Article Preview
Top2. Background
The term cloud refers to an infrastructure that enables convenient, on-demand network access to a shared pool of resources (e.g., storage, networks, servers, applications and services) that can be rapidly provisioned and released (Mell & Grance, 2009). Cloud systems essentially compose a network of distributed clusters forming a pool of resources ready to be used from clients. The physical distance between the location of each cluster varies from some meters in one data center to thousands of kilometers between data centers located in different countries or even different continents. Thus, when someone uses a cloud, her data are distributed in a network of clusters around the world. To achieve distribution of data, cloud systems make use of a distributed file system (Thanh et al., 2008). Such distributed file systems include Google File System (GFS) (Ghemawat et al., 2003), Hadoop Distributed File System (HDFS) (Hadoop, n. d.), Cloudstore (formerly Kosmos File System) (Cloudstore, n. d.), Sector (Gu & Grossman, 2009) and Ceph (Weil et al., 2006).
Digital forensics in traditional computational environments is a subject thoroughly examined in the last decade. The procedures followed in order to gather digital evidence whilst ensuring admissibility in court (Meyers & Rogers, 2004), are described in standard operating procedures documentation such as the ACPO guidelines (ACPO, 2011). In addition, a variety of forensics acquisition tools has been developed (e.g., the Forensic Toolkit (FTK), EnCase and Foremost) which can automate, to some extent, the collection and analysis of evidence.
However data distribution and resource pooling in a cloud make the investigator’s work much more challenging than in a traditional computational environment as existing digital forensics tools seem inappropriate.
In addition, every country is governed by its own privacy policies and laws. Thus, gathering digital evidence from a cloud’s server that is located in a foreign country, outside of our jurisdiction area, could result in violating the country’s privacy protection legislation (Taylor et al., 2010; Garrison et al., 2010). Still, the legal procedure to gain access to evidence held in a public cloud may lead in acquiring wrong data and result into privacy violations. Grobauer and Schreck (2010) present incident handling issues in the cloud.