Challenges faced by incident handlers in identifying incidents in case resources are moved to a cloud environment
Undoubtedly the sector of Information Technology (IT) has been highly benefitted by the revolutionizing concept of cloud computing. This system offered services that produced transformative alterations in online activities, along with introducing several technical and economic opportunities. Although there are present some technical and security issues that add to the drawbacks of the mentioned system. It is observed that many cloud system users find it threatening to move their resources or IT needs to the cloud environment due to their concern about the cloud security protocol. Sometimes the sharing or moving of resources is also hindered due to the invading tendency of outside agencies. The cloud service providers deny the user to analyze their resources in the cloud, which ultimately challenges the digital investigation procedures. Duplication of the stored data and multi-tenancy in the cloud system challenges the incident handlers in marking and segregating the pieces of evidence as demanded by the digital forensics. As we are aware that the traditional method of evidence collection and recovery is no longer considered practical as it solely depends on unhindered access to appropriate system and user data, but such allowances are not present in the cloud system as it employs decentralized data processing. (Pichan, Lazarescu, Teng Soh; 2015)
Handling the challenges
The incident handlers are exposed to a blinding array of challenges that the cloud system provides. The cloud customers are provided with a decreased set of forensic information, and it is based on the customer’s access to the model. People with Infrastructure as a Service (IaaS) get abundant supply for information, whereas people with Software as a service (SaaS) get no such inflow of information. That is why many handlers do not provide services to users for gathering forensic information. SaaS providers decline to provide IP log of client accesses, and IaaS don not provide machines and disk imagines to unlock information. The availability of metadata and logfiles are restricted from customers. They are provided with limited scope for auditing and conducting monitoring on their own. In the cloud environment. Virtualization separates the various running instances on a single physical machine. It is considered as a challenge for the handlers and the law enforcement agencies to mark out the resources carefully during an investigatory process that, too, without tampering with the identity of the user who shared the Infrastructure. For this, the service providers opt to encrypt different data hosting and data consumption. But when such services cannot be offered, the users are asked to encrypt their specific data before moving them to any cloud environment. The access to the encrypted keys must be generated in an agreement between the service provider, the law enforcement agency involved, and the customer himself. The fast-changing cloud technology misses the pace of forensic research methods, law enforcement, and investigatory processes. The organization must be vigilant about the supply for adequately trained staff to counter the technical anomalies and legal challenges, which is the core of cloud forensics.