This study exposed and explored technical and trust issues that arise in acquiring forensic evidence from infrastructure-as-a-service cloud computing and analyze some strategies for addressing these challenges.
The authors expose and explore technical and trust issues that arise in acquiring forensic evidence from infrastructure-as-a-service cloud computing and analyze some strategies for addressing these challenges. First, the authors create a model to show the layers of trust required in the cloud. Second, the authors present the overarching context for a cloud forensic exam and analyze choices available to an examiner. Third, the authors provide for the first time an evaluation of popular forensic acquisition tools including Guidance EnCase and AccesData Forensic Toolkit, and show that they can successfully return volatile and non-volatile data from the cloud. The authors explain, however, that with those techniques judge and jury must accept a great deal of trust in the authenticity and integrity of the data from many layers of the cloud model. In addition, the authors explore four other solutions for acquisitionTrusted Platform Modules, the management plane, forensics-as-a-service, and legal solutions, which assume less trust but require more cooperation from the cloud service provider. The authors work lays a foundation for future development of new acquisition methods for the cloud that will be trustworthy and forensically sound. The work also helps forensic examiners, law enforcement, and the court evaluate confidence in evidence from the cloud. (Published Abstract)
United States of America
Digital Investigation, Volume 9, Supplement, August 2012