NIST announces the final publication of NISTIR 8006, NIST Cloud Computing Forensic Science Challenges, which defines and discusses a set of challenges related to achieving effective cloud computing forensics. Mitigating these challenges is important for cloud-based system owners, cloud forensic tool developers, and forensic investigators, as well as for the development of forensic-ready solutions. This effort will support the criminal justice and civil litigation systems and provide capabilities for security incident response and internal enterprise operations.
NISTIR 8006 includes a preliminary analysis of the challenges by addressing (1) the relationship between each challenge and the five essential characteristics of cloud computing as defined by the NIST cloud computing model, (2) how the challenges correlate to cloud technology by considering their relationship to the Cloud Security Alliance’s Enterprise Architecture, (3) the nine categories to which the challenges belong, and (4) the potential results of overcoming each challenge. It also provides some analysis of logging data, data in media, and issues associated with time, location, and sensitive data. This document is intended to initiate dialogue within the cloud computing community to understand forensic science concerns and challenges in cloud ecosystems and identify the technologies and standards that can mitigate these challenges.