Cloud forensics, or cloud forensics, refers to investigations focused on crimes that mainly occur in this environment. This includes and covers all known types of cyber-attacks, such as data breaches or identity theft. The good application of these forensic techniques provides protection to the owner of the information and a greater level of confidence and security for the future.
It is a concept that can be perfectly assimilated with computer forensics, which refers to the set of procedures and methodological techniques that allow the identification, collection, preservation, interpretation and documentation (among other tasks) of evidence in computer equipment when a crime occurs crime.
Digital forensic services helps investigators ensure the integrity and availability of infrastructures; obtain evidence of cybercrime; ensure data protection and compliance; assist in the protection of online crimes; minimize the losses that organizations suffer when a security incident occurs and much more.
The Evolution of Forensic Analysis in IT Services
Traditional digital forensics is widely accepted as one of the best tools for solving cybercrimes. Thanks to these techniques, it is possible to gather software evidence and data, among other things that contribute to the location of cybercriminals or to clarify the facts associated with a crime.
The evidence found after the different analyzes can be used in a trial, as long as we are within the same jurisdiction. This point is, perhaps, the one that implies the greatest differences between traditional digital forensic science and cloud forensics.
In the latter case, the search for evidence is more complex because it may be more complicated to clearly define who the owner of the evidence is or in which court it is admissible. How is it possible that the data is stored outside the companies’ facilities and that, in addition, this data can be distributed in different places or on a server owned by a third party, we may encounter legal barriers that make investigation difficult.
Depending on the type of cloud service, the difficulties will be when applying cloud forensics, always associated with the person ultimately responsible for data and software management:
- In the case of SaaS, or software as a service, both the software and data are permanently hosted in the cloud. The user accesses the applications directly in the cloud, so it will be the service provider who will be responsible for managing both this software and the data associated and generated by it.
- If we talk about PaaS, platform as a service, it is the owner of the platform who is responsible for the data and applications it contains, although he is not responsible for the storage, network, servers or operating system.
- As for IaaS, or infrastructure as a service, the infrastructure is hosted on a third-party cloud provider. That provider owns the network and storage, but the end service developer is partly responsible for the integrity of the data, middleware, applications, and operating system.
- Another big difference between both disciplines is that, in the traditional one, the environment is frozen while assets are seized for analysis. In the cloud it is not so simple because at the time of the analysis, the observed platform is not stable. There are many other processes and other users that are using the same hardware and resources that we intend to analyze.
- The analysis work will be, as we can imagine at this point, within the physical jurisdiction where that server is. If you are in another country, everything will depend on local legislation. However, there are means for tracking data such as, among others, billing data, transaction records and other data that cloud providers may have stored, and which may be decisive for the development of investigations.
In short, forensic analysis in the cloud is an evolution of traditional computer forensics that faces new challenges, but which, in the end, is very necessary in order to maintain higher levels of security in the cloud, as well as a security tool defense against cyber-attacks.