New NIST Publication Offers Insights to Challenges in Cloud Computing Forensic Science
The National Institute of Standards and Technology (NIST) has released their recent free publication, NIST Cloud Computing Forensic Science Challenges, that highlights the key takeaways of common forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challenges are presented along with the associated literature that references them. The report was created in partnership with The Information Technology Laboratory (ITL) who helped provide research, testing, proof of concept scenarios and more.
In the executive summary it states “With the rapid adoption of cloud computing technology, a need has arisen for the application of digital forensic science to this domain. The validity and reliability of forensic science is crucial in this new context and requires new methodologies for identifying, collecting, preserving, and analyzing evidence in multi-tenant cloud3 environments that offer rapid provisioning, global elasticity, and broad network accessibility” offering insight into the purpose behind the publication.
The topics within the report revolve around cloud computing forensics, digital forensics, forensic science, and forensics challenges. The recent publication brings the newest changes in the document since the 2014 drafted version. The document is broken up into five segments:
- Background & purpose of the document
- Overview on the cloud computing forensic science field and defining what defines a challenge respective to the field
- Cloud forensic challenges faced
- Analysis of these challenges
- Conclusions & take-aways
One note able are of the document is the format in which it categorizes the challenges faced. When looking at each of these categories as a whole it maps out a range of possible risk scenarios for legal teams to consider. The categories of challenges are:
- Architecture (e.g., diversity, complexity, provenance, multi-tenancy, data segregation)
- Data collection (e.g., data integrity, data recovery, data location, imaging)
- Analysis (e.g., correlation, reconstruction, time synchronization, logs, metadata, timelines)
- Anti-forensics (e.g., obfuscation, data hiding, malware)
- Incident first responders (e.g., trustworthiness of cloud Providers, response time, reconstruction)
- Role management (e.g., data owners, identity management, users, access control)
- Legal (e.g., jurisdictions, laws, service level agreements, contracts, subpoenas, international cooperation, privacy, ethics).
- Standards (e.g., standard operating procedures, interoperability, testing, validation)
- Training (e.g., forensic investigators, cloud Providers, qualification, certification)
The publication serves as a great resource both for forensic investigators looking to further their real-world scenarios surrounding cloud challenges, but also someone who is trying to educate themselves in cloud forensics. There is a wealth of definitions, analysis and clarifications supporting topics to provide value regardless of your forensic proficiency.
The full publication is available for viewing and download free at NIST.gov, you can find the direct link here: https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8006.pdf
[1] NISTIR 8006 NIST Cloud Computing Forensic Science Challenges National Institute of Standards and Technology (Web 3 Sep 2020)https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8006.pdf