Date Published: February 8, 2023
Comments Due:
Email Comments to:
Author(s)
Martin Herman (NIST), Michaela Iorga (NIST), Ahsen Michael Salim (American Data Technology), Robert Jackson (SphereCom Enterprises), Mark Hurst (SphereCom Enterprises), Ross Leo (University of Houston-Clear Lake), Anand Kumar Mishra (National Institute of Technology Sikkim), Nancy Landreville (University of Maryland Global Campus), Yien Wang (Auburn University)
Announcement
This document addresses the need to support a cloud system’s forensic readiness, which is the ability to quickly and effectively collect digital evidence with minimal investigation costs.
The document presents a reference architecture to help users understand the forensic challenges that might exist for an organization’s cloud system based on its architectural capabilities, as well as the mitigation strategies that might be required. The reference architecture is both a methodology and an initial implementation that can be used by cloud system architects, cloud engineers, forensic practitioners, and cloud consumers to analyze and review their cloud computing architectures for forensic readiness.
The public comment period for this initial public draft is open through March 31, 2023. We encourage you to use this comment template when preparing your comments on the draft. The draft also links to this Forensic Reference Architecture Data Set.
NOTE: A call for patent claims is included on page ii of this document. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
This document summarizes research performed by the members of the NIST Cloud Computing Forensic Science Working Group and presents the NIST Cloud Computing Forensic Reference Architecture (CC FRA, also referred to as FRA for the sake of brevity), whose goal is to provide support for a cloud system’s forensic readiness. The CC FRA is meant to help users understand which cloud forensic challenges might exist for an organization’s cloud system. It identifies challenges that require at least partial mitigation strategies and how a forensic investigator would apply that to a particular forensic investigation. The CC FRA presented here is both a methodology and an initial implementation. Users are encouraged to customize this initial implementation for their specific situations and needs.
This document summarizes research performed by the members of the NIST Cloud Computing Forensic Science Working Group and presents the NIST Cloud Computing Forensic Reference Architecture (CC FRA, also referred to as FRA for the sake of brevity), whose goal is to provide support for a cloud system’s...
See full abstract
This document summarizes research performed by the members of the NIST Cloud Computing Forensic Science Working Group and presents the NIST Cloud Computing Forensic Reference Architecture (CC FRA, also referred to as FRA for the sake of brevity), whose goal is to provide support for a cloud system’s forensic readiness. The CC FRA is meant to help users understand which cloud forensic challenges might exist for an organization’s cloud system. It identifies challenges that require at least partial mitigation strategies and how a forensic investigator would apply that to a particular forensic investigation. The CC FRA presented here is both a methodology and an initial implementation. Users are encouraged to customize this initial implementation for their specific situations and needs.
Hide full abstract
Keywords
civil litigation; criminal investigation; cybersecurity; digital forensics; enterprise architecture; enterprise operations; forensic readiness; incident response
Control Families
None selected
) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)
