Feds Pursue Cloud Forensics Standards - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity

Feds Pursue Cloud Forensics Standards

NIST identifies 65 challenges that forensic investigators face in gathering and analyzing digital information stored in the cloud, seeks help developing standards to aid law enforcement.

 Government Data + Maps: 10 Great Examples
Government Data + Maps: 10 Great Examples
(Click image for larger view and slideshow.)

The National Institute of Standards and Technology has released a draft report for public comment that sets forth the daunting challenges forensic examiners face in tracking down and using digital information stored in the cloud.

The draft report, "NIST Cloud Computing Forensic Science Challenges," sets forth 65 challenges of cloud forensics divided into nine categories that a working group drawn from the government, private sector and academia has identified in the course of its examination of the challenge.

"The long-term goal of this effort is to build a deeper understanding of, and consensus on, the high-priority challenges so that the public and private sectors can collaborate on effective responses," said Martin Herman, co-chairman of NIST's Cloud Computing Forensic Working Group.

[Time to get serious? Read Federal Agencies Must Get Practical About Cloud.]

The study is the catalyst for a focused effort to produce standards that will aid and facilitate cloud forensics in support of U.S. criminal and civil law and related security endeavors.

Cloud forensics involves applying digital forensic science in cloud computing environments to reconstruct past events through identification, collection, examination, and interpretation of digital evidence collected.

The target audience for the study consists of digital forensics examiners and researchers, cloud-security professionals, law enforcement officials and cloud auditors. In a larger sense, though, the study also is directed at cloud policy makers and cloud service consumers.

The cloud creates unique challenges for digital forensic investigators, the report states.

"While the goals of first responders and forensic examiners may be the same in the cloud context in comparison to large-scale network forensics, distinctive features of cloud computing, such as segregation of duties among cloud actors, inability to acquire network logs from the load balancer or routers, multi-tenancy, and rapid elasticity introduce unique scenarios for digital investigations," the report states.

The difficulty of digital forensics with regard to virtualization, large-scale data processing, and the proliferation of mobile devices become even more formidable when those aspects must be addressed in a cloud computing environment, the report states.

The working group gathered an impressive amount of data, which is presented in considerable depth on spread sheets for each of the 65 challenges. The group intends the spreadsheet to serve as a living document that will evolve as stakeholders identify potential technologies and standards that would be useful and practical for addressing each of the challenges.

A mind map of forensic challenges from the NIST report.
A mind map of forensic challenges from the NIST report.

The nine major groups by which the challenges were categorized in the report are architecture, data collection, analysis, anti-forensics, incident first responders, role management, legal, standards, and training. Anti-forensics are a set of techniques used to intentionally prevent or misdirect forensic analysis, such as obfuscation, data hiding, and malware.

The working group holds that the technical challenges must be fully understood so that technologies and standards-based mitigation approaches can be developed to address them and ensure forensic investigators are able to achieve a high rate of success.

In addition to an ongoing dialog with those interested in the topic, the working group will prioritize the challenges, determine gaps in technology, standards, and measurements as they pertain to the challenges, and develop a plan of action to address the gaps.

NIST believes there is a pressing need to develop forensic protocols that major cloud providers eventually would adopt. "These protocols must adequately address the needs of the first responders and court systems while assuring the cloud providers no disruption or minimal disruption to their services," the report states.

Comments on the draft report are due by July 21 and should be submitted using the comment template for NISTIR 8006.

Fully 75% of 536 respondents say their orgs are as or more vulnerable to malicious code attacks and security breaches compared with a year ago. And in the face of a crushing skills shortage, 40% subsist on no more than 5% of the IT budget. Where do we go from here? Get the Research: 2014 Strategic Security Survey report today (registration required).

William Welsh is a contributing writer to InformationWeek Government. He has covered the government IT market since 2000 for publications such as Washington Technology and Defense Systems. View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
7/28/2014 | 5:25:38 PM
You say NIST, I say nah-
I would hope that in implementing the suggestions from the fifty-one glorious pages from the above referenced NIST report that it would result in some kind of gold standard for cloud forensics, but then again, the federal government isn't exactly known for its spectacular skill sets in tech.  
User Rank: Ninja
7/18/2014 | 1:20:25 AM
No Short-Term Solution
The science and technology are evolving so quickly that it would be hard for regulators to get their hands around the issue in any case. The budget crunches that that federal agencies are now going through turn "hard" into nearly impossible.
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Northwestern Mutual CIO: Riding Out the Pandemic
Jessica Davis, Senior Editor, Enterprise Apps,  10/7/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Flash Poll