Cloud network
NIST Calls for Standards in Cloud Forensics
The National Institute of Standards and Technology has released a report indicating how law enforcers and cloud service providers can benefit from having standard operating procedures for the technology.
According to NIST, forensic examiners extracting information from cloud logs can only rely on the testimony of representatives of the provider, Nextgov reported Thursday.
“In many cases, these individuals are custodians of the records but do not have detailed knowledge of technologies or actual records that might be found if sought after," the report said.
NIST said it would be beneficial for providers to not keep such records or have custodians with limited knowledge as they might become involved in the case for finding and processing extra records.
Martin Herman, NIST's senior adviser for forensics and information technology, added that such an arrangement would require the provider to use more resources in both manpower and computational power.
“If there were more standards, including interoperability standards, then the cloud providers wouldn’t be asked to do as much work during forensic investigations. It would be easier for outside forensic investigators to do the work instead,” Herman said.
Cloud providers, according to NIST, are also reluctant to share data in storage media as to not reveal the specifics of their operations. The agency noted that such data cannot be seized and can only be collected in real-time through sensors.
NIST's report identified a total of 62 challenges for forensics in cloud environments, many of which the agency said will need technological, organizational and legal fixes.
Standards for cloud forensics are “necessary to support the U.S. criminal justice and civil litigation systems as well as to provide capabilities for security incident response and internal enterprise operations,” NIST concluded.
Category: Future Trends