Cloud Computing &am...
 
Notifications
Clear all

Cloud Computing & Digital Investigations

3 Posts
2 Users
0 Reactions
381 Views
(@bigsey)
New Member
Joined: 18 years ago
Posts: 3
Topic starter  

Hi to All,

I am conducting my final year Forensic Computing Degree project titled 'Cloud Computing & The Impact on Digital Forensic Investigations'.
My initial post here is one of… 'Has anyone had any experience of investigating an incident within a cloud and how it impinges on the current methodologies utilised for investigations of a more traditional nature?'

I attended a seminar presented by Jeff Barr, Amazons Cloud (Web Services) evangelsist and he was unable to answer the many questions I posed. He invited me to email him the questions for him to seek further advice and support in answering them, yet still no reply…..

My questions included areas such as completeness of any evidential artefacts, monitoring illegal activity, how soon an account could be frozen should illegal activity be suspected etc.

I would appreciate any advice or information on this subject however small that snippet may be…

Regards Bigsey


   
Quote
(@jeffcaplan)
Trusted Member
Joined: 21 years ago
Posts: 97
 

"Cloud Computing" is a simply an industry buzzword latched onto [strongly] by the folks over at Amazon. An investigation involving "cloud computing" would be no different than any other investigation which involved online services EXCEPT to the extent that the legal contracts which bound the service "cloud" together crossed state or national borders and evidence was located in multiple locations. I don't think this would be much different than any other multi-national corporation posessing copious amounts of data in multiple locations throughout the world.


   
ReplyQuote
(@bigsey)
New Member
Joined: 18 years ago
Posts: 3
Topic starter  

Thank you for that Jeff, much appreciated.

A while since you replied to my post, yet here goes…..

Can I confirm a few details on this matter?

Having only touched the very tip of the forensic iceberg to date, I am still a little naive when it comes to the whole process for larger scale investigations. My research so far has revealed that here in the UK, if a large scale acquisition is required, the local High Tech Crime Unit (law enforcement agency) may subpoena the orgainisation holding the suspect data to retrieve artefacts of evidential value, or they may employ a third party who are more familiar with the suspect environment to do likewise…. This to me sounds flawed. How can the case be presented when there may be doubt over completeness etc…?

Is this the scenario you refer to when you suggest that the cloud model is likely to follow a similar vein to investigations of online services, with the exceptions you mention regarding contractual and legislative implications?

If so, please could you outline, a detailed step-by-step guide, to what that process is where you might perform that investigation, and if I am not correct in my understanding, please could you outline what the process is, the tools used, the techniques and methodologies employed to ensure integrity?

I understand that your time is precious, though you will be helping a dedicated student trying to get a firm foothold on the first rung of the forensic community ladder.

Regards

Bigsey


   
ReplyQuote
Share: