illustrator, 123RF.com
New approaches for forensics in cloud environments
Cloudy Outlook
Saying that computer forensics investigations are necessary in the cloud, or maybe especially in the cloud – to assess risk correctly and arm yourself against attacks effectively – may seem like stating the obvious. However, the scientific community has ignored the issue of forensics in cloud environments thus far. Interestingly, some authors pointed out as early as 2009 a lack of publications on the cloud security problem and on corresponding legal issues [1]. This paucity of information was confirmed by other publications [2] [3]. Despite this, the topic is still largely overlooked and a huge amount of work remains for scientists, especially in the field of incident handling in cloud environments [4].
At the same time, many companies are investing heavily in new cloud environments and then migrating services to the cloud. Although debate is increasing on security and data protection problems, the apparent advantages for user seem to take priority.
Problems in Cloud Forensics
One classic problem in forensics is the fact that the evidence is generally characterized by its fragility and volatility. When you are collecting new evidence in particular, you must be careful not to falsify or even destroy the evidence. This problem is not restricted to the digital world but applies equally to, say, forensic medicine. The advantage of collecting digital evidence has always been that the investigator can create a one-to-one copy of the data medium in many scenarios before starting to analyze the evidence. This approach is effective in preventing the destruction of potential evidence by the analysis process, but, in a cloud environment, is typically not so easy to
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Cloud Forensics
Is your data really secure in the cloud? If a compromise occurs, current forensic approaches will not work and new techniques and standards will be needed.
-
Forensic Tools
Criminals often focus on browsers for various attacks because they are a worthwhile, attractive, and often easy target. However, admins can investigate such attacks with forensic tools that provide the ability to reconstruct browser sessions.
-
Comparison of forensic toolkits for reconstructing browser sessions
Criminals often focus on browsers for various attacks because they are a worthwhile, attractive, and often easy target. However, admins can investigate such attacks with forensic tools that provide the ability to reconstruct browser sessions. -
Forensic Analysis on Linux
In computer forensics, memory analysis is becoming increasingly important as a means for investigating security incidents. In this article, we provide an overview of the various memory dumping options on Linux and introduce the support in Linux for the Volatility Analysis Framework.
-
Digital Forensics
Consider a new direction in system administration.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
