±Forensic Focus Partners
New Today: 0
New Yesterday: 4
±Follow Forensic Focus
· DFRWS Europe 2015 Annual Conference – Recap
· DFRWS EU 2015 – Dublin 23rd – 26th March
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
Cloud Forensics - Considerations for a Forensic Investigator
In order to validate the requirements identified from the literature review I would like to incorporate the knowledge of working investigators. I would like to know what you think are key areas/issues an investigator should consider before undertaking an investigation involving Cloud and how they can attempt to manage these.
Responses are greatly appreciated.
I'm working on cloud forensics, too.
In my opinion, there are three main (most important) parts: jurisdiction, organisation and technical issues a forensic investigator is faced.
This means, that you have to note facts about the storage placement and the legal requirements for accessing the data, but imho this is not really a problem for forensic research.
In my opinion, a forensic investigator has three points to access for data stored and used in the cloud.
1. The computer or mobile phone of the victim or the suspicious offender (lets call it local)
2. The cloud envireonment, e.g the server for hosting (store and application systems), lets call it remote
3. The way between local and remote, aka the network.
Best results can be reached by combination of these three parts. I'm working on the network part, which means, that my main research is actually analyzing network traffic (local, remote, and between) to validate the usage of cloud services.