Hi everyone,
I need your opinion. My organization wants to start using Cloud and I am concerned with my confidential data when someone can break into that Cloud. What is the most difficult evidence to find or get in the Cloud when conducting computer forensic investigation?
thanks.
It depends on your contract. In some cases, you may just be able to get logs…or nothing. In other cases, you may be able to get full forensic images.
Here are some articles about Cloud Forensics
Cloud Forensics Box
http//
How to Extract iCloud Keychain with Elcomsoft Phone Breaker
https://
Cloud Forensics Analyzing MEGASync
http//
Cloud Forensics How to acquire a facebook account
https://
Hi everyone,
I need your opinion. My organization wants to start using Cloud and I am concerned with my confidential data when someone can break into that Cloud. What is the most difficult evidence to find or get in the Cloud when conducting computer forensic investigation?
thanks.
Not sure what cloud service you're considering but the security argument around someone being able to "break into" your cloud data also applies to your privately hosted stuff as well. There are pros and cons to both but don't just assume that because it's in the cloud that is of higher risk than something you or your organization put together yourselves.
Take Office 365 for example, a lot of organizations are moving towards hosted/cloud based email for various reasons and many would argue that Microsoft spends a whole lot more time and money on security than your organization could on your own exchange servers. Not that time and money always equate to being more secure but it would be wrong to assume that just because something is hosted in a cloud service that it's at higher risk than something hosted by your org. You're just transferring the risk instead of owning it.
As far as investigations, conducting an investigation on a cloud service like O365 is doable just like an exchange server. You may get less to work with but if you enable logging, you'll have plenty of data to conduct a proper investigation between the endpoint and cloud service. The key is to know what logs are available and to make sure they're on before an incident…not after…
Jamie
Using cloud services mean the lack of all physical defense or protection layers, which are given by (local) non-cloud services. Cloud services are risk factors from forensic point of view as well. In case of any data breach, even if the full logs are available, you might still end up with anonymous or unreliable VPN providers as the attack source.
If your organization complies with ISO 27000 variants (or other similar standards), then using clouds is a potential risk both regarding data confidentiality and availability.