U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

SP 800-201 (Draft)

NIST Cloud Computing Forensic Reference Architecture

Date Published: February 8, 2023
Comments Due: March 31, 2023
Email Comments to: sp800-201@nist.gov

Author(s)

Martin Herman (NIST), Michaela Iorga (NIST), Ahsen Michael Salim (American Data Technology), Robert Jackson (SphereCom Enterprises), Mark Hurst (SphereCom Enterprises), Ross Leo (University of Houston-Clear Lake), Anand Kumar Mishra (National Institute of Technology Sikkim), Nancy Landreville (University of Maryland Global Campus), Yien Wang (Auburn University)

Announcement

This document addresses the need to support a cloud system’s forensic readiness, which is the ability to quickly and effectively collect digital evidence with minimal investigation costs.

The document presents a reference architecture to help users understand the forensic challenges that might exist for an organization’s cloud system based on its architectural capabilities, as well as the mitigation strategies that might be required. The reference architecture is both a methodology and an initial implementation that can be used by cloud system architects, cloud engineers, forensic practitioners, and cloud consumers to analyze and review their cloud computing architectures for forensic readiness.

The public comment period for this initial public draft is open through March 31, 2023. We encourage you to use this comment template when preparing your comments on the draft. The draft also links to this Forensic Reference Architecture Data Set.

NOTE: A call for patent claims is included on page ii of this document. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

civil litigation; criminal investigation; cybersecurity; digital forensics; enterprise architecture; enterprise operations; forensic readiness; incident response
Control Families

None selected

Documentation

Publication:
SP 800-201 (Draft) (DOI)
Local Download

Supplemental Material:
Comment template (xls)
Forensic Reference Architecture Data Set (xls)

Document History:
02/08/23: SP 800-201 (Draft)

Topics

Security and Privacy
general security & privacy

Technologies
cloud & virtualization

Applications
enterprise; forensics