With the adaption of Cloud computing (CC) specially in Governmental and Commercial sectors raised great concerns about security . On average the lack of trust on privacy and security in CC is one of showstopper to its widespread usage.
One aspect of security which lacks further consideration in CC is Forensic. Mostly Forensic is used by either Law enforcement through guide (1) or by System owner after Incident occurs.
Why the Game in case of Forensic of cloud is more tough is the distributed nature of Cloud . What does it mean ? let me first describe in brief what is Cloud computing ..
According to NIST (2) , CC enable computing in a form of Utility like you have water , gas and electricity in your house. Organization does not host their computing and storage system inhouse but rather deploy them in Cloud .
Why this makes life tough for Forensic investigator ?
First the IT-Asset is not confined in a static boundary rather it is distributd and often across borders-
Second, the users have admin access on cloud instances which they can use to circumvent cloud provider security and to clean traces for forensic evidences.
Third, The lack of tools and procedures for address the above issues.
1) 7Safe Computer Forensics, ACPO guidelines for computer investigations and electronic evidence, http://www.7safe.com/electronic_evidence/2009
2) NIST, Definition of Cloud computing http://csrc.nist.gov/groups/SNS/cloud-computing