Below is an abstract of the research I am currently conducting under the supervision of Dr. Stilianos Vidalis.
I believe it to be a topic that will fuel debate and discussion on the premise that Gartner Consulting, in 2008 suggested that investigating inappropriate or illegal activity may be impossible in Cloud Computing.
Abstract
Cloud Computing & The Impact On Digital Forensic Investigations
CLOIDIFIN
Cloud Computing (CC) as a concept and business opportunity is likely to see many organisations experiencing the ‘credit crunch’, embrace the relatively low cost option of CC to ensure continued business viability and sustainability. The pay-as-you-go structure of the CC model that is available is typically suited to SME’s who do not have the resources to completely fulfil their IT requirements. However, as with many opportunities that offer legitimate users enormous benefits, unscrupulous and criminal users will also look to use CC to exploit the many loopholes that may exist within this new concept, design and IT model.
CLOIDIFIN is a research project that will highlight the vulnerabilities of the cloud and the impact it will have on the digital forensic investigation that could ensue following a crime, policy contravention or data compromise episode.
Traditional digital forensic methodologies permit investigators to seize equipment and perform detailed analysis on the media and data recovered. The likelihood therefore, of the data being removed, overwritten, deleted or destroyed by the perpetrator in this case is low. More closely linked to a CC environment would be businesses that own and maintain their own multi-server type infrastructure, though this would be on a far smaller scale in comparison. However, the scale of the cloud and the rate at which data is overwritten is of concern. Live digital forensics is a technique that is also currently in its infancy, which CLOIDIFIN will test to establish suitability. E-discovery and the vendor being subpoenaed to retrieve data of potential evidential value will also be researched and tested for aptness.
Jeff Barr, Amazons cloud evangelist, questioned in October 2008, was unable to answer probing questions regarding what vendors are doing to enable future investigations to proceed effectively. The initial thought is that CC vendors cannot ensure that data which could be used as evidence will be complete, retrievable or verifiable. Therefore, it is possible that evidential artefacts will be unreliable and incomplete.
CLOIDIFIN will research ways of highlighting this weakness and work closely with law enforcement agencies, independent investigators and vendors to minimise the impact this concept will have on investigations and the success rate for prosecutions.
Gartner Consulting (2008), a firm that provides fact-based consulting services that help clients use and manage IT to enable business performance, comments:
Investigating inappropriate or illegal activity may be impossible in cloud computing, Gartner warns. "Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across an ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation—along with evidence that the vendor has already successfully supported such activities—then your only safe assumption is that investigation and discovery requests will be impossible."
This statement is what CLOIDIFIN will endeavour to clarify. Whether or not traditional techniques, methodologies and tools are effective at investigating the cloud and if it is impossible to perform such an investigation on this new IT model phenomena.
Written by Stephen J. Biggs under the supervision of Dr Stilianos Vidalis - 2009.
Twitter 
Linkedin 
ZDNet UK App 
Facebook 
RSS Feeds 
Newsletters 
Talkback
The current issue (April 2009) of PCPlus magazine has run a 6 page article on Cloud Computing by Jon Thompson. The article is titled: ‘Cloud computing: Blessing or curse?’ PCPlus states: “Over the past 18 months, Jon Thompson has witnessed the birth of growth of cloud computing and tracked its growth into its current multimillion dollar form.”
The article looks at the pros, the cons and offers a verdict on the concept of cloud computing (CC). The article highlights that breaches have already been made in the security of, “major cloud service providers” and also concludes that “cloud services will inevitably become prime hotspots for everyone from fraudsters to e-terrorists.”
As my abstract points out, there are often enormous benefits to legitimate users of CC, yet the criminal fraternity are always looking for the loopholes and frailties that may exist, with a view to exploiting them for various unscrupulous means.
Data as a commodity is of a magnitude today that is unprecedented. The ways in which businesses handle that data is also changing. The CC model challenges the psyche of data controllers and the vulnerabilities that exist. IT professionals on both sides of the CC fence need to work closely together, if CC is to become a safe business and home user opportunity, whereby strategic plans and service agreements need to be efficient to ensure data integrity, confidentiality and availability.
From a digital investigators point of view, the barriers that exist are still uncharted. Feedback from the CLOIDIFIN research so far has revealed that there have been no investigations performed on illegal activities within the cloud environment. However, how long will it be before the methodologies, tools and techniques, along with the cross-border legislative issues are tested both during the investigation and when the case is presented before the courts?