Search…
Forensics

Terminology

Definitions

Cloud Computing Forensic Science

The application of scientific principles, technological practices, and derived and proven methods to reconstruct past cloud computing events through identification, collection, preservation, examination, interpretation, and reporting of digital evidence.

Digital Forensics

Digital forensics is generally considered the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Forensic Science

Forensic science is generally defined as the application of science to the law.

Network Forensics

Network forensics is defined as the capture, storage, and analysis of network events. The idea is to capture every packet of network traffic and make it available in a single searchable database so that the traffic can be examined and analyzed in detail.

Standards

The goal of the following standards is to promote best practices for the acquisition and investigation of digital evidence.
Standard
Description
ISO/IEC 27037
Guide for collecting, identifying, and preserving electronic evidence
ISO/IEC 27041
Guide for incident investigations
ISO/IEC 27042
Guide for digital evidence analysis
ISO/IEC 27043
Incident investigation principles and processes
ISO/IEC 27050
Overview and principles for eDiscovery

Overview

Challenges

  • Control over data (trustworthiness)
  • Multitenancy
  • Data volatility
  • Evidence acquisition

Data Access

Access to data will be decided by the following:
  • The service model
  • The legal system in the country where data is legally stored
There are certain jurisdictions where forensic data/IT analysis requires licensure (Texas, Colorado, and Michigan, for example).