Digital forensicsCloud computing poses technical challenges for digital crime-fighters

Published 15 July 2014

The ultimate in distributed computing, cloud computing is revolutionizing how digital data is stored, processed, and transmitted. It enables convenient, on-demand network access to a shared pool of configurable computing resources, including servers, storage, and applications. The characteristics that make this new technology so attractive also create challenges for forensic investigators who must track down evidence in the ever-changing, elastic, on-demand, self-provisioning cloud computing environments.

The National Institute of Standards and Technology (NIST) has issued for public review and comment a draft report summarizing sixty-five challenges that cloud computing poses to forensics investigators who uncover, gather, examine, and interpret digital evidence to help solve crimes.

The report, NIST Cloud Computing Forensic Science Challenges, was prepared by the NIST Cloud Computing Forensic Science Working Group, an international body of cloud and digital forensic experts from industry, government and academia.

Through the report, the working group aims to initiate a dialogue on forensic science concerns in cloud computing ecosystems. “The long-term goal of this effort,” explains NIST’s Martin Herman, co-chair of the working group, “is to build a deeper understanding of, and consensus on, the high-priority challenges so that the public and private sectors can collaborate on effective responses.”

A NIST release reports that the ultimate in distributed computing, cloud computing is revolutionizing how digital data is stored, processed, and transmitted. It enables convenient, on-demand network access to a shared pool of configurable computing resources, including servers, storage, and applications. Benefits include cost savings, convenience, and greater flexibility in how businesses and other consumers employ information technology.

The characteristics that make this new technology so attractive also create challenges for forensic investigators who must track down evidence in the ever-changing, elastic, on-demand, self-provisioning cloud computing environments. Even if they seize a tablet or laptop computer at a crime scene, digital crime fighters could come up empty handed if these devices are linked to pooled resources in the cloud.

Technical challenges — the focus of the draft report — abound, but almost all intersect with legal and organizational issues. NIST says that the sixty-five challenges that the working group identified are divided among nine categories. These include architecture, data collection, analysis, standards, training, and “anti-forensics” such as data hiding and malware.

These technical challenges “need to be understood in order to develop technology and standards-based mitigation approaches,” the draft report says.

The NIST Cloud Computing Forensic Science Working Group is requesting comments from the public on the draft of NIST Cloud Computing Forensic Science Challenges by 21 July 2014.

The draft is available here. The comment template can be downloaded here.