15Analysis of Cloud Digital Evidence
Irfan Ahmed and Vassil Roussev
University of New Orleans, New Orleans, LA, USA
15.1 Introduction
Analysis of digital evidence acquired from cloud computing deployments, which we refer to as cloud evidence analysis, is in its very early stages of development. It is still in its exploration and experimentation phase where new, ad hoc solutions are developed on a per‐case basis; efforts are made to map problems in the cloud domain to prior solutions; and, most of all, ideas for the future are put forward. In other words, the state of knowledge is quite immature, and that is well illustrated by the steady stream of recommendations – primarily from academia – on what should be done by providers and clients to make cloud forensics easier and better (for the existing toolset).
The goal of this chapter is to present a broad framework for reasoning about cloud forensics architectures and scenarios, and for the type of evidence they provide. We use this framework to classify and summarize the current state of knowledge, as well as to identify the blank spots and likely future direction of cloud forensics research and development.
15.1.1 Cloud Forensics as a Reactive Technology
Since our discussion is primarily focused on the technical aspects of analyzing cloud evidence (and not on legal concerns), we adopt the following technical definition of digital forensics (Roussev 2016):
Digital forensics is the process of reconstructing the relevant sequence ...
Get Security, Privacy, and Digital Forensics in the Cloud now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
