Cloud Forensics - Factors Involved
According to a whitepaper presented by RiskPro, cloud forensics becomes a delicate issue as there are several questions involved, other than the jurisdiction and its acceptance of different material as evidence. Some of the very basic factors are:
- Data has to be collected without losing its integrity;
- Preserving the data in custody is critical to its acceptance by different jurisdictions across the world;
- The conclusions that are derived should be in a reproducible manner. The jurisdictions/courts may want the cloud forensics' team to reproduce the conclusions using different methods.
According to RiskPro, "if we take these factors to a cloud context, many questions immediately come to mind." Some of them are mentioned below:
- How to identify and procure the data required?
- What kind of data is logged by the cloud service provider and what is the duration for which they keep it?
- How to access the data required?
- Will the cloud provider be involved in interpretation of data or will the investigators have to do it in a self-serve manner?
- What data would be accepted in courts and what would be a waste of time?
As each cloud provider has their own unique approach for cloud offerings, they tend to create different types of logs that may or may not suit the above factors and questions. Additionally, several cloud operators would not want to get involved, thereby leaving everything to the investigators and the clients. This may make the task very difficult.
Thus, for cloud forensics, the investigators will have to check with the service provider to see the kind of logs they create and keep. They also need to check the availability of these logs for forensic purposes. The cloud provider needs to cooperate fully for a proper cloud forensics analysis.
To deal with such circumstances, Microsoft asks for uniformity across different cloud providers and urges different governments to adopt a uniform method so that cloud computing becomes easier. If this is achieved, cloud forensics will also become easier. For more on Microsoft's perspective on cloud computing, please read the excerpts of Microsoft's whitepaper on the Cloud.
The above discusses cloud forensics in a very brief manner. If you wish to contribute or have any questions, please feel free to use the comments section below.
Reference: RiskPro's Whitepaper on Cloud Forensics retrieved at http://www.riskpro.co.in/index.php/fraudtoday/more-about-fraudtoday/77-white-paper-on-cloud-forensics