NIST Cloud Computing Forensic Science Challenges

The National Institute of Standards and Technology (NIST) has been designated by the Federal Chief Information Officer (CIO) to accelerate the Federal Government’s secure adoption of cloud computing by leading efforts to develop standards and guidelines in close consultation and collaboration with standards bodies, the private sector, and other stakeholders.

Consistent with NIST’s mission, as one of many mechanisms in support of the U.S. Government’s (USG’s) secure and effective adoption of cloud computing technology, dated January 17, 2012. 1 the NIST Cloud Computing Program (NCCP) has developed the NIST Cloud Computing Standards Roadmap 2 to reduce costs and improve services. Standards are critical to ensure cost-effective and easy migration, to ensure that mission-critical requirements can be met, and to reduce the risk that sizable investments may become prematurely technologically obsolete. Standards are key elements required to ensure a level playing field in the global marketplace. The importance of setting standards in close relation with private sector involvement is highlighted in a memorandum from the Office of Management and Budget (OMB), M-12-08

With the rapid adoption of cloud computing technology, a need has arisen for the application of digital forensic science to this domain. The validity and reliability of forensic science is crucial in this new context and requires new methodologies for identifying, collecting, preserving, and analyzing evidence in multi-tenant cloud environments that offer rapid provisioning, global elasticity, and broad network accessibility. This is necessary to support the U.S. criminal justice and civil litigation systems as well as to provide capabilities for security incident response and internal enterprise operations.

The NIST Cloud Computing Forensic Science Working Group (NCC FSWG) was established to research forensic science challenges in the cloud environment and to develop plans for standards and technology research to mitigate the challenges that cannot be addressed by current technology and methods. The NCC FSWG has surveyed existing literature and defined a set of challenges related to cloud computing forensics. These challenges, along with associated literature, are presented in this document. The document also provides a preliminary analysis of these challenges by including: (1) the relationship between each challenge to the five essential characteristics of cloud computing as defined in the NIST cloud computing model [3], (2) how the challenges correlate to cloud technology, and (3) nine categories to which the challenges belong. In addition, the analysis considers logging data, data in media, and issues associated with time, location, and sensitive data.