ABOUT THE AUTHOR

Gary Audin
Gary Audin is the President of Delphi, Inc. He has more than 40 years of computer, communications and security...
Read Full Bio >>
SHARE

Gary Audin | January 24, 2013 |

 
 
share
 

CSI for the Cloud

CSI for the Cloud Cloud computing expands the scale of digital forensic activities. It also creates new cybercrime investigations with new challenges.

Three Elements to Cloud Forensics
The first element of cloud forensics is, as expected, technical. This includes the tool set that is used for forensics discovery. There are also procedures that need to be followed. The technical element includes collecting the data, the data examination, analysis, and reporting as evidence.

The second element deals with the organization where the customer and the cloud service provider (CSP) are the principals in the investigation. If the CSP uses another service to complete their offering, then the scope of the investigation widens. The enterprise should establish one or more persons on staff to represent the enterprise during investigations. Outside experts may also become part of the enterprise's team.

The third element can be called the chain of dependencies. If as is true of many SaaS providers, the physical data center is an IaaS or PaaS, then CSPs are dependent on other CSPs. This will force close communications and collaboration among the parties to ensure that SLAs are enforced and the chain of evidence data is not compromised.

Challenges for Cloud Forensic Investigations
Cloud forensics will be developed by expanding the tools and procedures already in place for digital forensics. Additional challenges will be encountered when the cloud is involved, including:

* Forensic data collection--Ready access to data decreases as the enterprise moves from an IaaS to PaaS to a SaaS environment

* Elastic, static, and live forensics--The number of devices involved in the cloud service, including the endpoints, compounds the discovery and collation of data. Time synchronization (time stamps) and reporting formats can be barriers to data analysis.

* Evidence segregation--This relates to the problem of virtualization. How does the investigator know what is where and when things occurred?

* The expertise of the cloud and enterprise staffs--The skills and knowledge for conducting cloud forensic operations are relatively hard to locate and hire.

* External chain of dependency--There is a need to formulate and standardize how to work with CSPs who in turn work with other CSPs.

* Service level agreements--Transparency may be limited by the CSP if they are not making the enterprise fully aware of the details of the service performance that is being offered.

* Multiple legal jurisdictions--The rules and regulations will vary sometimes by state and certainly by country. Who is the primary authority may be hard to determine. It is also possible that more than one jurisdiction will expect to be the primary legal authority.

The cloud will grow rapidly. The enterprise has little long-term experience with cloud services; there will be a learning curve. Many forms of services, especially for SaaS, will create a wide range of issues to be faced by forensic investigators. If there are a number of legal issues that arise soon, these may dampen the enthusiasm by enterprises for cloud services, and slow its growth.



COMMENTS

No Jitter Company Spotlight: ShoreTel
Webinars Enterprise Connect Tour Virtual Events
Are Video Room Systems Going the Way of the Dinosaur?
May 22, 2013
The video market has been swept by a software revolution. Software-based solutions have transformed the video conferencing infrastructure market, while desktop and mobile apps have all but eliminated...
Responding to the Surging Threat of Telephony Denial of Service (TDoS) Attacks in Contact Centers - U.S. DHS Issues new TDoS Warning
May 8, 2013
Security threats to enterprise Voice/UC resources are increasing, as illustrated by SecureLogix in the latest edition of its "State of Security Report on Voice/UC" released at Enterprise Connect last ...
Where is Siri for the Enterprise?
April 24, 2013
If you have an iPhone or Android for your personal use, you are more than familiar with personal assistant applications like Apple's Siri or Google Now for Android. Many enterprise users would like to...
More Webinars
More Virtual Events

This day long workshop will feature a number of sessions exploring the technical challenges, procurement issues, and communications potential of SIP trunks. If your enterprise needs to modernize its wide area communications network, you need to attend this program to learn the ins and outs of SIP trunks. This free package includes breakfast, conference materials, lunch, networking reception and access to Interop’s Exhibition.

May 8 :: Las Vegas :: Interop, Mandalay Bay
May 14 :: New York :: Millennium Broadway
June 19 :: San Francisco :: Le Meridien
June 26 :: Chicago :: Hyatt Regency

Register Now

Sign up to the No Jitter email newsletters

  • Catch up with the blogs, features and columns from No Jitter, the online community for the IP communications industry. Each Thursday, we'll send you a synopsis of the high-impact articles, podcasts and other material posted to No Jitter that week, with links for quick access.

  • A quick hit of original analysis by the experts who bring you Enterprise Connect, the leading event in Enterprise Communications & Collaboration. Each Wednesday, this enewsletter delivers to your email box a thought-provoking, objective take on the latest news and trends in the industry.

Your email address is required for membership. For details about the user information, please read the UBM Privacy Statement

As an added benefit, would you like to receive relevant 3rd party offers about new products/services and discounted offers via email? Yes

* = Required Field

No longer instrested? Unsubscribe here.