The National Institute of Standards and Technology (NIST) has issued for public review and comment a draft report summarizing 65 challenges that cloud computing poses to forensics investigators who uncover, gather, examine and interpret digital evidence to help solve crimes.
The report, NIST Cloud Computing Forensic Science Challenges,* was prepared by the NIST Cloud Computing Forensic Science Working Group, an international body of cloud and digital forensic experts from industry, government and academia.
Through the report, the working group aims to initiate a dialogue on forensic science concerns in cloud computing ecosystems. “The long-term goal of this effort,” explains NIST’s Martin Herman, co-chair of the working group, “is to build a deeper understanding of, and consensus on, the high-priority challenges so that the public and private sectors can collaborate on effective responses.”
The ultimate in distributed computing, cloud computing** is revolutionizing how digital data is stored, processed and transmitted. It enables convenient, on-demand network access to a shared pool of configurable computing resources, including servers, storage and applications.
Benefits include cost savings, convenience and greater flexibility in how businesses and other consumers employ information technology.
The characteristics that make this new technology so attractive also create challenges for forensic investigators who must track down evidence in the ever-changing, elastic, on-demand, self-provisioning cloud computing environments. Even if they seize a tablet or laptop computer at a crime scene, digital crime fighters could come up empty handed if these devices are linked to pooled resources in the cloud.
Technical challenges — the focus of the draft report — abound, but almost all intersect with legal and organizational issues. The 65 challenges that the working group identified are divided among nine categories. These include architecture, data collection, analysis, standards, training and “anti-forensics” such as data hiding and malware.
These technical challenges “need to be understood in order to develop technology and standards-based mitigation approaches,” the draft report says.
The NIST Cloud Computing Forensic Science Working Group is requesting comments from the public by July 21, 2014, on the draft of NIST Cloud Computing Forensic Science Challenges. The draft is available at http://csrc.nist.gov/publications/drafts/nistir-8006/draft_nistir_8006.pdf; the comment template can be downloaded from http://csrc.nist.gov/publications/PubsDrafts.html.
*NIST Cloud Computing Forensic Science Working Group. NIST Cloud Computing Forensic Science Challenges (Draft) (NIST Interagency Report 8006). June 2014. Available at http://csrc.nist.gov/publications/drafts/nistir-8006/draft_nistir_8006.pdf.
**P. Mell and T. Grance. The NIST Definition of Cloud Computing (NIST Special Publication 800-145). September 2011. Available at www.nist.gov/manuscript-publication-search.cfm?pub_id=909616.