How is Cloud Computing Affecting Forensics?

By Enterprise Security Magazine | Thursday, November 21, 2019

Digital ForensicsThe owner is accountable for all the servers starting from networking equipment to the application as well, in the traditional IT services. Cloud computing provides solutions to make management and deployment of computing resources very efficiently.

FREMONT, CA: The IT industry has been transformed by cloud computing, enabling the services to be deployed in a fraction of the time that it took earlier. The scalable computing solutions have generated large cloud computing companies like Amazon Web Services (AWS), Google Cloud, and Microsoft Azure. Employees can create or reset an entire infrastructure for a computing resource with a click of a button in three various cloud computing service models, such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).

Cloud Computing and Forensics

The unique cloud computing forensic issues are multi-tenancy, jurisdiction, and dependency on CSPs. Cloud forensics, being a sub-topic under digital forensics, is based on a one-of-a-kind approach for investigating cloud environments. CSPs have many servers around the world to host customer data. In the event of cyber incident laws and legal jurisdiction that has been governing the region, present unique challenges. In modern CSP environments, the customer is granted the ability to choose the area in which the data will reside, and this choice must be made meticulously.

A critical topic of concern for an investigator is to ensure that the digital evidence is not tampered by the third party so that it can be put up in a court of law. Customers have to depend on the cloud service provider in the PaaS and SaaS service models to gain access to the logs as they lack control over the hardware.

It is a very problematic task to maintain a chain of custody in a cloud environment in comparison to the traditional forensics environment. The internal security team has its control over who is conducting forensics operations on a machine in the current forensics environment; on the other hand, in cloud forensics, the security team has no control over who the CSP selects to gather evidence. Hence it is essential to be trained according to the forensic standards; if one fails to do so, then the chain of custody may not hold in a court of law.

Check out: Top Cloud Technology Solution Companies

Weekly Brief