CLOUD FORENSICS AND IT’s CHALLENGES
Major companies and also traditional vendors are using cloud services since cloud services provide broader horizon of services to the clients. Cloud computing offers diverse benefits such as scalability, flexibility and readily available services. Flexibility benefit refers to the ability of using the computer resources you need when you need them, shortening IT projects and overall cost.
• Software as a Service (SaaS): Providers offer access to their applications that are hosted on their own servers and consumers make use of them Common examples include file storage, social networking and email.
• Platform as a Service (PaaS): Here cloud providers offer a platform where consumers deploy and run their applications. The underlying hardware, network and tools are provided by the cloud service. Examples include Google App Engine and Windows Azure
• Infrastructure as a Service (IaaS): Consumers buy raw computing and storage space and they can control and manage the underlying infrastructure like the operating systems, software and network. Examples are Amazon EC2 and Rackspace Cloud Services.
As cloud services is becoming more widespread its involvement in crime is likely to increase. Over the time, the use of digital evidence in criminal and civil matters will continue to expand. Cloud providers and customers need to set up their infrastructures to meet these lawful requests or face fines and other legal repercussions. Cloud forensics is difficult because there are challenges with multi-tenant hosting, synchronization problems and techniques for segregating the data in the logs,” said Keyun Ruan, a PhD candidate at the Centre for Cyber Crime Investigation in Ireland.
Traditional computer forensics involves:
• Collection of media at the crime scene or location where the media was seized
• Preservation of that media
• Validation
• Analysis
• Interpretation
• Documentation
The forensic challenges faced during investigation of cloud computing are related to control of the evidence, including collection, preservation and validation.
Investigator face challenges while investigating cloud computing also because different providers have different approaches to cloud computing. Sometimes, Lack of forensic expertise. Major challenge is faced because of Data Location and Collection. Challenge of Multi-tenancy and resource sharing Two of the main characteristics of cloud environments are multi-tenancy and resource sharing. The first one means that a single system serves multiple users. The second one refers to the sharing of the same hardware and software resources between users. This makes data location even harder because law enforcements need to seize the specific portion of the media where the suspect’s data are stored. Referring to the cloud provider for assistance can help investigators with this challenge. Next being Massive volume of data Nowadays, we hold many devices that are able to store data. As such, we keep large volumes of data across many storage media such as USB sticks, mobile memory and external hard drives. This problem exponentially increases in cloud investigations as a user can have Terabytes of data at their disposal
Cloud providers usually have datacentres in different countries and this can lead to extraterritorial jurisdiction restrictions. Even when jurisdictional restrictions do not apply, investigations may be put on hold by enforcers’ limited investigative power, for example, by not being successful on getting a search warrant.
With cloud computing, investigation agency does not have physical control of the media nor the network on which it exists. Numerous clients will have access to a specific cloud.