Cloud Forensics

Conclusions

The rapid increase in new cloud services and their popularity will, in future, lead to systems, applications, or accounts being compromised in the cloud. Attackers are always at the leading edge of technology and are fully aware of the potential that cloud environments offer [11]. The challenge is thus to support forensic processes for cloud environments, which necessitates cooperation between the customer and the CSP.

The issues examined in this article show that traditional methods and processes of digital forensics must be reconsidered, especially in terms of forensic investigations in cloud environments. It is primarily the task of the scientific community to develop new methods and processes that address the issue of forensics in the cloud.

That said, the CSPs really need to do their homework. Unfortunately, most CSPs currently don’t see the potential that an interface of this kind offers to the user. This is perhaps less an issue of technical feasibility and more an issue of the financial overhead that such an implementation would cause for the CSP. The costs of the implementation could be passed on to the customer – if you want this kind of interface, you have to pay for it.

This approach is not unusual: Security costs money, and CSPs don’t initially earn anything with it. As long as users allow CSPs to get away with this behavior, nothing is likely to change.

When CSPs start to depend on users, rather than vice versa, a paradigm change might occur. Until that happens, it remains to be hoped that the security mechanisms provided by the CSP and complemented by the customers’ own mechanisms are robust enough to survive.

Info

[1] N. Beebe, “Digital Forensic Research: The Good, the Bad and the Unaddressed,” Advances in Digital Forensics V, 2009.
[2] B. Grobauer and T. Schreck, “Towards Incident Handling in the Cloud: Challenges and Approaches,” Proceedings of the 2010 ACM Cloud Computing Security Workshop, 2010.
[3] S.D. Wolthusen, “Overcast: Forensic Discovery in Cloud Environments,” paper presented at the Fifth International Conference on IT Security Incident Management and IT Forensics, Stuttgart, Germany, 2009.
[4] D. Birk, C. Wegener, “Technical Issues of Forensic Investigations in Cloud Computing Environments,” paper presented at IEEE/SADFE 2011, Oakland, CA, USA, 2011
[5] P. Melland, T. Grance, “The NIST Definition of Cloud Computing,” Version 15, 2009
[6] L. Rongxing, L. Xiaodong, L. Xiaohui, and S. Sherman, “Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing,” Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, 2010.
[7] A More Secure Cloud for Millions of Google Apps Users
[8] A. Haeberlen, “A Case for the Accountable Cloud,” Proceedings of the 3rd ACM SIGOPS International Workshop on Large-Scale Distributed Systems and Middleware, 2009.
[9] B. Hay and K. Nance, “Forensics Examination of Volatile System Data using Virtual Introspection,” ACM SIGOPS Operating Systems Review, 2008.
[10] “Digital Forensics XML and the DFXML Toolset” by S. Garfinkel
[11] Attackers Using Amazon Cloud to Host Malware