NIST issued the final publication of – NISTIR 8006, NIST Cloud Computing Forensic Science Challenges, which defines and discusses a set of challenges related to achieving effective cloud computing forensics. Mitigating these challenges is important for cloud-based system owners, cloud forensic tool developers, and forensic investigators, as well as for the development of forensic-ready solutions. NIST’s effort will support the criminal justice and civil litigation systems and provide capabilities for security incident response and internal enterprise operations, according to a NIST release.
NISTIR 8006 includes a preliminary analysis of the challenges by addressing (1) the relationship between each challenge and the five essential characteristics of cloud computing as defined by the NIST cloud computing model, (2) how the challenges correlate to cloud technology by considering their relationship to the Cloud Security Alliance’s Enterprise Architecture, (3) the nine categories to which the challenges belong, and (4) the potential results of overcoming each challenge.
NISTIR 8006 provides some analysis of logging data, data in media, and issues associated with time, location, and sensitive data. This publication is intended to initiate dialogue within the cloud computing community to understand forensic science concerns and challenges in cloud ecosystems and identify the technologies and standards that can mitigate these challenges.
Finally, NISTIR 8006 summarizes the research performed by the members of the NIST Cloud Computing Forensic Science Working Group, and aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem. The challenges are presented along with the associated literature that references them.
The immediate goal of the document, NIST said, is to begin a dialogue on forensic science concerns in cloud computing ecosystems. The long-term goal of this effort is to gain a deeper understanding of those concerns challenges and to identify technologies and standards that can mitigate them.
NISTIR 8006 (DOI)