The emergence of cloud storage and the need for a new digital forensic process model

Abstract

Cloud computing is just one of many recent technologies that have highlighted shortcomings in the development of formal digital forensic processes, which up until now have been focused on a particular group of practitioners, such as law enforcement, and have been too high-level to be of significant practical use, or have been too detailed and specific to accommodate new technology as it emerges. Because the tools and procedures employed by digital forensic practitioners are generally outside the knowledge and understanding of the courts, they need to be described in such a way that they can be understood by the layperson. In addition, they should also conform to some standards of practice and be recognised by other practitioners working in the field (Armstrong, 2003; Kessler, 2010). Unfortunately, as Cohen (2011) points out, the whole field of digital forensics lacks consensus in fundamental aspects of its activities in terms of methodology and procedures. There has been a lot of activity around different aspects of cloud computing, and in Australia this has centered on the protection of personal data (Solomon, 2010). On an international scale, there have been several articles written by lawyers (Gillespie, 2012; Hutz, 2012; Kunick, 2012) discussing other legal considerations of accessing data in the cloud; however, this chapter looks at the issues surrounding digital evidence acquisition and introduces a new high-level process model that can assist digital forensic practitioners when it comes to presenting evidence in court that originated in the cloud