The 'Cloud' is an expanding ecosystem of on-demand computing resources that can be accessed from around the world through devices connected to the internet. Due to its flexible nature, scalability and easy accessibility, it is favoured by many for bringing convenience to work and leisure. The openness and decentralised structure mean that it can be challenging for Law Enforcement to gather and use the data, especially whilst adhering to both national and international laws and jurisdiction. Still, cloud data sources can serve as significant evidence in investigations. Hence, FORMOBILE is particularly interested in this topic from a technical and standardisation perspective. Specifically, the team in task 4.2 of the project will support the improvements to decode major cloud computing data export formats.
The National Institute of Standards and Technology (NIST), in the United States, recently released highly useful research highlighting Forensic Challenges faced by experts when responding to incidents in the cloud computing environment.
The research perfectly illustrates the complex nature of the cloud ecosystem and the obstacles faced by experts looking to uncover evidence from the cloud.
As this quote notes:
The Cloud exacerbates many technological, organizational, and legal challenges already faced by digital forensic examiners. Several of these challenges—such as those associated with data replication, location transparency, and multi-tenancy—are somewhat unique to cloud computing forensics.
In the research, a total of 65 challenges were defined; spanning 9 separate categories. The categories cover the following groups that are also shown in a useful mindmap in the Annexes.
The groups include:
- 1. Architecture (e.g., diversity, complexity, provenance, multi-tenancy, data segregation)
- 2. Data collection (e.g., data integrity, data recovery, data location, imaging)
- 3. Analysis (e.g., correlation, reconstruction, time synchronization, logs, metadata,
- 4. Anti-forensics (e.g., obfuscation, data hiding, malware)
- 5. Incident first responders (e.g., trustworthiness of cloud Providers, response time,
- 6. Role management (e.g., data owners, identity management, users, access control)
- 7. Legal (e.g., jurisdictions, laws, service level agreements, contracts, subpoenas,
international cooperation, privacy, ethics)
- 8. Standards (e.g., standard operating procedures, interoperability, testing, validation)
- 9. Training (e.g., forensic investigators, cloud Providers, qualification, certification)
It should be noted that the highest number of challenges are of a technical nature, with legal and organisational issues making up the second-largest grouping.
It is helpful to FORMOBILE that such research is taking place in parallel. The team acknowledges such efforts and they are also interested in the developments of EU based work - such as the LOCARD project's efforts to explore methods that tackle some of the challenges listed by NIST.