•  
  •  
 

Prior Publisher

The Association of Digital Forensics, Security and Law (ADFSL)

Abstract

The numerous advantages offered by cloud computing has fuelled its growth and has made it one of the most significant of current computing trends. The same advantages have created complex issues for those conducting digital forensic investigations. Digital forensic investigators rely on the ACPO (Association of Chief Police Officers) or similar guidelines when conducting an investigation, however the guidelines make no reference to some of the issues presented by cloud investigations. This study investigates the impact of cloud computing on ACPO’s core principles and asks whether these principles can still be applied in a cloud investigation and the challenges presented thereof. We conclude that the ACPO principles can generally be upheld but that additional precautions must be taken throughout the investigation.

References

7Safe. (2011) Computer Forensics Services. Retrieved April 18, 2012, from http://7safe.com/computer_forensics.html

Adelstein, F. (2006) Live forensics: diagnosing your system without killing it first. Communications of the ACM, 49(2), 63-66.

Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., Lee, G., Patterson, D., Rabkin, A., Stoica, I. & Zaharia, M. (2009) Above the Clouds: A Berkeley View of Cloud Computing. Electrical Engineering and Computer Sciences, University of California at Berkeley Technical Report No. UCB/EECS-2009-28. Retrieved April 18, 2012, from http://www.eecs.harvard.edu/cs261/papers/armbrust09.pdf

Association of Chief Police Officers (ACPO). (1998). Good Practice Guide For Computer Based Evidence. Kent: ACPO Crime Committee.

Association of Chief Police Officers (ACPO). (2007). Good Practice Guide for Computer based Electronic Evidence. Retrieved April 18, 2012, from http://www.7safe.com/electronic_evidence/ACPO_guidelines_computer_evide nce.pdf

Badger, L., Grance, T., Patt-Corner, R., & Voas, J. (2011). DRAFT Cloud Computing Synopsis and Recommendations. NIST Special Publication 800- 146. Gaithersburg, MD: National Institute of Standards and Technology.

Barbara, J.J. (2005). Digital evidence accreditation in the corporate and business environment. Journal of Digital investigation, 2(2), 137-146.

Beebe, N. (2009) Digital Forensic Research: The Good, The Bad and the Unaddressed, In: G. Peterson & S. Shenoi (eds), Advances in Digital Forensics V, IFIP AICT 306. Germany: Springer, pp. 17-36.

Bem, B. & Huebner, E. (2007). Computer Forensic Analysis in a virtual environment. International Journal of Digital Evidence, 6(2). Retrieved April 18, 2012, from http://www.utica.edu/academic/institutes/ecii/publications /articles/1C349F35-C73B-DB8A-926F9F46623A1842.pdf

Biggs, S. & Vidalis, S. (2009). Cloud computing: The impact on digital forensic investigations. In Proceedings of the international conference for Internet technology and secured transactions, pp. 1-6.

Birk, D. & Wegener, C. (2011). Technical Issues of Forensic Investigations in Cloud Computing Environments. In Proceedings of the 6th International Workshop on Systematic Approaches to Digital Forensic Engineering, Oakland, CA.

Brodkin, J. (2008). Gartner: Seven cloud-computing security risks. Retrieved April 18, 2012, from http://www.networkworld.com/news/2008/070208- cloud.html

Casey, E. (2011). Digital Evidence and Computer Crime, 3rd ed. New York: Academic Press.

Casey, E., & Stellatos, G. J. (2008). The impact of full disk encryption on digital forensics. SIGOPS Operating Systems Review, 42(3), 93-98.

Chen, Y., Paxson, V. & Katz, R. H. (2010). What’s new about cloud computing security? Technical Report UCB/EECS-2010-5, EECS Department, University of California, Berkeley.

Computer Forensic Alliance (CFA). (2009). Computer Forensic Investigations. Retrieved April 18, 2012, from http://www.cfauk.com /Computer%20Forensics%20Page.htm

Cunningham, P. (2009). Three cloud computing risks to consider. Retrieved April 18, 2012, from http://www.arma.org/press/ARMAnews/Infosecurity.pdf

Disklabs. (2008). Computer Forensics. Retrieved April 18, 2012, from http://www.disklabs.com/computer-forensics.asp

European Network and Information Security Agency (ENISA). (2009). Cloud Computing. Benefits, risks and recommendations for information security. Retrieved April 18, 2012, from http://www.enisa.europa.eu/act/rm/files /deliverables/cloud-computing-risk-assessment

Evernote Corporation. (2010). Evernote. [Online]. Retrieved April 18, 2012, from http://www.evernote.com/

Frowen, A. (2010). Cloud Computing and Computer Forensics. Retrieved April 18, 2012, from http://www.intaforensics.com/Blog/Cloud-ComputingAnd-Computer-Forensics.aspx

Hesser, W., Feilzer, A., & de Vries, H. (2010). Standardisation in Companies and Markets, 3rd ed. Helmut-Schmidt-Universität, Hamburg.

Home Office. (2008). The Forensic Science Regulator Business Plan 2008/09 – 2010/11. Retrieved April 18, 2012, from http://www.homeoffice.gov.uk /publications/police/operational-policing/Forensic_Science_Regulator_3.pdf

Home Office. (2010). Quality Standards Codes of Practice. Second Consultation Draft, July 2010. Retrieved April 18, 2012, from http://www.homeoffice.gov.uk/publications/police/forensic-scienceregulator1/quality-standards-codes-practice

Janes, S. (2006). The effective response to computer crime. Retrieved April 18, 2012, from http://www.computerweekly.com/Articles/2006/03/21/214830/Theeffective-response-to-computer-crime.htm

Jansen, W. & Ayers, R. (2007). Guidelines on Cell Phone Forensics. NIST Special Publication 800-101. Gaithersburg, MD: National Institute of Standards and Technology.

Joint, A., Baker, E. & Eccles, E. (2009). Hey, you, get off of that cloud? Computer Law & Security Review, 25(3), 270-274.

Jones, A. & Valli, C. (2009). Building a Digital Forensic Laboratory. Burlington, MA: Elsevier.

Jones, N. (2004). Training and accreditation – who are the experts? Journal of Digital Investigation, 1(3), 189-194.

Marshall, A. (2008). Digital Forensics: Digital Evidence in Criminal Investigations. Chichester: John Wiley & Sons, Ltd.

Mason, S. (ed.). (2008). International Electronic Evidence. London: British Institute of International and Comparative Law.

Mell, P. & Grance, T. (2011). The NIST Definition of Cloud Computing. NIST Special Publication 800-145. Gaithersburg, MD: National Institute of Standards and Technology.

Metropolitan Police Authority (MPA). (2001). The Virdi Inquiry Report. Retrieved April 18, 2012, from http://www.mpa.gov.uk/downloads/scrutinites /virdi/virdi-report-01a.pdf

Meyers, M. & Rogers, M. (2004). Computer Forensics: The Need for Standardisation and Certification. International Journal of Digital Evidence, 3(2). Retrieved April 18, 2012, from http://www.tech.purdue.edu/Cpt/Courses /TECH581A/meyersrogers_ijde.pdf

Mullins, R. (2010). IDC Survey: Risk In The Cloud. Retrieved April 18, 2012, from http://www.networkcomputing.com/cloud-computing/229501529

Navetta, D. (2009). Legal Implications of Cloud Computing – Part One (the Basics and Framing the Issues). Retrieved April 18, 2012, from http://www.infolawgroup.com/2009/08/tags/security/legal-implications-ofcloud-computing-part-one-the-basics-and-framing-the-issues/

NIST. (2011). Cloud Computing at NIST: Two New Draft Documents and a Wiki. Retrieved April 18, 2012, from http://www.nist.gov/itl/csd/cloud- 020111.cfm

Owen, P. & Thomas, P. (2009). Analysis of the Methodology used in Digital Forensic Examinations – Mobile Devices Vs Computer Hard Disk. In Proceedings of the 3rd International Conference on Cybercrime Forensics Education and Training. Canterbury, Canterbury Christ Church University, 1-2 September 2009.

Qamar, S., Lal, N. & Singh, M. (2010). Internet Ware Cloud Computing: Challenges. International Journal of Computer Science and Information Security, 7(3), 206-210.

Qureshi, A. (2008). Plugging Into Energy. In Proceedings of the 7th ACM Workshop on Hot Topics in Networks (HotNets). Calgary, Canada, October 2008.

Reilly, D., Wren, C., & Berry, T. (2011). Cloud Computing: Pros and Cons for Computer Forensic Investigations. International Journal of Multimedia and Image Processing (IJMIP), 1(1-2), 26-34.

Schwerha, J.J. (2008). Why computer forensic professionals shouldn’t be required to have private investigator licenses. Journal of Digital Investigation, 5(1-2), 71-72.

Shipley, T.G. (2009). Collection of Evidence from the Internet, Part 2. Retrieved April 18, 2012, from http://www.dfinews.com/article/collectionevidence-internet-part-2?pid=778

Taylor, M., Haggerty, J., Gresty, D. & Lamb, D. (2011). Forensic investigation of cloud computing systems. Network Security, 2011(3), 4-10.

Turner, M.J.L. (2001). Case of Sergeant Gurpal Virdi. Computers and Law, 6(11). Retrieved April 18, 2012, from http://www.computerevidence.co.uk /Cases/Virdi/Articles/Virdi.htm

U.S. Department of Justice (USDOJ). (2009). Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations. Retrieved April 18, 2012, from http://www.lb9.uscourts.gov/webcites /08documents/CDT_cyber.pdf

U.S. Internet Service Provider Association (USISPA). (2003). Electronic Evidence Compliance – A guide For Internet Service Providers. Berkeley Technology Law Journal, 18, 945-986.

United States Secret Service (USSS). (2006). Best practices for seizing electronic Evidence v.3. US Department of Homeland Security. Retrieved April 18, 2012, from http://info.publicintelligence.net/usssbestpractices.pdf

Yasinsac, A., Erbacher, R.F., Marks, D.G., Pollitt, M.M., & Sommer, M.S. (2003). Computer Forensic Education. IEEE Security and Privacy, 1(4), 15-23.

Young, T. (2007). Digital forensics lack standards. Retrieved April 18, 2012, from http://www.computing.co.uk/ctg/news/1838051/digital-forensics-lackstandards

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.