To put it in simple terms, Cloud forensics combines Cloud computing and digital forensics, which mainly focuses on the gathering of digital forensic information from a Cloud infrastructure. this suggests working with a set of computing resources, like network assets, servers (both physical and virtual), storages, applications, and whatever service is provided. for many situations, this environment will remain (at least partially) live, and may be reconfigured quickly with minimal effort. within the end, any kind of evidence collected must be suitable for presentation during a court of law.
What are the kinds of Cloud Architectures?
Before going any longer into Cloud forensics, it’s important to possess a correct understanding of basic Cloud concepts:
There are three options of service models that outline your Cloud architecture:
Infrastructure as a service (IaaS) delivers basic computer infrastructure (typically a platform virtualization environment) as a service, along side raw space for storing and networking capabilities.
Platform as a service (PaaS) is that the delivery of a whole computing platform and solution stack as a service, including all of the facilities required to support the entire life cycle of building and delivering web applications and services entirely available from the web . this enables the deployment of applications without the value and complexity of shopping for and managing the underlying hardware and software and provisioning hosting capabilities.
Also Read: Parrot OS vs Kali Linux : Which is Best for Ethical Hacking
Software as a service (SaaS) could also be understood as “on-demand software.” during this model, software and any associated data are hosted centrally and typically accessed by users employing a thin client, like an internet browser over the web .
If you’re using an external Cloud provider, it’s important to know that the lower down the stack your provider stops, the more you’re directly liable for implementing and managing security measures . as an example , if you’re using IaaS, it’s expected that you simply are responsible of far more controls which will affect Cloud forensics than when employing a PaaS or SaaS model.
What are the kinds of Clouds?
Once you’ve got chosen your architecture, subsequent step is defining your deployment option. There are four basic Cloud types:
Public Cloud: this is often the foremost common sort of Cloud offered by big players like Amazon Web Services (AWS) and Google. during a public Cloud, the infrastructure is formed available to the overall public, so you’ll be sharing resources with other companies.
Private Cloud: during this deployment option, the Cloud infrastructure is operated solely for one organization. consider it as your basic datacenter (located on-premise or off-premise) using Cloud technology and ideas . you’ll prefer to manage it directly or maybe have a 3rd party controlling it.
Community Cloud: A community deployment means the Cloud infrastructure is shared by several organizations and supports a selected community that has shared concerns. Either managed directly by the organizations or by a 3rd party, it’s going to be located on-premise or off-premise. as an example , this is often an honest option for highly regulated industry (e.g., healthcare) that doesn’t want or got to build a personal environment, but might not be ready to use a public Cloud.
Hybrid Cloud: As its name suggests, this delivery option combines two or more Clouds (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that permits data and application portability (e.g., Cloud bursting for load-balancing between Clouds).
Where is Forensic Evidence most ordinarily Found within the Cloud?
So, now that the essential concepts are clear, there’s one vital question for Cloud forensics: Where is forensic evidence most ordinarily found within the Cloud? the primary step is to understand exactly where your data is and the way much direct access you’ve got to the infrastructure supporting it. As we stated before, it’s important to understand what Cloud type and deployment option you’re using. The lower down the Cloud stack your provider stops, the more direct control you’ve got over data and evidence.
For instance, if you’re employing a private Cloud, it’s quite likely that you simply have direct access to your hardware infrastructure and your Cloud forensics won’t diverge an excessive amount of from the standard digital forensics. On the opposite hand, if you’re employing a SaaS model over a public Cloud, initially evidence collection are going to be limited to whatever your provider offers in terms of logs or audit reports. aside from that, it all falls under what’s covered on your contract, so special attention should be paid to your service level (SLA). If your agreement isn’t clear on what level of forensics information your service provider is sure to make available, and also how soon they’re required to try to it, you’ll end up during a very bad situation.
Also, if your data isn’t on-premise, you’ve got to form bound to know where it’s physically stored. this might affect your company from a legal standpoint, since laws and regulations may differ greatly counting on what state or country your information is stored in.
Conclusion
All in all, Cloud forensics is complex subject that demands a high level of experience. If you’re with a corporation that desires to possess its own digital/Cloud forensics team, you’ll be surprised by the shortage of experienced professionals readily available on the market: the present cybersecurity skill gap means the value of an expert is on the increase , yet most businesses will put up quite fight before letting a talented professional go. On the opposite hand, if you’re a private with the will to advance your career, this is often the right time and that we , the InfoSec Institute, can assist you .