Forensics Investigation in The Cloud: Determining Where Evidence Starts And Ends

Year 2025, Volume: 1 Issue: 1, 102 - 131, 20.07.2025

Zeynep Çelik

Abstract

This article examines the effects of cloud computing technologies on digital forensics processes within the framework of their benefits and challenges (such as lack of physical access, data volatility, and legal complexities). While analyzing how incident response and digital evidence collection differ in the cloud, this study introduces the original Cloud Evidence Lifecycle Model (CELM) and the Evidence Accessibility and Integrity Scale (KEBS) as a methodological solution to the question of 'where evidence begins and ends in the cloud.' Forensic investigation steps and encountered issues are evaluated in light of these models through the LastPass data breach case. The study emphasizes the need for reassessing cloud systems from a digital forensics perspective, the contribution of the proposed models to this process, and the importance of enhancing organizational preparedness.

Keywords

Cloud Computing , Digital Forensics , LastPass , Incident Response , Data Security , Cloud Forensics

Bulut Ortamında Adli İnceleme: Kanıtın Nerede Başlayıp Nerede Bittiğinin Belirlenmesi

Abstract

Bu makale, bulut bilişim teknolojilerinin adli bilişim süreçlerine etkilerini, sunduğu faydalar ve getirdiği zorluklar (fiziksel erişim eksikliği, veri uçuculuğu, yasal karmaşa) çerçevesinde incelemektedir. Olay müdahalesi ve dijital delil toplamanın bulutta nasıl farklılaştığı analiz edilirken, 'bulutta kanıt nerede başlar, nerede biter?' sorusuna metodolojik bir çözüm olarak özgün Bulutta Kanıt Yaşam Döngüsü Modeli (CELM) ve Kanıtın Erişilebilirlik ve Bütünlük Skalası (KEBS) sunulmaktadır. LastPass veri ihlali vakası üzerinden bu modeller ışığında adli inceleme adımları ve karşılaşılan sorunlar değerlendirilmiştir. Çalışma, bulut sistemlerinin adli bilişim açısından yeniden değerlendirilmesi, önerilen modellerin bu sürece katkısı ve kurumsal hazırlığın artırılması gerektiğini vurgulamaktadır.

Keywords

Bulut Bilişim , Adli Bilişim , LastPass , Olay Müdahalesi , Veri Güvenliği , Bulut Adli Bilişimi

References

• 6698 sayılı Kişisel Verilerin Korunması Kanunu. (2016). Resmi Gazete, 29677, 1–6.
• Alenezi, M. (2021). Safeguarding cloud computing infrastructure: A security analysis. Computer Systems Science and Engineering, 37(2), 159–167.
• Al Sadi, Ghania. "Cloud computing architecture and forensic investigation challenges. " International Journal of Computer Applications 124.7 (2015).
• Big Data Bilişim. (2025). Bulut depolama alanlarının adli incelenmesi. https://bigdata.com.tr
• Cloud Act. (n.d.). https://aws.amazon.com/tr/compliance/cloud-act/
• Digital Forensics as a Service: A game changer - Scientific Figure on ResearchGate. (2025, May 9). https://www.researchgate.net/figure/IDFPM-Digital-forensic-investigation-Kohn-etal-2013_fig2_261762759
• Emekci, A., Kuğu, E., & Temiztürk, M. (2016). Adli bilişim ezberlerini bozan bir düzlem: Bulut bilişim. UBGMD, 2(1), 8–14. https://doi.org/10.18640/ubgmd.08216
• Emekci, Ş., Güray, E., & Kılınç, A. (2016). Bulut bilişim ortamlarında adli bilişim uygulamaları. Uluslararası Bilgisayar ve Bilgi Teknolojileri Sempozyumu. Dergipark.org.tr
• Furht, B., & Escalante, A. (2010). Handbook of cloud computing. Springer Publishing Company.
• Grobauer, B., Walloschek, T., & Stocker, E. (2011). Understanding cloud computing vulnerabilities. IEEE Security & Privacy, 9(2), 50–57.
• Grispos, G., Glisson, W. B., & Storer, T. (2014). Using cloud computing to achieve organizational security goals.
• Güngör, E. (2022). Yargı yetkisi sorunları bağlamında bulut bilişim sistemleri ve adli delil elde etme. Bilişim Hukuku Dergisi. Dergipark.org.tr
• Herman, M., Iorga, M., Halterman, R., & NIST Cloud Computing Forensic Science Working Group. (2014). Cloud computing forensic science challenges (NISTIR 8006). National Institute of Standards and Technology. https://csrc.nist.gov/pubs/ir/8006/final
• Kişisel Verileri Koruma Kurumu. (2018). Kişisel verilerin korunması kanununa ilişkin uygulama rehberi (ss. 56–61). KVKK Yayınları.
• LastPass (2023, Mart 1). Security incident update and recommended actions. https://blog.lastpass.com/posts/security-incident-update-recommended-actions
• Lee, J., & Un, S. (2012, October). Digital forensics as a service: A case study of forensic indexed search. In 2012 International Conference on ICT Convergence (ICTC) (pp. 499–503). IEEE.
• Ministry of Electronics and Information Technology (MeitY). (2023). The Digital Personal Data Protection Act, 2023 (DPDPA). Government of India. https://www.meity.gov.in/data-protection-framework
• National Institute of Standards and Technology. (2014). Cloud computing forensic science challenges (NISTIR 8006). U.S. Department of Commerce. https://csrc.nist.gov/pubs/ir/8006/final
• Nourmandi-pour, R., & Vosoogh, A. (2015). Scheduling problems for cloud computing. Cumhuriyet Üniversitesi Fen Edebiyat Fakültesi Fen Bilimleri Dergisi, 36(3), 2628–2652.
• Parmar, V. N., Rana, U. D., & Vaghela, R. (2024). Review on challenges in cloud forensics. International Journal of Science and Research (IJSR), 13(6), 113–118. https://doi.org/10.21275/SR24531104809
• Peterson, G., & Shenoi, S. (Eds.). (2013). Impact of cloud computing on digital forensic investigations. In Advances in Digital Forensics IX (Vol. 410, pp. 291–303). Springer.
• Quick, D., Martini, B., & Choo, R. (2012). Cloud storage forensics (pp. 1–12). Elsevier.
• Reilly, D., Moyne, J. T., & Abidin, A. (2013, May). Cloud forensics issues and opportunities. Paper presented at the Information Technology and Communications Conference (ITACC), Ireland.
• Rehberg, R. (2024). Cybersecurity in the EU: How the NIS2-directive stacks up against its predecessor. Computer Law & Security Review, 50, 105840. https://doi.org/10.1016/j.clsr.2023.105840
• Ruan, K., Carthy, J., Kechadi, T., & Crosbie, M. (2011). Cloud forensics: An overview. In Digital Forensics and Cyber Crime (Vol. 361, pp. 35–47). Springer.
• Seeba, M., Valgre, M., & Matulevičius, R. (2025). Evaluating organization security: User stories of European Union NIS2 Directive. arXiv. https://arxiv.org/abs/2504.19222
• Tezcan, D. (2019). Bilişim suçlarında uluslararası adli yardımlaşma. Yaşar Hukuk Dergisi, 1(2), 287–294.
• Wen, Y., Man, X., Le, K., & Shi, W. (2013). Forensics-as-a-service (FaaS): Computer forensic workflow management and processing using cloud. In The Fifth International Conferences on Pervasive Patterns and Applications (pp. 1–7). IARIA.
• Srinivasan, A., & Ferrese, F. (2019). Forensics-as-a-Service (FaaS) in the state-of-the-art cloud. L. Chen, H. Takabi, & N.-A. Le-Khac (Ed.), Security, privacy, and digital forensics in the cloud (ss. 321-337). Wiley-IEEE Press. https://doi.org/10.1002/9781119053385.ch16
• Zawoad, S., & Hasan, R. (2015). Cloud forensics: A meta-study of challenges, approaches, and open problems. IEEE Transactions on Services Computing, 8(3), 420-430.