Cloud forensics is a subclass of network forensics that uses digital forensics in cloud computing. Cloud computing and digital forensics are intertwined in this case.
As Per The Official Definition Of Nist:
“Digital Forensics is the field of forensic science that is concerned with retrieving, storing and analyzing electronic data that can be useful in criminal investigations. This includes information from computers, hard drives, mobile phones and other data storage devices”. Credit NIST
What Cloud Forensic is..?
Cloud forensics is the term for criminal investigations that focus on crimes being committed in the cloud. This could include leaks of information or thefts of identities. With cloud forensics in place, the owner is better protected and can keep evidence longer.
- Network forensics,
- Hardware forensics
- IOT forensics
- Database forensics,
- Email forensics
- Malware forensics
- Memory forensics
- Mobile forensics
1. Cloud forensics is an unique combination of all of these types.
2. It involves the relationships between different cloud stakeholders, (i.e. cloud providers, cloud users, cloud brokers, cloud carriers, and cloud examiners),
3. So that both internal and external inquiries can be made.
4. Fairly, it involves more than one jurisdiction and more than one individual
Biggest Challenges In Cloud Forensics:
1. JURISDICTIONS
- It is imperative that researchers first ascertain if they have the legal right to obtain and study data residing in another country. Establishing and maintaining a precise chain of custody may be impossible if there is no logging or if anonymous authentication is used.
2. The availability of forensic data relies on the kind of cloud service employed.
3. Infrastructure as a service (IaaS) customers have free access to the data they need for forensic inquisitions.
4. At the same time, people who use SaaS may not have access to similar information or may only have limited access to it.
5. TIME SYNCHRONISATION:
- It's needed for the construction of the report in forensics operations.
- In a cloud environment, it's tricky because the relevant data is spread across many physical computers and geographical locations.
6. As more and more things are linked to the cloud; it's getting harder to add more endpoints.
7. The infrastructures, service models, processes, and conceptual frameworks that the cloud offers are always changing.
8. It's hard for investigators to get the data and resources they need for forensics, which are called "elements." There are also registry keys, files, timestamps, and event logs.
- It lets the cloud maintain separate cases that are running on the same physical system.
10. Because of this, it's hard to separate resources during a forensics investigation without putting the privacy of other users who use the same infrastructure at risk.
11. Facilitating the external dependence chain with regard to external cloud providers.
12. Different cloud computing dealers employ various strategies.
13. There are not enough ways for people from different countries to work together and share information without being watched.
14. There are not enough rules or laws, and there is no legal advice.
15. At all times, clients will have less access to forensic data and less control over it.
16. Each cloud server stores the files of many different users. It is hard to tell apart the information of one user from that of another.
17. Even without cloud service providers, there is often no way to link a specific file to a specific suspect.
18. One of the most important things in Cloud Forensics is making sure that digital witnesses are safe and that no one else tries to change them.
19. How evidence is kept determines whether or not it can be used in court. In the PaaS and SaaS models of cloud computing, users depend on CSPs.
- At some point, the industry of digital forensics will have to start building ways to evaluate frameworks, procedures, and software tools for use in the cloud.
- After a thorough investigation of how the cloud affects digital forensics, it will be possible to figure out how to change and make new frameworks, rules, and tools to fight cybercrime in the cloud.
