Considering the Challenge of Cloud Forensics? A New Publication from NIST

According to NIST in its recently published paper on forensic science challenges and the cloud, “Cloud computing has revolutionized the methods by which digital data is stored, processed, and transmitted.” The paper goes on to highlight that, “One of the most daunting new challenges is how to perform digital forensics in various types of cloud computing environments. The challenges associated with conducting forensics in different cloud deployment models, which may cross geographic or legal boundaries, have become an issue.” The complete paper, NIST Cloud Computing Forensic Science Challenges, published in August of 2020, aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Content Assessment: NIST Cloud Computing Forensic Science Challenges

Information - 95%
Insight - 95%
Relevance - 90%
Objectivity - 90%
Authority - 100%



A short percentage-based assessment of the qualitative benefit of the recent post sharing NIST's recent publication on cloud forensics.

Editor’s Note: The National Institute of Standards and Technology (NIST) recently announced the publication of a paper that defines and discusses a set of challenges related to achieving effective cloud computing forensics. The paper, NISTIR 8006, NIST Cloud Computing Forensic Science Challenges, notes that mitigating cloud forensic science challenges is important for cloud-based system owners, cloud forensic tool developers, forensic investigators, as well as for the development of forensic-ready solutions. According to NIST, efforts in this area will support criminal justice and civil litigation systems and provide capabilities for security incident response and internal enterprise operations.

NISTIR 8006, NIST Cloud Computing Forensic Science Challenges*

Authored by Martin Hermin, Michaela Iorga, Ahsen Michael Salim, Robert Jackson, Mark Hurst, Ross Leo, Richard Lee, Nancy Landreville, Anand Kumar Mishra, Yien Wang, and Rodrigo Sardinas

Extract – Cloud Computing Forensic Science

Many experts consider forensic science to be the application of a broad spectrum of sciences and technologies to the investigation and establishment of facts of interest in relation to criminal law, civil law, or regulatory issues. The rapid advance of cloud services requires the development of better forensic tools to keep pace. However, the resulting techniques may also be used for purposes other than legal and regulatory issues to reconstruct an event that has occurred.

Cloud computing forensic science is the application of scientific principles, technological practices, and derived and proven methods to reconstruct past cloud computing events through the identification, acquisition, preservation, examination, interpretation, and reporting of potential digital evidence.

NIST defines cloud computing as a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. Cloud forensics is a process applied to an implementation of this cloud model.

A number of researchers have defined cloud forensics as the application of digital forensic science in cloud environments. Technically, it consists of a hybrid forensic approach (e.g., remote, virtual, network, live, large-scale, thin-client, thick-client, including end-point devices used to access cloud services) to the discovery of digital evidence. Organizationally, it involves interactions among cloud Actors (i.e., Provider, Consumer, Broker, Carrier, Auditor) for the purpose of facilitating both internal and external investigations. Legally, it often implies multi-jurisdictional and multi-tenant situations.

Various process models have been developed for digital forensics, including the following eight distinctive steps and attributes:

  1. Search authority. Legal authority is required to conduct a search and/or seizure of data.
  2. Chain of custody. In legal contexts, chronological documentation of access and handling of evidentiary items is required to avoid allegations of evidence tampering or misconduct.
  3. Imaging/hashing function. When items containing potential digital evidence are found, each should be carefully duplicated and then hashed to validate the integrity of the copy.
  4. Validated tools. When possible, tools used for forensics should be validated to ensure reliability and correctness.
  5. Forensic analysis is the execution of investigative and analytical techniques to examine, analyze, and interpret the evidentiary artifacts retrieved.
  6. Repeatability and reproducibility (quality assurance). The procedures and conclusions of forensic analysis should be repeatable and reproducible by the same or other forensic analysts.
  7. Reporting. The forensic analyst must document his or her analytical procedure and conclusions for use by others.
  8. Presentation. In most cases, the forensic analyst will present his or her findings and conclusions to a court or other audience.

In order to carry out digital forensic investigations in the cloud, these steps need to be applied or adapted to the cloud context. Many of them pose significant challenges. This document is focused on the forensic analysis of artifacts retrieved from a cloud environment. A related discipline, which is not addressed here, focuses on carrying out the forensic process using a cloud environment. This involves using the cloud to perform examination and analysis of digital evidence.

Read the Complete Publication on Cloud Computing Forensic Science Challenges (PDF)

NISTIR 8006 – NIST Cloud Computing Forensic Science Challenges – August 2020

Read more on Cloud Computing Forensics

Additional Reading

Source: ComplexDiscovery

Published with permission.

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

The results of the recent Summer 2020 eDiscovery Business Confidence Survey present the unfortunate and continuing impact of COVID-19 on the business of eDiscovery. However, for these pandemic-driven results to be fully understood, they should be viewed through the contextual lens of the results of all nineteen surveys that have been administered to eDiscovery professionals since the inception of the eDiscovery Business Confidence Survey in early 2016.

Check Out the Observations Now!

Interested in Contributing?

ComplexDiscovery combines original industry research with curated expert articles to create an informational resource that helps legal, business, and information technology professionals better understand the business and practice of data discovery and legal discovery.

All contributions are invested to support the development and distribution of ComplexDiscovery content. Contributors can make as many article contributions as they like, but will not be asked to register and pay until their contribution reaches $5.

Festive or Restive? The Fall 2020 eDiscovery Business Confidence Survey

Since January 2016, 2,189 individual responses to nineteen quarterly eDiscovery Business...

Blue-Sueded? Considerations for Decision Making

While an understanding of decisions from definitions and elements to cornerstones...

Socially Acceptable? EDBP Guidelines on the Targeting of Social Media Users

According to the recently published EDPB guidelines on the targeting of...

What is Kratt? A Vision and Concept for Artificial Intelligence in Estonia

Published originally on Independence Day in Estonia, the vision and concept...

A Running List: Top 100+ eDiscovery Providers

Based on a compilation of research from analyst firms and industry...

The eDisclosure Systems Buyers Guide – 2020 Edition (Andrew Haslam)

Authored by industry expert Andrew Haslam, the eDisclosure Buyers Guide continues...

The Race to the Starting Line? Recent Secure Remote Review Announcements

Not all secure remote review offerings are equal as the apparent...

Enabling Remote eDiscovery? A Snapshot of DaaS

Desktop as a Service (DaaS) providers are becoming important contributors to...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Revisions and Decisions? New Considerations for eDiscovery Secure Remote Reviews

One of the key revision and decision areas that business, legal,...

A Macro Look at Past and Projected eDiscovery Market Size from 2012 to 2024

From a macro look at past estimations of eDiscovery market size...

An eDiscovery Market Size Mashup: 2019-2024 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Festive or Restive? The Fall 2020 eDiscovery Business Confidence Survey

Since January 2016, 2,189 individual responses to nineteen quarterly eDiscovery Business...

Casting a Wider Net? Predictive Coding Technologies and Protocols Survey – Fall 2020 Results

The Predictive Coding Technologies and Protocols Survey is a non-scientific semi-annual...

Business as Unusual? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2020

Based on the aggregate results of nineteen past eDiscovery Business Confidence...

A Growing Concern? Budgetary Constraints and the Business of eDiscovery

In the summer of 2020, 56% of respondents viewed budgetary constraints...

ayfie to Acquire Haive

According to Johannes Stiehler, CEO of ayfie Group AS, “This acquisition...

Innovative Discovery and Integro Merge

“Integro and Innovative Discovery’s services and solutions are highly complementary. Our...

Software Growth Partners Makes Majority Investment in Venio Systems

According to the press announcement, industry analysts have enthusiastically supported this...

Reveal Acquires NexLP

According to Jay Leib, Co-Founder and CEO of NexLP, "We chose...

Five Great Reads on eDiscovery for August 2020

From predictive coding and artificial intelligence to antitrust investigations and malware,...

Five Great Reads on eDiscovery for July 2020

From business confidence and operational metrics to data protection and privacy...

Five Great Reads on eDiscovery for June 2020

From collection market size updates to cloud outsourcing guidelines, the June...

Five Great Reads on eDiscovery for May 2020

From review market sizing revisions to pandemeconomic pricing, the May 2020...