A new publication by the National Institute for Standards and Technology (NIST) details how cloud computing is hurting forensic science investigation efforts, and calls for more research into standards and tech that could mitigate those challenges.
NIST Cloud Computing Forensic Science Challenges, released August 25, is meant to begin a dialogue on cloud-based forensic dialogue challenges through extensive research by an agency working group on the subject.
“With the rapid adoption of cloud computing technology, a need has arisen for the application of digital forensic science to this domain,” the document states. NIST explains that the validity and reliability of forensic science is crucial to U.S. criminal justice and civil litigation, and that analyzing evidence in a cloud environment is an important hurdle to overcome.
In a cloud ecosystem, the publication suggests, the distributed nature of IT systems provides a lower level of visibility and control over forensic artifacts. The challenges cited by NIST in the publication span across nine topic areas: architecture, data collection, analysis, anti-forensics, incident first responders, role management, legal, standards, and training.
NIST cited challenges with dealing with variability in cloud architectures between service providers and the possibility of malware circumventing virtual machine isolation methods. Other possible problem areas included identifying jurisdiction for legal access to data, the integrity of metadata, and missing standards of practice.
In its effort to identify cloud computing challenges, NIST officials also made several general observations about the state of the technology in a forensics environment. Time synchronization, locating digital media, and access to sensitive data could all pose future problems for forensic scientists as they implement cloud technology, the report states.