CLOUD FORENSIC AND CHALLENGE
Major companies and also traditional vendors are using cloud services since cloud services provide broader horizon of services to the clients. As cloud services is becoming more widespread is involvement in crime is likely to increase. Over the time, the use of digital evidence in criminal and civil matters will continue to expand. Cloud providers and customers need to set up their infrastructures to meet these lawful requests or face fines and other legal repercussions. Cloud forensics is difficult because there are challenges with multi-tenant hosting, synchronization problems and techniques for segregating the data in the logs,” said KeyunRuan, a PhD candidate at the Centre for Cyber Crime Investigation in Ireland.
Traditional computer forensics involves:
- Collection of media at the crime scene or location where the media was seized
- preservation of that media
The forensic challenges faced during investigation of cloud computing are related to control of the evidence, including collection, preservation and validation.
With cloud computing, investigation agency does not have physical control of the media nor the network on which it exists. Numerous clients will have access to a specific cloud. How does investigation agency only have that portion of the media where the evidence may exist? How will they know if they have gotten everything that they will need during the analysis, interpretation, documentation and presentation phases? One of the issues identified to cloud computing are those clouds that physically exist on a foreign server. What legal jurisdiction does law enforcement have in those cases? Do they have jurisdiction at all?
Here, developing a cloud forensic strategy becomes vital so that investigation become more beneficial with minimal cost.