Digital Forensics Evidence Acquisition and Chain of Custody in Cloud Computing Mahmoud M. Nasreldin 1 , Magdy El-Hennawy 2 , Heba K. Aslan 3 , and Adel El-Hennawy 1 1 Ain Shams University Cairo, Egypt 2 Shorouk Academy Cairo, Egypt 3 Electronics Research Institute Cairo, Egypt Abstract The new cloud computing concept delivers an adaptable service to many users. This is due to the fact that cloud computing offers an economic solution based on pay-per use idea. At the same time, digital forensics is a relatively new discipline born out due to the growing use of computing and digital solution. Digital forensics in cloud computing brings new technical and legal challenges (e.g. the remote nature of the evidence, trust required in the integrity and authenticity, and lack of physical access.) Digital forensics difficulties in cloud computing comprise acquisition of remote data, chain of custody, distributed and elastic data, big data volumes, and ownership. In the literature, there are many schemes that deal with these issues. In 2013, Hou et al. proposed a scheme to verify data authenticity and integrity in server-aided confidential forensic investigation. The authenticity and integrity are two essential requirements for the evidence admitted in court. The aim of this paper is twofold. First, to introduce a new concept for digital artifacts acquisition in cloud computing as a consolidation between digital forensic and cloud computing. This concept guarantees safe investigation to trusted digital evidence. Secondly, to analyze Hou et al.’s scheme with respect to its claimed integrity and authenticity properties. Our analysis shows that Hou et al.’s scheme does not satisfy the claimed integrity and authenticity in server-aided confidential forensics investigation. To achieve the authenticity, confidentiality and integrity of evidence in cloud, we illustrate how encryption and digital signature algorithms could be used within different designs to ensure confidentiality and chain of custody for the digital forensics process in the cloud. Keywords: Cloud Computing, Digital Forensics, Digital Evidence Acquisition, Digital Investigation, Trusted Digital Evidence, Chain of Custody, Encryption, Digital Signature. 1. Introduction Cloud computing is expected to shape the forthcoming practices in Information and Communication Technology (ICT). It is likely that cloud computing will change the approaches in which establishments comprehend their Information Technology (IT) need. Business-wise, cloud computing allows establishments to efficiently subcontract IT needs and reduce the operation cost (e.g. equipment, support, maintenance, manpower.) In cloud computing, establishments transfer their data and processing to a cloud to achieve high availability and access speed. Cloud security is the main anxiety of clienteles in the cloud. So, many establishments resist migration of their IT needs to the cloud. On the other, hand, digital forensics has developed as a discipline to support law enforcement in dealing with the use of digital device in illegal acts. In the Internet of Things era, gadgets feature in many of the everyday crimes. In cybercrimes, forensic inspection of digital evidence can disclose a fortune of clues. Given that an incident took place, it is vital to the law and order to be able to enquire into the evidence in order to assure that the evidence is admissible in court. This implies how to discover, identify, trace, and handle the cybercrime evidence. It is essential to reconstruct precisely what has been done, otherwise critical evidence might be questioned by court. The digital forensic investigator must follow firm digital forensic methodologies in order to conduct a digital forensic inspection. The digital forensic process comprises a number of steps (i.e. acquisition, examination, analysis, and reporting). Due to the rapid development in cloud computing, numerous challenges in cybercrime investigations appear. This brings the need for digital forensics professionals to encompass their expertise in the cloud computing and digital forensics domains in order to reduce the risks of cloud security breach. Apart from that, some characteristics of cloud computing such as lack of well- defined physical characteristics, different service models, and different deployment models have created a new IJCSI International Journal of Computer Science Issues, Volume 12, Issue 1, No 1, January 2015 ISSN (Print): 1694-0814 | ISSN (Online): 1694-0784 www.IJCSI.org 153 2015 International Journal of Computer Science Issues