Co-authored by Pankaj Verma
What is Cloud Computing?
Technology has no boundaries, and the emerging market of cloud computing is proving it to be true. The National Institute of Standards and Technology (NIST) defines cloud computing as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” These are the magic words for any company in this economy—you pay only for what you use. Cloud computing is not a new technology, but a new way of providing IT infrastructure to organizations as business demands them.
Challenges in Cloud Forensics
Although cloud computing promises simplicity and delivers a number of benefits, it is full of surprises and challenges to the digital forensics world. Traditionally, companies own storage servers, workstations and the physical location where data resides. Cloud computing has virtualized that environment where Electronically Stored Information (ESI) can be stored anywhere and accessed from anywhere on any platform. Typically, the physical location is unknown and is not provided to the data owners by the cloud service providers. Even if one is able to determine the physical location of the server (which could be anywhere in the world), it is difficult to find the precise data location on the server as each server is shared by numerous organizations.
Once the data location is identified, the next challenge is how to acquire it? Data could reside in multiple places located a few miles apart or in entirely different countries. The Data Privacy Protection laws in place in other countries may or may not restrict forensic professionals from collecting the data.
Adding to the complexities, there is no fool-proof method of acquiring cloud data forensically (bit-by-bit). Cloud forensics is a combination of computer forensics and network forensics. The active data can be collected using traditional computer forensics tools to protect its identity and metadata. In addition, you have to use network forensics tools to capture additional data not captured by traditional IT or forensics tools —such as activity logs (e.g. network logs – specific to data sent or received over the network). These activity logs can cause authentication issues because they are constantly overwritten in the cloud. In other words, by the time an expert is testifying about these logs in court, they have been overwritten and there is no proof of their existence.
Cloud computing is pushing digital forensics to new limits. This opens up an opportunity to create new standards and policies that will evolve with the technology until they both mature and reach a point of stability. It will be an interesting evolution to watch.
This blog post only scratches the surface of issues that can arise in cloud computing, if you want to discuss your experiences or other issues you’ve encountered please email me at firstname.lastname@example.org..