Network Forensics in Cloud Computing Essay - 1100 Words

Network Forensics in Cloud Computing (Essay Sample) Content: Network Forensics in the CloudStudentà ¢Ã¢â€š ¬s NameInstitutional AffiliationDateIntroductionCloud computing presents many favourable economic and technological opportunities for the future thereby being arguably the most discussed and attended to information technology (Peterson, Shenoi, 2009). However, customers remain reluctant to use this technology for the challenges it poses to their security and the risk of the unknown. The Cloud Service Providers buoy up the perception of not letting users see whatever is behind the à ¢Ã¢â€š ¬Ã‹Å"virtual curtainà ¢Ã¢â€š ¬ and to this regard the ability to carry out digital investigations may be less efficient.The challenges of performing network forensics are presented due to the decentralization nature of data processing and lack of physical servers making the traditional approaches redundant. The examined challenges in network forensics in cloud infrastructures are as below;Internal StaffingThe expertise required to han dle sophisticated cloud forensic crimes is lacking in many institutions since most investigations are conducted by digital forensic experts using conventional tools and procedures applied traditionally. Laws and regulations are slowly evolving with respect to swiftly changing cloud technologies (Peterson, Shenoi, 2013).Data CollectionThe forensic data accessed is dependent on the cloud model that is implemented in every service and deployment model. For instance; Infrastructure as a service (IaaS) clients have a comparatively unrestricted access to the statistics forensic investigators consider sufficient. On the other hand, the clients to software as a service (SaaS) will be provide with limited or no access to such information.This limited access to forensic information means that users of systems have limited knowledge and control of the physical locations of their data. The providers of cloud service omit the terms of use that would assist forensic preparedness of the cloud ser vice (DeFranco, 2013). This limited access to metadata and log files by customers also reduces the ability to carry à ¢Ã¢â€š ¬ out real time monitoring and auditing.Live ForensicsThe spread of mobile endpoints is a challenge for the collection of evidence and recovery of data and this is due to the impact of a crime, extensive number of resources linked to the cloud, and the workload of an investigation being considerable. The traditional forensics faces the challenge of disparate log formats and this is aggravated by cloud since there is prevalence of proprietary log formats and it holds large volumes of data logs.Since deleted data is sensitive to forensic investigations then remote access is hardly possible when the customer deletes data and there is no mapping. The challenge therefore presented here is to recover the data deleted so as to ascertain ownership of the deleted information and the use of the information for cloud event reconstruction in the cloud.Virtualized Enviro nmentsThe replication and distribution of resources provides computational and information redundancies in cloud computing. A hypervisor, which is an equivalent to a kernel in a traditional operating system provides and monitors the instances of servers run as virtual machines. Difficulties arise when there is no transparency in data mirroring over numerous machines in different jurisdictions. Regulations and laws might be violated due to unclear information laws in different jurisdictions. Precise geographical location of a piece of data is difficult to be provided by the cloud service providers.External Dependency LinksEach individual link in the dependency chain should be investigated and since correlation across the cloud service providers is a task any slight disruption among the parties could lead to complications. The policies, procedures, and agreements that concerns cross à ¢Ã¢â€š ¬ provider forensic investigations are virtually absent.Segregation of EvidenceDifferent inst ances running on a single physical machine are isolated in the cloud and from each other through virtualization. This being, neighbours of an instance act as if they are on separate hosts and have no more access to the instance than any other host available on the internet.The bottle à ¢Ã¢â€š ¬ neck is posed during investigations when law enforcement agencies and Cloud Service Providers need to segregate resources without the breach of confidentiality of other customers sharing the infrastructure. In addition, identity cover up is aided by the easy to use feature leading to weak registration and encourages anonymity (Voeller, 2011).On the other hand, there are numerous opportunities presented that forensic investigators can use as leverage for further advancements. These might include;Data ProfusionTechnologies such as the Amazon Simple DB and Amazon S3 store objects multiple times in multiple availability zones on the first write. The further replication of these objects minimizes the risk of failure due to bit rot and device unavailability and also limiting the likelihood of vital evidence being totally deleted.Flexibility and scalabilityThe use of resources in cloud computing is dynamic and can be scaled also applying to network forensics. For instance; cloud computing allows all-inclusive logging without compromise on performance through essentially unlimited pay per use storage. This also increases the efficiency of querying, searching, and indexing...