Challenges of Investigations in the Cloud

Introduction

Cloud computing is a technology that provides computing services (applications, databases, networking, servers, etc.) in exchange for payment [7]. As cloud computing continues to revolutionize the way organizations store and manage data, it also introduces new challenges in the field of digital forensics. Enter cloud forensics, a discipline of forensics that falls under the broad umbrella of digital forensics. Cloud forensics involves forensic techniques to investigate data that is distributed across the cloud environment [2]. With ubiquity in cloud implementation, new unique challenges for investigators arise. This short essay explores challenges in cloud forensics including restrictions on cloud systems infrastructure, data integrity and volatility, legal barriers, and tools along with the future of cloud forensics.

Cloud Infrastructure

With traditional computer systems, it is a more straightforward process to access digital evidence. However, when it comes to data and evidence in the cloud environment, investigators are met with resistance and restrictions. Cloud Service Providers (CSPs) manage cloud environments, which leaves customers and investigators with no physical access to hardware or control over the infrastructure[med]. This means that investigators must collaborate and rely on cloud providers to collect evidence for them, slowing down the forensic process [3]. On top of this, there may be instances where data is unavailable or deleted due to CSPs’ restrictions, policies, and/or inabilities [2, 5, 7]. Thus, the cloud forensics process will require more time as experts may need to recover and reconstruct crime related data.

Dynamic Environment

Naturally, cloud computing resides in a dynamic environment. This means that cloud resources are constantly and rapidly changing in an unpredictable manner. As a result, two challenges arise: data fragmentation and volatility. For efficiency and redundancy, cloud data is spread across multiple servers that can vary in location [2, 4, 5, 7]. Therefore, cloud forensic investigators are faced with the convolution of piecing together and pinpointing the source of data.

Additionally, the dynamic nature of cloud computing poses a threat to data integrity. In the cloud environment, data and evidence is constantly changing, being deleted, or overwritten, resulting in a short-lived nature of data [4]. As this process undergoes, data reliability and volatility are in question. Cloud volatility is the measurement of how fast data is removed from a system [4]. Having this risk results in complication in identifying, collecting, isolating, and preserving evidence. Investigators face the challenge of keeping up with revolving and revising data in the cloud. Special skills and tools are required to save evidence immediately to ensure safety and its authenticity.

Legal and Jurisdictional Challenge

Cloud data storage is borderless and can be spread through multiple locations. With a global company like Google, servers are located across the globe, with cloud data moving across them. With this in mind, investigators face the challenge of determining and traversing through multiple legal systems to access evidence stored within different countries [2, 4, 5, 7]. Consequently, cloud investigators will have to cater their processes to comply with legality and laws of each jurisdiction.

Tools…or lack thereof

There are several tools that can be utilized for cloud forensics. However, none of these tools are officially “standardized” but are widely recognized and universally agreed upon. Some examples of these include Cado, Cloudtrail AWS, and Google Cloud Forensics Utils [1]. Statistics suggest that 94% of organizations worldwide incorporate cloud into their operations in 2024 [6]. This is alarming because a large portion of the organizations use cloud in some way or form but have little to no standardized cloud forensic tools and procedures [2, 5]. Therefore, these inconsistencies impact evidence reliability and consistency of investigations.

Future of Cloud Forensics

The future of digital forensics in the cloud environment will rely heavily on the growth of technology and threats. Organizations should invest in forensic tools that are unique to cloud computing, ensuring they are adequately prepared for the challenges to overcome [1]. It is also beneficial that clear forensic policies are equipped with guidelines on how investigations should be conducted in the cloud environment [1]. This guarantees that the investigative process handles, acquires, and accesses data properly all while meeting legal requirements. Furthermore, the ever-growing landscape of cloud computing calls for continuous adaptation and learning [1]. Organizations should look to embrace continuous learning to be better equipped for challenges likely to emerge in the cloud environment. As cloud continues to be adopted by organizations, cybersecurity as a whole must welcome the benefits and embrace the new-frontiers in safeguarding cyberspace.

With the advent of cloud computing, investigators may find it hard to keep up with the speed of cloud’s changing topography. To combat this, technology such as Artificial Intelligence (AI) and Machine Learning (ML) can be utilized for enhanced forensics speed and automation [1]. The benefits of implementing AI in the forensic space is that it has the ability to process patterns and distinguish anomalies much better with a larger data pool, all while being faster than humans. Advanced techniques like this coupled with automated techniques like automated incident response, will help aid investigators in closing the gap with cloud computing.

Conclusion

Cloud forensics is a critical and evolving field in the broader domain of digital forensics. As more and more organizations shift their data and services to the cloud environment, it is crucial that forensics processes, tools, and standards are up to date to combat the unique challenges cloud computing presents. Limited access to cloud infrastructure, data volatility, multi-jurisdictional issues, and lack of standardized tools threaten digital forensic investigations and offer enhanced evasion for adversaries. We look to the future to implement standardized frameworks and tools that are designed to cater directly to the unique problems in the cloud environment along with using AI to push automation and investigative speeds. It is imperative that skilled cloud forensic professionals are able to navigate through the complexities of cloud environments to ensure a proper investigation, especially since cloud is so integrated into the world today.

References

[1] Admin. (2024, September 13). Future of Cloud Digital Forensics: Innovations & Solutions. ecsInfotech. https://www.ecsinfotech.com/cloud-digital-forensics-challenges-and-innovations/

[2] Alenezi, A. M. (2023, May 3). Digital and Cloud Forensic Challenges. arXiv. https://arxiv.org/pdf/2305.03059

[3] Digital Forensics in the cloud vs on Prem. Investigation & Response Automation. (n.d.). https://www.cadosecurity.com/wiki/digital-forensics-in-the-cloud-vs-on-prem

[4] Egho-Promise, E., Idahosa, S., Asante, G., & Okungbowa, A. (2024, April 29). Digital Forensic Investigation Standards in Cloud Computing. Universal Journal of Computer Sciences and Communications. https://www.scipublications.com/journal/index.php/ujcsc/article/view/923

[5] InfoSecTrain. (2024, March 20). What are the Challenges of Cloud Forensics?. Medium. https://medium.com/@Infosec-Train/what-are-the-challenges-of-cloud-forensics-f2b1d85187db

[6] Pangarkar, T. (2024, June 4). Cloud computing statistics 2024 by Resource, Technology, Servers. Market.us Scoop. https://scoop.market.us/cloud-computing-statistics/

[7] Tidmarsh, D. (2022, September 2). What do you need to know about cloud forensics? . Cybersecurity Exchange. https://www.eccouncil.org/cybersecurity-exchange/computer-forensics/what-is-cloud-forensics/