In this growing digital era, there is a significant growth in adaptation of Cloud computing across various industries. As technology continues to evolve and organizations are adapting to Cloud computing on an ongoing basis, threats continue to grow in sophistication and in complexity. The number of applications migrating to cloud across various industries has been growing consistently since cloud platforms support enterprises with a more secure channel for storing their content, applications, and data.

When data is stored in a cloud computing environment, it is segmented into single data structures, and further divided into elements. Configurations and controls of cloud are complicated in design which makes the process of identifying and acquiring data becomes very difficult. Data that lacks protection and reliability will become complicated for digital forensic investigators who need to ensure that the data is comprehensive, broad and certifiable for utilising the acquired data in criminal or corporate investigations. Large clouds often have functions distributed over multiple locations, each location being a data centre. The nature of cloud computing – particularly cloud service provider management and distribution over multiple locations – makes forensic investigations difficult and seemingly impossible.

Access to data is extremely crucial in the cloud and data loss has become an emerging risk in the current threat landscape. For moving to cloud, all organizations are required to have a robust cloud security posture to be imperative. With security threats regularly developing into more sophisticated structures, cloud security is no less at risk than an on-premises ecosystem. Lack of control over the data and misconfigurations have been key threats in the cloud atmosphere. Protecting the data from internal / external threats are vital and critical to business. Cloud forensics makes this hunt for evidence a little more complex. While the investigator follows the same methods in cloud forensics as they would in traditional digital forensics, the lines may blur on who owns the evidence and where it’s admissible in court.

Some of the key benefits of Digital forensics

  • Deleted data can be recovered.
  • Finding of data is unrestricted.
  • Useful in criminal investigations
  • Identifies the data in unallocated spaces as well to analyse the type of data.
  • Identifies and minimizes the risks involved.
  • Analyse and recover evidence.

With cloud-based services, data may be stored off-site in several locations, or on a server owned by a third party. The rules are determined by the types of services involved and through forensic analysis.

A typical forensic analysis is composed of the following steps

Cybercrimes have increased so extensively that the underground suppliers are cropping up on the dark web offering easy access to the tools, programming frameworks, and services required to carry out cyberattacks.

Some of the major challenges that’s faced by the digital forensics combating cybercrimes are

  • Dealing with variability in cloud architectures between Providers
  • Tenant data classification and isolation during resource provisioning
  • Creation of systems, locations, and endpoints that can store data.
  • Accurate and secure provenance for maintaining and preserving chain of custody.
  • Locating forensic artifacts in large, distributed, and dynamic systems
  • Correlation of forensic artifacts across and within cloud Providers
  • Reconstruction of events from virtual images or storage
  • Malware may thwart virtual machine isolation methods.
  • Lack of interoperability among cloud Providers
  • Locating and collecting volatile data
  • Data collection from virtual machines

Cyber Forensic model

The recent studies have examined challenges related to cloud computing forensics, traditional computer forensics and the centralized nature of IT systems to understand the controls that the investigators have over the forensic artifacts (e.g., access logs, security logs, process logs, hard disks). However, in a cloud Ecosystem, the distributed nature of IT systems dictates that control over the functional layers varies among cloud Actors depending on the type of cloud service models designed or configured. Hence, the level of visibility and control over the forensic artifacts become very difficult for the investigators to analyse the data during any complaint or investigation scenario.

Issues related to acquiring, storing, and processing large amounts of data for forensic purposes have been causing problems for at least a decade, and are now intensified by the availability and prevalent marketing of digital information. To aid in this quest, digital forensics standards and frameworks are required now more than ever in our networked environment. Therefore, organizations are required to be more diligent while engaging with cloud service providers and strengthen their current security posture to become more resilient. The need to take necessary steps to ensure they have access to their data and in turn to keep it available when they encounter an event that needs digital forensics is becoming the need of hour.

About the Author

Kavitha Srinivasulu

Kavitha Srinivasulu

Global Head - Cyber Risk & Data Privacy – R&C BFSI, Tata Consultancy Services

Kavitha Srinivasulu has around 20 years of experience focused on Cybersecurity, Data Privacy & Business Resilience across BFSI, Financial services, Retail, Manufacturing, Health care, IT Services and Telecom domains. She has demonstrated her core expertise in Risk Advisory, Business Consulting and Delivery assurance with diverse experience across corporate and Strategic Partners. She is a natural leader with versatility to negotiate and influence at all levels. The views and opinions expressed by Kavitha in this article are only from her personal side and not representing her company viewpoints or sharing any of her customers views.

Disclaimer

The information contained in the article represents the views and opinions belong solely to the author, and not necessarily to the author's employer, organization, committee, or other group or individual.