Cyber Forensics in the Cloud – Magazine Article20/08/2011
Cyber Forensics in the Cloud
In volume 14 of the IAnewsletter, an article about forensics in the cloud was published. Although this magazine is more focussing on industry related readers and most of the topics in the article are already known, the article by Scott Zimmermann and Dominick Glavach was quite interesting to read.
Especially the aspect of time synchronization is important, imho. All involved entities during and before an investigation have to have time synchronization. Otherwise, evidence matching will be difficult, especially in front of a court.
Another interesting topic was “tools for performing”: If you ask me, it is not possible to create ONE specific tool for cloud forensics due to the current lack of standards. In most of the cases, you have to combine several other tools in order to get your results. In the future, in case there will be ONE standard for all cloud implementations , one tool could solve a lot of forensic issues – but this will hardly be realistic.
The authors talk in the article about signature based analysis for forensic collections – I do not think that this method will be applicable in real world scenarios. The past has shown that the AV industry pretty much fails if it comes to reach the 100% detection rate. 90% reliable evidence within digital forensic investigations is not enough.
Magazine paper by Dominick Glavach and Scott Zimmermann – PDF Download