betz maps

Cloud Forensics


Cloud computing has emerged as one of the foremost topics by changing the method of providing IT infrastructure to organizations, promising simplicity and delivering utilities through the application of virtualization technologies. Cloud computing provides convenience, availability, large storage capacity, elasticity, scalability, speed and on-demand network access to a shared pool of configurable computing resources while reducing the associated cost through a pay-as-you-go basis for consumers. Companies are realizing that cloud computing is offering fast access to best-of-breed business applications and is drastically increasing their infrastructure resources. However, there are concerns about how security and compliance integrity can be maintained in this new environment.

Cloud Forensics is different than the traditional computer forensics (i.e., acquiring evidence from a PC, laptop, handheld device, etc.). In these mentioned devices, the size of data storage is not a primary issue to deal and work with for the investigator who is carrying out the data acquisition process.

Cloud forensics combines the disciplines of cloud computing and digital forensics. Cloud computing provides a shared collection of network resources, such as networks, servers, storage, applications, and services, that provide the ability to be reconfigures quickly with a minimal amount of effort. Digital forensics applies the principles of computer science to the recovery of electronic evidence to be presenting in a court of law. Cloud forensics is also a subset of network forensics as network forensics concerns forensic investigations involving any type of network regardless if it is private or public. In turn, cloud computing relies on broad network access, following the primary principles found within the network forensic process with certain techniques customized for the cloud computing environment.

Cloud computing presents complex aspects, rapidly identified as an emerging paradigm. The essential characteristics have demonstrated a dramatic reduction in associated IT costs, significantly contributing to the rapid adoption of cloud computing by numerous businesses and governments. CSPs maintain data centers throughout the world to ensure the continuation of service availability and cost-effectiveness. Data stored at one location is replicated for storage at multiple locations, ensuring abundance while reducing the risk of failure. Forensic responsibilities vary in affordance to the service models applied as a result of the segregation of duties that exist between the CSPs and the customers. Similarly, the interactions between multiple tenants sharing the same cloud resources vary in accordance to the deployment model applied.

Additional legal challenges are created through the default settings of cloud forensics as reflected through the multiple jurisdictions and multi-tenancy nature of cloud computing. The majority of cloud forensics investigations require the involvement and collaboration among international law enforcement agencies as a result of resource sharing by multiple tenants in conjunction with sophisticated interactions between CSPs and customers. In order to apply a comprehensive analysis in the domain of cloud forensics as well as emphasizing the multi-dimensionality of cloud forensics as opposed to the perception as a strictly technical issue, this paper will analyze and discuss each aspect.

The following sections will be discussed in detail to provide clarity to the important aspects and challenges within the discipline of Cloud Forensics:

  1. Digital Forensics
  2. Cloud Computing
  3. Cloud Forensics

To develop an enhanced insight, the ensuing section will address certain issues and challenges encountered by digital forensics in relation to evidence and procedure.