±Forensic Focus Partners

±Your Account


Nickname
Password


Forgotten password/username?


Membership:
New Today: 0
New Yesterday: 1
Overall: 27487
Visitors: 56

±Follow Forensic Focus

Join our LinkedIn group

Subscribe to news

Subscribe to forums

Subscribe to blog

Subscribe to tweets

Cloud Forensics - Considerations for a Forensic Investigator

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

Cloud Forensics - Considerations for a Forensic Investigator

Post Posted: Tue Aug 05, 2014 8:23 am

As an MSc student I am currently completing a research project focussing on the issues Cloud Computing poses to Digital Forensic Investigations. Having completed a literature review, it is obvious that there is a vast range of issues within Cloud Forensics, e.g. Jurisdiction, Forensic Imaging, Chain of Custody etc. all of which are of a concern to a Forensic Investigator.

In order to validate the requirements identified from the literature review I would like to incorporate the knowledge of working investigators. I would like to know what you think are key areas/issues an investigator should consider before undertaking an investigation involving Cloud and how they can attempt to manage these.

Responses are greatly appreciated.  

Kaylab
Newbie
 
 
  

Re: Cloud Forensics - Considerations for a Forensic Investig

Post Posted: Wed Aug 06, 2014 3:43 am

Hi Kaylab,

I'm working on cloud forensics, too.
In my opinion, there are three main (most important) parts: jurisdiction, organisation and technical issues a forensic investigator is faced.
This means, that you have to note facts about the storage placement and the legal requirements for accessing the data, but imho this is not really a problem for forensic research.

In my opinion, a forensic investigator has three points to access for data stored and used in the cloud.
1. The computer or mobile phone of the victim or the suspicious offender (lets call it local)
2. The cloud envireonment, e.g the server for hosting (store and application systems), lets call it remote
3. The way between local and remote, aka the network.
Best results can be reached by combination of these three parts. I'm working on the network part, which means, that my main research is actually analyzing network traffic (local, remote, and between) to validate the usage of cloud services.  

Honki
Newbie
 
 
Reply to topicReply to topic

Share this forum topic to encourage more replies



Page 1 of 1