Let’s talk about everyone’s favorite topic: the federal government and all of those awesome regulations and standards they’re working on in DC. Amirite? Anyone? Anyone at all? You in the back there – was that a standing ovation or…oh no, you were just getting up to run for the exit. I see.
OK, hold on just a second, everyone. Let’s be reasonable here and give this topic a chance before you tune us out on this one. Trust us, this is actually worth your attention, folks. The federal government’s National Institute of Standards (NIST) is attempting to create a better, more standardized process for forensic investigations involving the sourcing and analyzing of digital information stored in cloud servers. (See, told you this was relevant to you!)
The Feds Got 65 Problems – And Forensic Cloud Investigations Are One All of Them
Yes, it may seem like the government is already full of more useless rules, regulations and standards that are capriciously passed and randomly followed and enforced than you can possibly hope to count. But sometimes rules and regulations are a good thing. They certainly beat all-out chaos, even if they sometimes bring a bit of chaos of their own.
On that note, a few weeks back NIST published on its website a 51-page report identifying 65 unique challenges that forensic investigators have to deal with when diving into data stored in the cloud. Now it wants to know what people think about the adversities that law enforcement agents must deal with when they have to rely on digital information housed in a cloud server for the purposes of an investigation.
“NIST Cloud Computing Forensic Science Challenges” divvies up the 65 issues into nine separate categories and asks for public comments about them. A group composed of government, private sector and academic individuals authored the report. Why did they do it?
“The long-term goal of this effort is to build a deeper understanding of, and consensus on, the high-priority challenges so that the public and private sectors can collaborate on effective responses,” Martin Herman, co-chairman of NIST’s Cloud Computing Forensic Working Group explained to Information Week.
The report itself identifies the “paradigm shift” that has resulted from cloud instances revolutionizing the way in which digital data is stored, processed and transmitted. Though the NIST concedes that cloud storage is, in some ways, not unlike the storage technologies that preceded it, geographical and virtualization issues have challenged forensic scientists when they dive into cloud data. Some of these issues raise serious legal concerns.
Does Physical Server Location Matter in Investigations?
For real-world evidence, you need only look back to about a week before the report was published. It was then that the Washington Post reported on Microsoft’s court battle against the United States government’s attempts to force the tech giant to hand over customer data stored in its Dublin, Ireland data center. Microsoft does not believe issuing a warrant for the search is legal under the United States Constitution. So concerned over this issue is the tech industry that major rivals of Redmond’s, such as Google and Apple, are backing it in this fight.
“Congress has not authorized the issuance of warrants that reach outside U.S. territory,” Microsoft lawyers argued in a brief. “The government cannot seek and a court cannot issue a warrant allowing federal agents to break down the doors of Microsoft’s Dublin facility.”
Instead of being legally compelled to hand over anything stored in a data center overseas purely because US law enforcement has a warrant, Microsoft insists that the government must abide by its mutual legal assistance treaties. In practical terms, that usually means the government requesting a search and seizure must comply with the local government’s laws. In this case that would mean ascertaining an authorization from an Irish district court judge in order for US law enforcement to get its hands on the email data stored in the Dublin facility.
Regardless of what the final ruling ends up being, it’s clear that this is a textbook case of government laws not being able to keep up with the Speedy Gonzalez-like advancement of the tech world. Before the cloud, everyone’s data was all stored in the US. Much of it still is – Superb’s cloud data centers are right here in the U.S. of A., for instance – but many tech behemoths have storage facilities all over the world. There is no precedent for whether or not a US court can issue a warrant to get its hands on data that is overseas in the physical world.
Standardizing Cloud Forensics
Getting back to the NIST report, the focus of it is to establish standards to aid investigators in both criminal and civil cases involving cloud data. With cloud forensics, digital forensic science is applied in cloud computing environments in order to create a reconstruction of past events by identifying, collecting, examining and interpreting digital data. So basically, it’s the newest CSI spinoff – CSI: Cloud.
The study primarily is looking for comments from digital forensics examiners and researchers, law enforcement officials, cloud auditors and cloud-security specialists. But it should also be of concern for cloud service consumers and cloud policy creators.
“While the goals of first responders and forensic examiners may be the same in the cloud context in comparison to large-scale network forensics, distinctive features of cloud computing, such as segregation of duties among cloud actors, inability to acquire network logs from the load balancer or routers, multi-tenancy, and rapid elasticity introduce unique scenarios for digital investigations,” the study’s authors write in their report.
Basically, everything is harder for digital investigators (similar to the ones at Eide Bailly) when it’s in the cloud. Big Data, mobile devices and virtualization problems become even trickier for law enforcement agents when the cloud is involved.
The problems are categorized into the following groups: data collection, anti-forensic, analysis, architecture, role management, legal, standards, incident first responders and training. The group also explains that data hiding, malware and other tactics are often used to throw a monkey wrench into cloud forensics investigations.
The next step is to thoroughly understand these technical challenges in order to develop appropriate technologies and standards with which to overcome them. On top of listening to public comments on the 65 problems, the study’s authors will prioritize each challenge. The ultimate goal is to establish forensic protocols for cloud service providers to follow.
“These protocols must adequately address the needs of the first responders and court systems while assuring the cloud providers no disruption or minimal disruption to their services,” the report states.
Image Source: NIST
Find out more about Nick Santangelo on Google Plus