Cloud Forensics


Cloud computing offers number of contingency for business and IT companies by givining highly scalable infrastructure resources, pay-as-you-go service, and low-cost on-demand computing, while clouds turn on varied companies, the security and trustworthiness of cloud infrastructure has turned into a growing matter. Clouds can be used as a gadget to launch attacks. Malicious somebody can simply exploit the power of cloud computing and can execute attacks from devices inside the cloud. Many of these attacks are novel and unique to clouds.

If we want to define the cloud forensic than apply all the process of digital forensics in the cloud environment. Flowing is the process flow of digital forensics.

Identification of incident and evidence –> Collection –> Examination,organization and Analysis –> Presentation

Why Are Clouds Not Forensics Friendly?

Process of cloud forensics is complicated due to the several characteristics. The storage system is not local, law enforcement cannot impound the user’s computer and take access the digital evidence with the warrant. In cloud, it is not feasible to seize the server from a data center because the numbers of user access the files which are stored on the data center servers. If the particular suspect is identified but separating the users are very difficult.

In traditional computer forensic, detectives have a full control over the evidence like process logs, router logs and hard disks. In cloud, the control varies in different service models (IaaS, PaaS and SaaS) over data. Cloud users have lowest control in SaaS and highest control in PaaS services models.

Cloud computing is multi-tenant system; multiple virtual machines (VM) are used to share the same physical infrastructure and data for multiple users. In cloud, to preserve the privacy of other tenant is necessity for us.

Without power, volatile data cannot preserve. All the data will lost after terminating the virtual machine (VM).

 Dimensions of Cloud forensics

Three types of dimensions of cloud forensics:-

  1. Technical dimension: The technical dimension contains a set of devices and methods to perform the forensic process in cloud computing environments. Key aspects in the technical dimension as follows:
    1. Forensic data collection
    2. Elastic, static and live forensics
    3. Evidence segregation
    4. Investigations in virtualized environments
    5. Pro-active preparation
  2. Organizational dimension: in cloud computing environment two parties always involve; CSP (cloud service provider) and cloud customer. Joint efforts are carried out the cloud forensic activities efficiently and effectively in organizational structure. In organizational structure following staff is working:-
    1. Investigators
    2. IT professionals
    3. Incident handlers
    4. Legal advisors
    5. External Assistants
  3. Legal dimension: Regulations and agreements develop in the legal dimension of cloud
    forensics, to protect forensic activities. Anyone will not breach any laws under jurisdiction where the data stored and other organization sharing the same infrastructure will not be adjusted, all over the investigation.

Usage of cloud forensics

  1. Investigation
  2. Troubleshooting
  3. Log Monitoring
  4. Data and System Recovery
  5. Regulatory Compliance

Cloud computing is facing enormous challenges

  1. Forensic data collection
  2. Elastic, static and live forensics
  3. Evidence segregation
  4. Virtualized environments
  5. Internal staffing
  6. External chain of dependency
  7. Regarding SLA
  8. Regarding Multi-Jurisdiction and multi-tenancy

About the Author


Leave a Reply

Your email address will not be published. Required fields are marked *