyright in each article belongs to the author

  1. The author acknowledges that the RESTI Journal (System Engineering and Information Technology) is the first publisher to publish with a license Creative Commons Attribution 4.0 International License.
  2. Authors can enter writing separately, arrange the non-exclusive distribution of manuscripts that have been published in this journal into other versions (eg sent to the author's institutional repository, publication in a book, etc.), by acknowledging that the manuscript has been published for the first time in the RESTI (Rekayasa Sistem dan Teknologi Informasi) journal ;

Most read articles by the same author(s)