Computer forensics has an important role in unearthing evidence to solve cyber crimes, or even other crimes where data stored in computers are important to crack the case. The rise of cloud computing has resulted in the emergence of cloud forensics. Although a sub branch of computer forensics, cloud forensics is diametrically different from conventional computer forensics.
It is inevitable that criminals would commit crimes using cloud resources. This is where cloud forensics steps in.
Chain of Dependencies
Unlike, conventional computer forensics, cloud forensics works on a chain of dependencies. The biggest challenge is data residing at a different geographical location, in many cases, across the globe, from the scene of a possible crime. The success of forensics investigation in such cases depends entirely on the cooperation of the cloud services provider. Even then, gathering forensic evidence is difficult, and cloud providers may simply not be able to produce the required data or evidence, even if they want to do so.
As of now, there are no apparent solutions to such issues. The Cloud Forensics Working Group, set up at the National Institute of Standards and Technology (NIST) is working on resolving such issues, and developing best practices.
Another big challenge related to cloud forensics is lack of adequate tools, as cloud forensics is still in a nascent state.
One good tool is the vendor-neutral F-Response, which uses iSCSI protocol to provide read-only mounting of remote devices, to facilitate remote imaging, fast forensic triage, live memory analysis, and more. It offers forensic copies of all data the organization pushes to cloud providers, greatly aiding the process.
As the cloud matures, and more tools become available, the present challenges and complexities related to cloud forensics ought to go away.