Technical Challenges of Forensic Investigations in Cloud Computing Environments Dominik Birk January 12, 2011
Abstract Cloud Computing is arguably one of the most discussed information technology topics in recent times. It presents many promising technological and economical opportunities. However, many customers remain reluctant to move their business IT infrastructure completely to “the Cloud“. One of the main concerns of customers is Cloud security and the threat of the unknown. Cloud Service Providers (CSP) encourage this perception by not letting their customers see what is behind their “virtual curtain“. A seldomly discussed, but in this regard highly relevant open issue is the ability to perform digital investigations. This continues to fuel insecurity on the sides of both providers and customers. In Cloud Forensics, the lack of physical access to servers constitutes a completely new and disruptive challenge for investigators. Due to the decentralized nature of data processing in the Cloud, traditional approaches to evidence collection and recovery are no longer practical. This paper focuses on the technical aspects of digital forensics in distributed Cloud environments. We contribute by assessing whether it is possible for the customer of Cloud Computing services to perform a traditional digital investigation from a technical standpoint. Furthermore we discuss possible new methodologies helping customers to perform such investigations and discuss future issues.
Although the Cloud might appear attractive to small as well to large companies, it does not come along without its own unique problems and concerns. Outsourcing sensitive corporate data into the Cloud raises concerns regarding the privacy and security of the data. Security policies, companies main pillar concerning security, cannot be easily deployed into distributed Cloud environments. This situation is further complicated by the unknown physical location of the companie’s assets. Normally, if a security incident occurs, the corporate security team wants to be able to perform their own investigation without dependency on third parties. In the Cloud, this is not possible anymore. The CSP obtains all the power over the Cloud environment mainly biasing the way an investigation may be processed.
According to the NIST , Cloud Computing is a model for enabling convenient, on-demand network access to a shared pool of conﬁgurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management eﬀort or service provider interaction. The new raw deﬁnition of Cloud Computing brought several new characteristics such as multi-tenancy, elasticity, pay-as-you-go and reliability. Within this work, the following three models are used in the context of Cloud Computing: In the Infrastructure as a Service (IaaS) model, the customer is using the virtual machine provided by the CSP for installing his own system on it. The system can be used like any other physical computer with a few limitations. However, the additive power over the system comes along with additional security obligations. Platform as a Service (PaaS) oﬀerings provide the capability to deploy application packages created using the virtual development environment supported by the CSP. For the eﬃciency of Software Development Process this service model can be propellent. In the Software as a Service (SaaS) model, the customer makes use of a service run by the CSP on a Cloud infrastructure. In most of the cases this service can be accessed through an API for a thin client interface such as a web browser. Closed-source
public SaaS oﬀers such as Amazon S3 and GoogleMail can only be used in the public deployment model leading to further issues concerning security, privacy and the gathering of suitable evidences. Furthermore, the two main deployment models, private...
Please join StudyMode to read the full document