Cloud Forensics Issues

July, 2014
IDA document: D-5133
Type: Documents
Division: Information Technology and Systems Division
William R. Simpson, Coimbatore Chandersekaran See more authors
Forensics is undertaken to find out exactly what happened on a computing system and who or what was responsible for it. This is done by a structured investigation while maintaining a documented chain of evidence Cloud computing is emerging as an attractive, cost effective computing paradigm. The early offerings of cloud capabilities have not provided security, monitoring or attribution that would allow an effective forensics investigation. The high assurance requirement presents many challenges to normal computing and some rather precise requirements that have developed from high assurance issues for web service applications and forensics applications of cloud systems. The challenges of high assurance and the maintenance of a documented chain of evidence associated with cloud computing are primarily in four areas. The first is virtualization and the loss of attribution that accompanies a highly virtualized environment. The second is the loss of ability to perform end-to-end communications. The third is the extent to which encryption is needed and the need for a comprehensive key management process for public key infrastructure, as well as session and other cryptologic keys. The fourth is in monitoring and logging for attribution, compliance and data forensics. Our view of high assurance and the issues associated with web services is shaped by our work with DoD and the Air Force, but applies to a broader range of applications.