Cloud computing is a concept that can be difficult for laymen to understand. To put cloud computing in layman terms, it is the delivery of services through the internet. Rather than cloud computing in computer located in a single office, the applications are stored online. This means that none of the documents or records are saved onto your actual computer unless you intentionally do so. While this can be a great option for things like bedrock server hosting, it can cause problems for those who deal with digital forensics.
Since cloud computing services definition states clearly that the services are not stored on the computer, it can be more difficult for investigators to access them during a criminal investigation. This reduces their ability to collect evidence that might be vital to solving the case. Since cloud computing involves outside companies, they might also need to get legal access to otherwise uninvolved businesses in order to get the information they need. Digital forensics needs to be able to catch up with cloud computing in order to work efficiently in the future.
Similar to the use of forensics at a physical crime scene, digital forensic investigators use computer science to find critical data that can be used as evidence in an investigation. However, as more and more people begin using cloud technology, computer forensic specialists are having a harder time tying computer forensic evidence to perpetrators.
A new computer forensic science report prepared by the National Institute of Standards and Technology’s Cloud Computing Forensic Science Working Group summarizes 65 challenges that cloud computing poses to digital forensic investigations.
According to Martin Herman of NIST, the challenges posed to computer forensic science are technical, legal, and organizational, and fall into nine categories, including: training, standards, data collection, analysis, and anti-forensics, like data hiding.
The long term goal of the research on computer forensic science is to help build a better understanding of the difficult challenges in cloud forensics, which will allow both the public and private sectors to effectively respond.
After all, the scenarios in which cloud computing can disrupt an investigation are plentiful.
For example, when a user deletes the file, they’re not actually destroying, just the “pointers” to the file. Data doesn’t get deleted on a hard drive until it’s rewritten, which is how most computer forensic science experts are able to recover deleted files so efficiently. However, when a computer uses a cloud, files don’t exist on the actual hard drive, but on another server somewhere else, which means that when a cloud user deletes their file, there’s almost no way to recover it.
What’s more, data within the cloud is often fluid — it doesn’t stand still for long — as systems regularly automate and move data elsewhere. This can pose huge challenges to the field of computer forensic science, as investigators need to know where the data is kept physically before they can extract it digitally. If the data moves before they get there, which is a likely possibility, they’re be out of luck.
Though it’s presently a challenge, the field of computer forensic science will eventually prevail as the challenges are continued to be studied and understood. For more, read this link.