The Association of Digital Forensics, Security and Law (ADFSL)
The numerous advantages offered by cloud computing has fuelled its growth and has made it one of the most significant of current computing trends. The same advantages have created complex issues for those conducting digital forensic investigations. Digital forensic investigators rely on the ACPO (Association of Chief Police Officers) or similar guidelines when conducting an investigation, however the guidelines make no reference to some of the issues presented by cloud investigations. This study investigates the impact of cloud computing on ACPO’s core principles and asks whether these principles can still be applied in a cloud investigation and the challenges presented thereof. We conclude that the ACPO principles can generally be upheld but that additional precautions must be taken throughout the investigation.
7Safe. (2011) Computer Forensics Services. Retrieved April 18, 2012, from http://7safe.com/computer_forensics.html
Adelstein, F. (2006) Live forensics: diagnosing your system without killing it first. Communications of the ACM, 49(2), 63-66.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I. & Zaharia, M. (2009) Above the Clouds: A Berkeley View of Cloud Computing. Electrical Engineering and Computer Sciences, University of California at Berkeley Technical Report No. UCB/EECS-2009-28. Retrieved April 18, 2012, from http://www.eecs.harvard.edu/cs261/papers/armbrust09.pdf
Association of Chief Police Officers (ACPO). (1998). Good Practice Guide For Computer Based Evidence. Kent: ACPO Crime Committee.
Association of Chief Police Officers (ACPO). (2007). Good Practice Guide for Computer based Electronic Evidence. Retrieved April 18, 2012, from http://www.7safe.com/electronic_evidence/ACPO_guidelines_computer_evide nce.pdf
Badger, L., Grance, T., Patt-Corner, R., & Voas, J. (2011). DRAFT Cloud Computing Synopsis and Recommendations. NIST Special Publication 800- 146. Gaithersburg, MD: National Institute of Standards and Technology.
Barbara, J.J. (2005). Digital evidence accreditation in the corporate and business environment. Journal of Digital investigation, 2(2), 137-146.
Beebe, N. (2009) Digital Forensic Research: The Good, The Bad and the Unaddressed, In: G. Peterson & S. Shenoi (eds), Advances in Digital Forensics V, IFIP AICT 306. Germany: Springer, pp. 17-36.
Bem, B. & Huebner, E. (2007). Computer Forensic Analysis in a virtual environment. International Journal of Digital Evidence, 6(2). Retrieved April 18, 2012, from http://www.utica.edu/academic/institutes/ecii/publications /articles/1C349F35-C73B-DB8A-926F9F46623A1842.pdf
Biggs, S. & Vidalis, S. (2009). Cloud computing: The impact on digital forensic investigations. In Proceedings of the international conference for Internet technology and secured transactions, pp. 1-6.
Birk, D. & Wegener, C. (2011). Technical Issues of Forensic Investigations in Cloud Computing Environments. In Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, CA.
Brodkin, J. (2008). Gartner: Seven cloud-computing security risks. Retrieved April 18, 2012, from http://www.networkworld.com/news/2008/070208- cloud.html
Casey, E. (2011). Digital Evidence and Computer Crime, 3rd ed. New York: Academic Press.
Casey, E., & Stellatos, G. J. (2008). The impact of full disk encryption on digital forensics. SIGOPS Operating Systems Review, 42(3), 93-98.
Chen, Y., Paxson, V. & Katz, R. H. (2010). What’s new about cloud computing security? Technical Report UCB/EECS-2010-5, EECS Department, University of California, Berkeley.
Computer Forensic Alliance (CFA). (2009). Computer Forensic Investigations. Retrieved April 18, 2012, from http://www.cfauk.com /Computer%20Forensics%20Page.htm
Cunningham, P. (2009). Three cloud computing risks to consider. Retrieved April 18, 2012, from http://www.arma.org/press/ARMAnews/Infosecurity.pdf
Disklabs. (2008). Computer Forensics. Retrieved April 18, 2012, from http://www.disklabs.com/computer-forensics.asp
European Network and Information Security Agency (ENISA). (2009). Cloud Computing. Benefits, risks and recommendations for information security. Retrieved April 18, 2012, from http://www.enisa.europa.eu/act/rm/files /deliverables/cloud-computing-risk-assessment
Evernote Corporation. (2010). Evernote. [Online]. Retrieved April 18, 2012, from http://www.evernote.com/
Frowen, A. (2010). Cloud Computing and Computer Forensics. Retrieved April 18, 2012, from http://www.intaforensics.com/Blog/Cloud-ComputingAnd-Computer-Forensics.aspx
Hesser, W., Feilzer, A., & de Vries, H. (2010). Standardisation in Companies and Markets, 3rd ed. Helmut-Schmidt-Universität, Hamburg.
Home Office. (2008). The Forensic Science Regulator Business Plan 2008/09 – 2010/11. Retrieved April 18, 2012, from http://www.homeoffice.gov.uk /publications/police/operational-policing/Forensic_Science_Regulator_3.pdf
Home Office. (2010). Quality Standards Codes of Practice. Second Consultation Draft, July 2010. Retrieved April 18, 2012, from http://www.homeoffice.gov.uk/publications/police/forensic-scienceregulator1/quality-standards-codes-practice
Janes, S. (2006). The effective response to computer crime. Retrieved April 18, 2012, from http://www.computerweekly.com/Articles/2006/03/21/214830/Theeffective-response-to-computer-crime.htm
Jansen, W. & Ayers, R. (2007). Guidelines on Cell Phone Forensics. NIST Special Publication 800-101. Gaithersburg, MD: National Institute of Standards and Technology.
Joint, A., Baker, E. & Eccles, E. (2009). Hey, you, get off of that cloud? Computer Law & Security Review, 25(3), 270-274.
Jones, A. & Valli, C. (2009). Building a Digital Forensic Laboratory. Burlington, MA: Elsevier.
Jones, N. (2004). Training and accreditation – who are the experts? Journal of Digital Investigation, 1(3), 189-194.
Marshall, A. (2008). Digital Forensics: Digital Evidence in Criminal Investigations. Chichester: John Wiley & Sons, Ltd.
Mason, S. (ed.). (2008). International Electronic Evidence. London: British Institute of International and Comparative Law.
Mell, P. & Grance, T. (2011). The NIST Definition of Cloud Computing. NIST Special Publication 800-145. Gaithersburg, MD: National Institute of Standards and Technology.
Metropolitan Police Authority (MPA). (2001). The Virdi Inquiry Report. Retrieved April 18, 2012, from http://www.mpa.gov.uk/downloads/scrutinites /virdi/virdi-report-01a.pdf
Meyers, M. & Rogers, M. (2004). Computer Forensics: The Need for Standardisation and Certification. International Journal of Digital Evidence, 3(2). Retrieved April 18, 2012, from http://www.tech.purdue.edu/Cpt/Courses /TECH581A/meyersrogers_ijde.pdf
Mullins, R. (2010). IDC Survey: Risk In The Cloud. Retrieved April 18, 2012, from http://www.networkcomputing.com/cloud-computing/229501529
Navetta, D. (2009). Legal Implications of Cloud Computing – Part One (the Basics and Framing the Issues). Retrieved April 18, 2012, from http://www.infolawgroup.com/2009/08/tags/security/legal-implications-ofcloud-computing-part-one-the-basics-and-framing-the-issues/
NIST. (2011). Cloud Computing at NIST: Two New Draft Documents and a Wiki. Retrieved April 18, 2012, from http://www.nist.gov/itl/csd/cloud- 020111.cfm
Owen, P. & Thomas, P. (2009). Analysis of the Methodology used in Digital Forensic Examinations – Mobile Devices Vs Computer Hard Disk. In Proceedings of the 3rd International Conference on Cybercrime Forensics Education and Training. Canterbury, Canterbury Christ Church University, 1-2 September 2009.
Qamar, S., Lal, N. & Singh, M. (2010). Internet Ware Cloud Computing: Challenges. International Journal of Computer Science and Information Security, 7(3), 206-210.
Qureshi, A. (2008). Plugging Into Energy. In Proceedings of the 7th ACM Workshop on Hot Topics in Networks (HotNets). Calgary, Canada, October 2008.
Reilly, D., Wren, C., & Berry, T. (2011). Cloud Computing: Pros and Cons for Computer Forensic Investigations. International Journal of Multimedia and Image Processing (IJMIP), 1(1-2), 26-34.
Schwerha, J.J. (2008). Why computer forensic professionals shouldn’t be required to have private investigator licenses. Journal of Digital Investigation, 5(1-2), 71-72.
Shipley, T.G. (2009). Collection of Evidence from the Internet, Part 2. Retrieved April 18, 2012, from http://www.dfinews.com/article/collectionevidence-internet-part-2?pid=778
Taylor, M., Haggerty, J., Gresty, D. & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.
Turner, M.J.L. (2001). Case of Sergeant Gurpal Virdi. Computers and Law, 6(11). Retrieved April 18, 2012, from http://www.computerevidence.co.uk /Cases/Virdi/Articles/Virdi.htm
U.S. Department of Justice (USDOJ). (2009). Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations. Retrieved April 18, 2012, from http://www.lb9.uscourts.gov/webcites /08documents/CDT_cyber.pdf
U.S. Internet Service Provider Association (USISPA). (2003). Electronic Evidence Compliance – A guide For Internet Service Providers. Berkeley Technology Law Journal, 18, 945-986.
United States Secret Service (USSS). (2006). Best practices for seizing electronic Evidence v.3. US Department of Homeland Security. Retrieved April 18, 2012, from http://info.publicintelligence.net/usssbestpractices.pdf
Yasinsac, A., Erbacher, R.F., Marks, D.G., Pollitt, M.M., & Sommer, M.S. (2003). Computer Forensic Education. IEEE Security and Privacy, 1(4), 15-23.
Young, T. (2007). Digital forensics lack standards. Retrieved April 18, 2012, from http://www.computing.co.uk/ctg/news/1838051/digital-forensics-lackstandards
Lallie, Harjinder S. and Pimlott, Lee
"Applying the ACPO Principles in Public Cloud Forensic Investigations,"
Journal of Digital Forensics, Security and Law: Vol. 7
, Article 5.
Available at: http://commons.erau.edu/jdfsl/vol7/iss1/5