Volumes have been written extolling the virtues and benefits of cloud computing. The cloud enables organizations to scale up rapidly and to be more agile. There are cost-savings and efficiencies too, which can be leveraged through various cloud models. But cloud forensics presents new challenges for forensics experts, as it differs vastly from traditional computer forensics.
Today, it is common practice for an organization to adopt a hybrid, multi-cloud approach. That makes cloud security more challenging. If an organization experiences an attack or data breach, it will have to trace the source of the attack, what the damage was, the extent and impact of the attack.
That’s where Cloud Forensics comes in.
When infrastructure is virtualized and hosted by multiple clouds with servers in different jurisdictions, it poses a tremendous challenge to cloud forensics specialists. In fact, doing forensics on the cloud is complicated and differs vastly from traditional computer forensics. With computer forensics, investigators had to find the media that had the data or digital evidence. With the cloud, this evidence could be anywhere and is much more difficult to trace.
The cloud offers various architectures, service models, processes, and continuously changing paradigms. So, it is challenging for investigators to gain access to data and resources required for forensics – the “artifacts,” as they call it. That includes registry keys, files, timestamps, and event logs. This is digital evidence that can be used in a court of law for criminal litigation.
Cloud Forensics Survey
We wanted to determine what are the biggest challenges posed to cloud forensics today. For this, EC-Council’s Cyber Research team undertook a survey titled “Cloud Forensics in Today’s World.” The report, which appears in the September issue of CISO MAG, uncovers some interesting findings from their investigation:
- Both multi-tenancy-related privacy issues and distributed data location were considered equally challenging by one-fourth of the respondents.
- More than half of the respondents believe the hybrid cloud deployment model presents the most challenges towards cloud forensics.
- Nearly 40% of the respondents say that a lack of channels for international communication contributes significantly to the legal challenges faced by cloud forensics.
- There is a growing demand that the SLA should mention when and what data to collect, its purpose and legal liabilities.
- FaaS (Forensics as a Service) is the most anticipated trend towards improving the cloud forensics domain.
Since the cloud is now a shared responsibility, some have suggested that cloud service providers offer Forensics as a Service. Yes, FaaS is being offered by third parties today. But more CSPs need to offer it.
Shared Responsibility Model
In the cover story, Karim El Chenawi, CISO at John Doe Invest, writes that the shared responsibility model for cloud computing puts the onus of cloud security on both the cloud service provider and the client. And that increases the attack surface for threat actors to exploit. So there is a need for a trustworthy cloud forensic process that overcomes the existing challenges associated with cloud computing and provides clear and actionable data towards security enforcement and incident handling. He suggests that the complete cloud forensic process should be classified into incident identification, data collection, and analysis and examination phases.
Don’t miss the September 2021 issue. We hope you enjoy reading the Cover Story, Survey Report, and other curated articles from industry experts.