The article defines a cybercrime forensic system as a system providing for the collection preservation and analysis of digital evidence for the courts.  The author Cheng Yan presents a framework for the cloud computing cybercrime forensic system as being like a computer virus and accomplishing two main tasks for criminal investigation of the cloud environment: firstly, monitoring and collection and secondly analysis of data as potential forensic evidence for criminal investigation. 

Developing trends in cloud computing has presented various new challenges in cybercrime forensics.  Cheng notes that these issues include an increase in the data, time, physical and geographical scope of the equipment and systems involved in the criminal investigation.    An increase in the types of cyber-criminality typified in the cloud environment is also highlighted with mention of obscenity, phishing, pornography, privacy, copyright and e-commerce breaches.  No mention is made of the impact if any on these emerging areas of the cybercrime forensic systems.

The extended scope of this criminality reaches international levels and has potentially widespread economic and health consequences.  The author clearly establishes the fact that computer systems targeted or involved in the criminal activity will often be spread across international borders.  As a result, various governments and cybercrime forensic agencies may be involved in a single investigation.  Cheng surmises that judicial cooperation in relation to emerging concepts such as virtual locations call for a novel approach to global cybercrime forensics. He however omits mention of the ground already covered by international organizations such as the Organisation for Economic Cooperation and Development (OECD) and the United Nations (UN) in establishing international cooperation and technological and legislative alignment toward a global effort against international cybercrime. (Ana I. Cerezo, 2007)

The author also noted issues trending in cloud cybercrime which complicate the preservation of evidence procured through cybercrime forensics.  He mentioned acquisition, analysis and reporting as the three main phases of securing and preserving digitally originated evidence (Yan, 2011).  The author wisely points out that there is an increased challenge in detecting the evidence and a need for more proficient policing in this effort.  This observation adeptly highlights the effect of the growing trends on the cybercrime systems.

The evidence gathered through cybercrime forensics is primarily electronic.  The author observes that they are insufficient as evidence on their own due to their volatile nature and their vulnerability to tampering.  The author mentioned the resulting challenge of preserving the legal admissibility of the evidence gathered and the need for international cooperation for enforcing penalties of cloud-based cybercrime. The significance of this point warrants more than the author’s cursory outline of the issue: the current capabilities of the cybercrime systems in addressing the vulnerabilities of electronic evidence and even suggesting future research or emerging technologies which provide hope for a solution.

The author points out the central importance of the cloud computing core system which controls the direction and channeling of requests and services for its users.   With a main core accessing all the servers within the cloud network the forensic system monitoring in real time and if necessary, acquiring data evidence and following through with its analysis.  These are the two main functions of the system. The system monitors communication streams from devices and equipment and access systems across the network.

The second function is facilitated by the system’s access to log files, temporary files and other compilation of storage, usage and access data.  The engine classifies the information and analyzes the volatile set for presupposed criminal characteristics which triggers recording for future analysis.  This trigger will also prompt investigative software to capture further volatile information along with relevant details such as IP DNS using advanced forensic mechanisms such as the AccessData Forensic Toolkit (FTK). This extends to data that may be hidden in unallocated storage spaces on the network. 

Overall this article provides a good overview of the proposed system but fails to shed light on how it solves the problem non-persisting data as evidence.  The author hints at the insufficiency of the scale of the forensic system in comparison to the cloud and suggests this area as an area for future research.  Cheng, however, overlooks the significant problem of victims of cybercrime’s unwillingness to report attacks due to fear of stigmas, loss of reputation or investor confidence (Neufeld, 2010). This undermines the entire framework for the forensic system by removing the initiation of reports and charges needed to begin criminal proceedings. The article focuses on ex-post-facto aspects of cybercrime (Ana I. Cerezo, 2007) without mention of potential preventative systems.  These two omissions presuppose the inevitability of cybercrime and implies that prevention may be impractical this approach predisposes the cloud as a breeding ground for cyber-criminal activity.

References

Ana I. Cerezo, J. L. (2007). International Cooperation to Fight Transnational Cybercrime. IEEE.

Neufeld, D. J. (2010). Understanding Cybercrime. Ontario Canada: ICSS.

Yan, C. (2011). Cybercrime Forensic System in Cloud Computing. Shanghai, China: IEEE.