NIST Researchers Tackle Cloud Forensics Process

Cloud has reshaped the way we live our life and do business. When you compare cloud to the traditional computing model of having a directly attached hard drive in the machine, you begin to see a stark difference in the way that data is stored.

For example, when you store data using a cloud service, do vendors have an easy way of telling you which hard drive in which cluster holds the data you storing? More often than not, the storage resources are pooled together thus obscuring the disk that the data in question may be stored upon. In the past, data forensics investigations required direct access to the disk that housed the data. How can forensic investigators know what to look for when they are doing cloud forensics investigations?

GCN mentions, “This is creating new challenges for digital forensics, complicating incident response and criminal and civil investigations into incidents and data in the cloud.”

The National Institute of Standards and Technology better known as NIST has decided to help with this process. In a report published by NIST titled “Cloud Computing Forensic Science Challenges” the organization recommends several best practices going forward that can help with cloud data identification.

NIST’s report says, “Standards are critical to ensure cost-effective and easy migration, to ensure that mission-critical requirements can be met and to reduce the risk that sizable investments may become prematurely technologically obsolete.”

The report digs deep into cloud forensic challenges that experts have encountered thus far. GCN lists the top 9 categories that each of these concerns fall under. They are:

  • Architecture
  • Data collection
  • Analysis
  • Anti-forensics – hiding or obscuring data
  • Trustworthiness of first responders to an incident
  • Roles of data owners, managers and users
  • Legal jurisdictions
  • Technical standards and practices
  • Training

 The tables inside of the report break down each specific concern while the experts who have contributed to the report have added their notations beside of each specific concern. If you have an extra few minutes, read the report for yourself and you can decide if any of these concerns have merit within your organization.