Cloud Forensics

Conclusions

The rapid increase in new cloud services and their popularity will, in future, lead to systems, applications, or accounts being compromised in the cloud. Attackers are always at the leading edge of technology and are fully aware of the potential that cloud environments offer [11]. The challenge is thus to support forensic processes for cloud environments, which necessitates cooperation between the customer and the CSP.

The issues examined in this article show that traditional methods and processes of digital forensics must be reconsidered, especially in terms of forensic investigations in cloud environments. It is primarily the task of the scientific community to develop new methods and processes that address the issue of forensics in the cloud.

That said, the CSPs really need to do their homework. Unfortunately, most CSPs currently don’t see the potential that an interface of this kind offers to the user. This is perhaps less an issue of technical feasibility and more an issue of the financial overhead that such an implementation would cause for the CSP. The costs of the implementation could be passed on to the customer – if you want this kind of interface, you have to pay for it.

This approach is not unusual: Security costs money, and CSPs don’t initially earn anything with it. As long as users allow CSPs to get away with this behavior, nothing is likely to change.

When CSPs start to depend on users, rather than vice versa, a paradigm change might occur. Until that happens, it remains to be hoped that the security mechanisms provided by the CSP and complemented by the customers’ own mechanisms are robust enough to survive.

Info

[1] N. Beebe, “Digital Forensic Research: The Good, the Bad and the Unaddressed,” Advances in Digital Forensics V, 2009.
[2] B. Grobauer and T. Schreck, “Towards Incident Handling in the Cloud: Challenges and Approaches,” Proceedings of the 2010 ACM Cloud Computing Security Workshop, 2010.
[3] S.D. Wolthusen, “Overcast: Forensic Discovery in Cloud Environments,” paper presented at the Fifth International Conference on IT Security Incident Management and IT Forensics, Stuttgart, Germany, 2009.
[4] D. Birk, C. Wegener, “Technical Issues of Forensic Investigations in Cloud Computing Environments,” paper presented at IEEE/SADFE 2011, Oakland, CA, USA, 2011
[5] P. Melland, T. Grance, “The NIST Definition of Cloud Computing,” Version 15, 2009
[6] L. Rongxing, L. Xiaodong, L. Xiaohui, and S. Sherman, “Secure Provenance: The Essential of Bread and Butter of Data Forensics in Cloud Computing,” Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, 2010.
[7] A More Secure Cloud for Millions of Google Apps Users
[8] A. Haeberlen, “A Case for the Accountable Cloud,” Proceedings of the 3rd ACM SIGOPS International Workshop on Large-Scale Distributed Systems and Middleware, 2009.
[9] B. Hay and K. Nance, “Forensics Examination of Volatile System Data using Virtual Introspection,” ACM SIGOPS Operating Systems Review, 2008.
[10]Digital Forensics XML and the DFXML Toolset” by S. Garfinkel
[11] Attackers Using Amazon Cloud to Host Malware

Related content

  • Forensic Tools

    Criminals often focus on browsers for various attacks because they are a worthwhile, attractive, and often easy target. However, admins can investigate such attacks with forensic tools that provide the ability to reconstruct browser sessions.

  • Comparison of forensic toolkits for reconstructing browser sessions
    Criminals often focus on browsers for various attacks because they are a worthwhile, attractive, and often easy target. However, admins can investigate such attacks with forensic tools that provide the ability to reconstruct browser sessions.
  • Forensic Analysis on Linux

    In computer forensics, memory analysis is becoming increasingly important as a means for investigating security incidents. In this article, we provide an overview of the various memory dumping options on Linux and introduce the support in Linux for the Volatility Analysis Framework.

  • Harden your OpenStack configuration
    Any OpenStack installation that hosts services and VMs for several customers poses a challenge for the security-conscious admin. Hardening the overall system can turn the porous walls into a fortress – but you'll need more than a little mortar.
  • Security risks from insufficient logging and monitoring
    Although inadequate logging and monitoring cannot generally be exploited for attacks, it nevertheless significantly affects the level of security.
comments powered by Disqus