Cloud computing is a technology that is still in its infancy. Despite its young age, this technology is already revolutionizing how firms operate. Thanks to cloud computing, firms are able to manage their data in a cost-effective, seamless and efficient fashion. While it has generally had positive effects, cloud computing is also presenting challenges. Cybercrime is among these challenges. There have been numerous cases where firms have lost sensitive data stored in the cloud. Cloud computing possesses unique characteristics that pose serious challenges for digital forensics. These challenges make it difficult for firms and investigators to pursue attackers and recover files.
Cloud Computing Overview
Before outlining the challenges that cloud computing presents, it is vital to examine its definition. According to the National Institute of Standards and Technology (NIST), cloud computing is a technology “for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources” (Mell & Grance, 2011). There are a number of key features that define cloud computing. On-demand service, scalability and resource pooling are some of these features. Thanks to cloud computing, it has become easier for firms and individuals to access and share information. Cloud computing promises to continue transforming how businesses operate.
Delegate your assignment to our experts and they will do the rest.
Challenges Cloud Computing Creates for Digital Forensics
Privacy concerns are among the main challenges that digital forensic experts face when dealing with cloud computing-related cases (Losavio, Pastukov & Polyakova, 2015). In these cases, the experts may be required to examine confidential, personal and highly sensitive data. As they do this, they are required to protect the identity and privacy of the people involved. Achieving balance between making progress in the investigation and respecting privacy is a delicate and daunting undertaking. The lack of laws that help forensic experts in conducting investigations is another challenge that hampers progress (Lopez, Moon & Park, 2016). It has been observed that laws seem to lag behind technology. As such new technologies as cloud computing are developed, there are no laws that are enacted to accompany these technologies. Digital forensic experts essentially lack a legal framework within which to conduct their affairs.
One of the features of cloud computing is that users cede control to the vendor of the cloud service. This feature presents a problem for digital forensics. The expert lacks the control that they need to access parts of the cloud computing infrastructure needed for a thorough investigation (Almulla, Iraqi & Jones, 2013). The huge volume of data that experts are required to examine is yet another challenge encountered in cloud forensics (Mohammed, Clarke & Li, 2016). Suppose that a digital forensics department is facing a manpower shortage. It can be expected that this department will be unable to fully pursue a case given the huge amounts of data that its few experts will be required to explore. Jurisdictional issues are another challenge that digital forensic experts encounter while conducting investigations (Pichan, Lazarescu & Soh, 2015). Cloud computing solutions are usually spread across different geographical areas where different laws apply. While performing an investigation, the expert may need to gain permission from the authorities in the different areas and ensure that the investigation complies fully with all laws in the different areas. In addition to frustrating the investigation process, the jurisdictional issues also introduce complexities and force investigators to waste valuable time. Other hurdles that investigators should brace for include the physical inaccessibility of data, the fact that the investigator must trust the provider of the cloud computing solution, and the risk of losing highly volatile data (Simou, 2016). Combined, these challenges pose serious threats to the digital forensics process.
Tools and Techniques used to Combat Cloud Challenges
The challenges discussed above present serious threats to the investigation process. Fortunately, various tools and techniques have been developed to enable investigators to perform their mandate. Search warrants which authorize them to conduct investigations in the cloud environment and such software as Autopsy which are used to recover data are some of the tools that the forensic experts use (Desai et al., 2015). Crime-scene reconstruction is another technique that facilitates digital forensic investigation (Rani, Sultana & Sravani, 2016). This technique is ideal for situations where the culprit has deleted information and the investigator is therefore forced to draw conclusions based on observations in the reconstructed scenario. Investigators can also use various programs that are designed to allow for the location and identity of the individual behind an attack to be determined. Such challenges as jurisdictional issues and privacy concerns remain serious problems and there appear to be no effective techniques or tools to address them.
Recommendations for Handling Encrypted Data in the Cloud
Today, more and more vendors are offering encryption services to their clients. While encryption enhances data security, it presents a problem for forensic investigators. In their article, Desai et al. (2015) recommended that if they wish to handle encrypted data, investigators should seek search warrants and appeal to the vendors to cooperate. The search warrants should force the vendor to decrypt the data, thereby facilitating the investigative process. However, it should be noted that the encryption technologies in use today are such that even the vendor is unable to perform decryption. In some cases, the vendors simply refuse to cooperate with the investigator. For example, the FBI was involved in a tussle with Apple over decrypting the phone of a suspect involved in an attack. This case represents the serious hurdles that investigators should expect to encounter as they deal with encrypted data stored in the cloud.
Trends in Mitigating Cloud Challenges for Forensic Investigators
An examination of the measures that forensic investigators have adopted to mitigate the challenges of cloud computing reveals several trends. The heavy reliance on software is one of these trends (Desai et al., 2015). For example, the investigators are using software to prevent perpetrators from hiding their identity. However, for the software to be effective, the cooperation of the cloud computing vendor is needed. Another trend is nations have established ties through which investigators across different jurisdiction can collaborate. Data mining and live forensics are other trends that are defining how forensic investigators operate (Lopez, Moon & Park, 2016). Combined, these trends show that the investigators are dedicated to eliminating the challenges which hamper their work.
In conclusion, cloud computing promises to continue to transform how businesses operate. However, the benefits that this technology presents could be overshadowed by the many challenges that it poses. The challenges include jurisdictional issues, huge volumes of data that investigators need to review and the fact that this data is highly volatile. Investigators also need to contend with data inaccessibility and the risk of violating privacy. To facilitate the work of digital forensic experts, it is critical for all concerned stakeholders to address the challenges.
References
Almulla, S., Iraqi, Y., & Jones, A. (2013). Cloud forensics architecture-related issues. In Cloud forensics: a research perspective. 9 th International Conference on Innovations in Information Technology, 66-71.
Desai, P., Solanki, M., Gadhwal, A., Shah, A., & Patel, B. (2015). Challenges and proposed solutions for cloud forensic. International Journal of Engineering Research and Applications, 5 (1), 37-42.
Lopez, E. M., Moon, S. Y., & Park, J. H. (2016). Scenario-based forensics challenges in cloud computing. Retrieved November 22, 2018 from https://lti.umuc.edu/contentadaptor/topics/byid/678e73a2-c3af-4633-bfd9-32e1ed44773d
Losavio, M., Pastukov, P. S., & Polyakova, S. (2015). Cyber black box/event data recorder: legal and ethical perspectives and challenges with data forensics. The Journal of Data Forensics, Security and Law. Retrieved November 11, 2018 from https://lti.umuc.edu/contentadaptor/topics/byid/ac2d7b63-ebbd-48dc-b6e8-a9dfe6fd1528
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. NIST. Retrieved November 24, 2018 from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-145.pdf
Mohammed, H., Clarke, N., & Li, F. (2016). An automated approach for digital forensic analysis of heterogeneous big data. The Journal of Digital Forensics, Security and Law, 11 (2), 137-152.
Pichan, A., Lazarescu, M., & So, S. T. (2015). Cloud forensics: technical challenges, solutions and comparative advantages. Digital Investigation, 13, 38-57.
Rani, D. R., Sultana, S. N., & Sravani, P. L. (2016). Challenges of digital forensics in cloud computing environment. Indian Journal of Science and Technology, 9 (17). DOI: 10.17485/ijst/2016/v9i17/93051
Simou, S., Kalloniatis, C., Gritzalis, S., & Mouratidis, H. (2015). A survey on cloud forensics challenges and solutions. Security and Communication Networks, 9 (18), 6285-6314.
