Technical Challenges of Forensic Investigations in Cloud Computing Environments

Cloud Computing is arguably one of the most discussed information technology topics in recent times. It presents many promising technological and economical opportunities. However, many customers remain reluctant to move their business IT infrastructure completely to “the Cloud“. One of the main concerns of customers is Cloud security and the threat of the unknown. Cloud Service Providers (CSP) encourage this perception by not letting their customers see what is behind their “virtual curtain“. A seldomly discussed, but in this regard highly relevant open issue is the ability to perform digital investigations. This continues to fuel insecurity on the sides of both providers and customers. In Cloud Forensics, the lack of physical access to servers constitutes a completely new and disruptive challenge for investigators. Due to the decentralized nature of data processing in the Cloud, traditional approaches to evidence collection and recovery are no longer practical. This paper focuses on the technical aspects of digital forensics in distributed Cloud environments. We contribute by assessing whether it is possible for the customer of Cloud Computing services to perform a traditional digital investigation from a technical standpoint. Furthermore we discuss possible new methodologies helping customers to perform such investigations and discuss future issues.

[1]  Ewa Huebner,et al.  Computer Forensic Analysis in a Virtual Environment , 2007, Int. J. Digit. EVid..

[2]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[3]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[4]  Kun Zhang,et al.  A New Data Integrity Verification Mechanism for SaaS , 2010, WISM.

[5]  Dale Liu Cisco Router and Switch Forensics: Investigating and Analyzing Malicious Network Activity , 2009 .

[6]  Murilo Tito Pereira Forensic analysis of the Firefox 3 Internet history and recovery of deleted SQLite records , 2009, Digit. Investig..

[7]  Michael S. Greenberg,et al.  Network Forensics Analysis , 2002, IEEE Internet Comput..

[8]  Tom Killalea,et al.  Guidelines for Evidence Collection and Archiving , 2002, RFC.

[9]  Brian Hay,et al.  Forensics examination of volatile system data using virtual introspection , 2008, OPSR.

[10]  Margo I. Seltzer,et al.  Provenance as first class cloud data , 2010, OPSR.

[11]  Richard Arthur Bares Hiding in a virtual world: Using unconventionally installed operating systems , 2009, 2009 IEEE International Conference on Intelligence and Security Informatics.

[12]  Nicole Beebe,et al.  Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[13]  Derek Bem Virtual Machine for Computer Forensics – the Open Source Perspective , 2010 .

[14]  Diane Barrett,et al.  Virtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments , 2010 .