Cloud Computing and Network Forensics in the Eyes of Computer Forensic Examiner
By Samuel Amoah CCE, CEH, CEI, MCT, NPFAT
President, CFG Computer Forensics Inc.
Brampton. Ontario. Canada
|
Technology, keeps amazing me. It changes so rapidly that sometimes before one catches up to it; it has evolved to a newer phase, with a whole new set of changes from the previous. This means Users have to keep spending money to keep up, end result being nagging, complaining, and a lot of money spent. This is a form of a vicious cycle that keeps turning. It is through this array of unending expenditure that has brought forth what is now called "Cloud computing".
Cloud computing allows the user to use all resources he/she would otherwise have invested to install on his local machine on a server located somewhere deemed the cloud. This includes storage space, application usage, social networking, etc.., for a fee. The computer user does not have to worry about hard drive crashing, data being stolen from computer, etc. Just pay a fee and you are good to go. Files and application are accessed through the web. This implies all one needs is internet access and an access medium, which could be a portable handheld device, smart phones, or a basic computer.
Many organizations and individuals are already using this technology and have realized its great benefits of being hassle free. However, we may pause to ask ourselves a few questions; do we know where our data is physically located? Do we know how secured our records are? How do we investigate an event should some breach occur? Are we in compliance with Legislation and regulations such as; SOX, HIPPA, etc? As a network administrator in an organization, how much grasp do you have on controls, security and function? These are some of the questions we have to keep asking ourselves. As Computer Forensic Examiners, what do we do to access data that are breached for analysis? Is a search warrant issued in your jurisdiction going to be honored by the location where the servers are located? What limitations are you going to face? Do countries have treaties that will allow cross border search warrants to be executed?
Before we go through all the impediments that might be in the way of investigations, Network Forensics might be a prime solution to buttress your case for further searches. Network Forensics in a conventional way, is the analysis of network traffic logs for tracing events that have occurred. The logs may reveal source and destination IP addresses of systems in question, as well as time stamps and event that occurred, with the type of transaction that took place. This will sometimes lead to dead end, rendering investigations useless. Evidence in question never gets discovered and culprits walk away free, while the victim loses out. E.g. is a case of corporate espionage.
The best way to deal with impediments in cloud computing investigation is to have lawful interception of data crossing the corporate boundaries to the cloud. This is the collection of raw data packet at the data link layer by intelligent tools, namely, Decision Group's E-Detective Capturing Tool and the E-detective Data Decoding Center tool, which decodes raw data in real time and offline as well, into various web application formats. There are other cost effective and easy to use tools by Decision Group that will provide total compliance solutions to companies and law enforcement agencies that are faced with the same impediments I have mentioned.
We cannot revert to the old way of doing things on our network. Cloud computing is a technology of now and it is going to be on the increase with time. We have to be able to adjust to investigating data that has ever crossed the network through the internet to the cloud.
Do we have what it takes to do the job? I believe we all would have to adjust to meet the present test of time. In my next presentation, I will talk about Network Packet Forensics and evidence handling, and how to make it acceptable in the court of Law. I will be back.
|
Samuel Amoah.
Certified Computer Examiner, Network Packet Forensics Examiner, Private Investigator.
Partner of Decision Group
|
|
|