Wait a second!
More handpicked essays just for you.
More handpicked essays just for you.
Cloud-related forensic techniques
Don’t take our word for it - see why 10 million students trust us with their essay needs.
Recommended: Cloud-related forensic techniques
As ISO/IEC 27037 addresses the process of how the digital evidences are to be handled but all these processes addresses the traditional digital environment. But as with the development of cloud the scenario has changed a lot. Cloud computing brings new challenges in front of investigators. These challenges may include various issues like virtualization of servers to multiple locations, dependence on CSP for access to logs etc.
So in the document “Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing” which has been given by the incident management and forensics working group of Cloud Security Alliance, an organization dedicated to development and improving cloud. This document has tried to address the issues relating to how to handle evidence in cloud environment. Also they have tried to explain how ISO/IEC 27037 can be used effectively in cloud environment. Using this document i have tried to explain how to mitigate the impact that cloud is having on computer forensics. So with reference to that document I have tried to explain the identification, collection, acquisition and preservation of evidence from the cloud environment.
There are four stages as mentioned in the ISO 27037 for the purpose of evidence collection and analysis identification, collection, acquisition and preservation. So here we will be addressing all these methods in the cloud computing environment[21].
5.1.1 Identification
Identification of objects which can be used as potential evidences is the initial stage of investigation. In standard environment it is very much easy to identify any device or object that can be used as an evidence. But in case of cloud this is not so easy. So with reference to this document solution to this problem has been suggested.
Documents or devices that can be identified as potential evidences vary according to the service layers as cloud provides three types of services SaaS, PaaS and IaaS.So for each of these service layers identifying the evidences and the sources which can be used as an evidence will be different.
In software as a service (SaaS) layer following can be identified as evidences
• Application logs
• Session logs
• IP addresses
• Activity logs
All these mentioned above can be used as potential evidences for investigation purpose. As application logs will store information about what activity has been performed by these applications, who has used that application etc. Session logs will store information relating to sessions time when the session has been created and terminated. IP address of user can be used as an evidence as it will tell us who was the user and from which location that service has been used.
Evidence analysis and ranging is the most crucial stage of investigation. The success of the case exposure lies in the gradual evidence research and collecting prior to the laboratory analysis. The CSI systematically makes his way through the crime scene collects all potential evidence, tagging, logging and packaging so it remains intact on its way to the lab. Depending on the task breakdown of the CSI unit he may or may not analyze the evidence in the lab.
He acknowledges that criminal justice information needs good security because it is information about citizens, often at their most distressed and vulnerable. “Imagine if someone hacked and even edited video of alleged criminals before they were even charged or of child victims describing their attackers.” He notes that with all of the state and local law enforcement officers in the United States, the data requirement will be huge. The only system that can sustain such a requirement with the latest, most flexible technology would be the cloud. The cloud does pose security risks; however, the FBI has issued a policy that addresses both security and privacy issues.
The first and most important step in the entire process for collecting evidence is to document the scene. It is extremely critical that an investigator capture as accurate a depiction of a crime scene as possible (Solomon, Rudolph, Tittel, Broom, & Barrett, 2011). This can be accomplished in a number of ways. These include taking a photograph of the scene to preserve the original image of the scene for a judge and jury. Investigators can also take images of a computer system. It is necessary to take hash images of volatile data first as volatile data relies on a constant flow of electricity to keep in system memory. Things that are considered volatile are registers, the system casche, routing tables, kernel statistics, memory, temporary file systems, disks and archived media (Soloman, Rudolph, Tittel, Broom, & Barrett, 2011). The first thing an investigator s...
Evidence essentially comes in two forms: verbal or physical. For instance, verbal evidence could be spoken evidence acquired from a wiretap. Physical evidence could include DNA, blood, or bodily samples. Another reliable origin evidence is digital documentation. “As technology has become more portable and powerful, greater amounts of information are created, stored, and accessed” (GEDJ). Over the past few decades, technology has advanced to extreme levels! The most common technology used to find digital evidence are cell phones, computers, tablets, external storage devices, GPS locators, and various other devices (GEDJ). Text messages, social media posts, pictures, etc. are becoming more common data in investigations of the modern era. “Digital evidence can come from both suspects and victims, as all involved parties may have their own personal devices that are relevant to the investigation” (GEDJ). If they are available, computers, phones, social media and much more are very useful sources of gathering data for a criminal case. For instance, both the suspect and the victim may have text messages on their cell phones that could add to the search. “In some criminal cases, digital evidence can be useful if the suspect had associated with it. In some cases it can lead you in the wrong direction or to the wrong people. Or it could simply be useless if the suspect didn 't use anything
Technology has opened new encounters and opportunities for the criminal justice system. There are so many new practices of criminal activity, such as computer crimes. There are different types of computer crimes that many people become victims of every day. Computer crime is any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target ("Computer Crime: Chapter 2: What Are the Crimes?", n.d.). Crimes such as data diddling, pump and dump, social engineering and spoofing are computer crimes. Even though these crimes are difficult by privacy issues, the new technology has made investigations and prosecutions well organized and effective. Though views are different on the pros and cons of specific technological changes in the criminal justice system, there is an agreement the system has changed affectedly ("Effects of Technology in Criminal Justice | eHow", n.d.).
New types of technology have made it easier to track down and catch criminals. Then also made it easier for prosecutors to gather and present more credible information. Some new technology that has made it easier to track down criminals or help provide more reliable and supportive evidence is things such as DNA testing, computer technology, fingerprinting, and GPS tracking devices. “The main strengths of technology in the criminal justice system lie in the provision of databases which allow better and more efficient records to be stored and retrieved” (Bean 370). Prosecutors now in sense have “…an infallible test of truth, a foolproof method, of determining the accuracy and reliability of evidence and hence of convictions” (Pallaras 72). These 4 technological advancement...
Collection of evidence is usually a term designated to refer to the collection of physical evidence, government agencies such as police or environmental protection departments will have their own methods for the collection, storage and conservation of physical evidence and it is the responsibility of forensic personnel to adhere to these set guidelines. General principles which are shared amongst various agencies include, the creation of contemporaneous notes, recording the collection of evidence via photographing, videotaping and/or audiotapes, preserving the crime scene by sealing off the location and only allowing designated personnel to enter, avoiding contamination of the crime scene by investigators through the use of full body covering and also preventing cross-contamination with the scene and any suspects.
When they wanted to save photos online instead of on your personal computer, they are able to use “cloud computing” service. Cloud computing means that the transfer of computing data or information over the internet. Not just to keep data in your personal computer, they are able to save the data on internet server to open their data in any computer. In this report we will walk through about what is cloud computing, what kinds of model did cloud computing have, types of cloud computing, benefits of cloud computing, and security.
A forensic interview is a structured conversation with a child or minor with the intention of eliciting detailed information about a possible event (s) that the child many have experienced or witnessed. Concurrently, for Van Heerden (1977: 8) forensics refer to the computerized activities or scientific knowledge employed by law enforcement agents to serve justice. In the study, forensic investigation is used to refer to any computer-related activities or methods used by police, investigators, prosecutors and all other law enforcement agents to gather facts, track down criminals, arrest or detain them, gather information, preserve information and finally present it in the court of law.
Maintaining the proper ‘chain of custody’ of evidence is one of the main concepts that are important to all forensic sciences. ‘Chain of custody’ involves producing and maintaining written documentation which accompanies the evidence and provides
The amount of evidence can either help win or lose a case. Every crime scene has evidence available for officers to collect. It is important for them to know what the standard protocol is for collecting evidence and how to properly collect it without contamination.
Live acquisition: The future of data acquisitions is shifting toward live acquisitions because of the use of disk encryption with newer operating systems (OSs). In addition to encryption concerns, collecting any data that’s active in a suspect’s computer RAM is becoming more important to digital investigations. The processes and data integrity requirements for static and live acquisitions are the same. The only shortcoming with live acquisitions is not being able to perform repeatable processes, which are critical for collecting digital evidence.
What did they do ? Before we talk about it any further, we have to know some definitions that we use in digital forensics and digital evidence, not only two of them but the others too. This chapter will explain about it . Before we talk about it any further, we have to know the definition of what we are talking about. In the introduction we already know what digital forensic and digital evidence shortly are. In this chapter, we will more explore what they are, and some state that we found when we search about digital forensic and digital evidence. Computer forensics is a broad field and applied to the handling of crimes related to information technology. The goal of computer forensic is to securing and analyzing digital
The transitional growth in the forensic science sector has not been without challenges. Though the world has experienced increased capabilities and scientific knowledge, which has led to faster investigations and results, many forensic experts have argued that forensic laboratory testing, in the light of 21st century technological advancements, is yet to meet the expected rate in quick available testing and analysis (Mennell & Shaw, 2006). This is with respect to the growing rate of crime and the high demand of quick crime scene testing and analysis. In the science of crime scene, analysis and interpretation of evidence is majorly dependent on forensic science, highlighting the change in the role of forensic sciences (Tjin-A-Tsoi, 2013). In the business of forensic science, time is beginning to play important role in the evidence testing and analysis which is becoming crucial in reducing ...
Forensic science has paved the way to a new world of technological advancements in solving crime, through DNA analysis, new technology such as M-Vac, improving systems such as CODIS and other investigative methods. As forensic science technology advances, the chance of an individual being able to commit a crime and walk away free without leaving any trace of evidence will lessen. While forensic science has its limitations, it can be the only way to provide an accurate account of what actually occurred at some crime scenes.