Within the realms of digital forensics analysts traditionally performed
analysis on static data, either from a core dump, bit to bit imaging etc.
Recently we have seen an increased focus directed at the live forensics
environment. As users rely more on mobile and other remote devices to access
data on demand; data possibly held in some manner of cloud environment,
investigators will have to adapt their mode of investigations to suit.
I recall reading a marketing pitch a while aback where some vendor claimed
that an advantage of Cloud Computing is, an ability to conduct live forensics
without disrupting mission critical systems. How effective this claim may be,
is subject to examination.
According to Brian Carrier - "The only difference between a live and a dead
analysis is the reliability of the results; a live analysis techniques use
software that existed on the sys... (more)
Web-services research and protocol applications have been around and in use
for quite some time now. With the potential Capex and Opex savings
enterprises can potentially realise from utilizing a cloud computing service
model, there should also be added focus on ensuring that security is properly
implemented either in authentication or authorization.
Cloud Computing, with its foundation in the world of virtualization, can take
advantage of key aspects of web service implementations and security
practice; but only to a point. Web service policies are based on a static
model that ... (more)
Cloud Computing offers a sense of "vastness" in terms of storage and remote
processing. According to Simpson Garfinkil, a major challenge to any digital
forensics investigator investigating data within the cloud; can be an
inability to locate or identify data or code that is lost when single data
structures are split into elements.
This in effect directly impacts forensic visibility.
Within this ecosystem a major concern can be access to and the preservation
of data within an on-going digital forensic investigation. Of consideration
as mentioned in Part 1 - is that in a live and ... (more)
Digital Forensics is not an elephant, it is a process and not just one
process, but a group of tasks and processes in investigation. Examiners now
perform targeted examinations using forensic tools and databases of known
files, selecting specific files and data types for review while ignoring
files of irrelevant type and content. Despite the application of
sophisticated tools, the forensic process still relies on the examiner's
knowledge of the technical aspects of the specimen and understanding of the
case and the law - Mark Pollitt.
As has been established from articles by var... (more)
As mentioned in Part 1 of this article, one of my functions is to research
current and up and coming solutions within the technology realm, particularly
that of distributed computing and cloud computing.
It is a strong possibility that malicious users will eventually identify and
exploit potential flaws within the cloud computing model. CSPs, in their
pursuit to secure market share may have underestimated the possibilities of
attack and misuse of their cloud resources by a malicious user or users.
The likelihood that the creation, storage, processing and distribution of
illicit ... (more)