Cloud forensics–Tool development studies & future outlook

In this work, we describe our experiences in developing cloud forensics tools and use them to support three main points:First, we make the argument that cloud forensics is a qualitatively different problem. In the context of SaaS, it is incompatible with long-established acquisition and analysis techniques, and requires a new approach and forensic toolset. We show that client-side techniques, which are an extension of methods used over the last three decades, have inherent limitations that can only be overcome by working directly with the interfaces provided by cloud service providers.Second, we present our results in building forensic tools in the form of three case studies: kumodd–a tool for cloud drive acquisition, kumodocs–a tool for Google Docs acquisition and analysis, and kumofs–a tool for remote preview and screening of cloud drive data. We show that these tools, which work with the public and private APIs of the respective services, provide new capabilities that cannot be achieved by examining client-side artifacts.Finally, we use current IT trends, and our lessons learned, to outline the emerging new forensic landscape, and the most likely course of tool development over the next five years.     

How reliable is cloudsourcing? A review of articles in the technical media 2005–11

A review of articles in the technical media between 2005 and 3Q 2011 disclosed reports on 49 outages involving 20 cloudsourcing providers. Several of these were major events. Many caused difficulties for user-organisations’ staff. Some caused lengthy suspension of services by user-organisations to their customers. A number of them involved irretrievable loss of data. Many user-organisations have failed to risk-assess their use of cloudsourcing, and are exposing their businesses to unmanaged risks.     

“Cloud bursts”: Emerging trends in contracting for Cloud services

Contracting for cloud based services might be said to be in its relative infancy, but such contracts as have been promulgated by the major providers have uniformly tended to be extremely restrictive in terms of the rights and means of recourse offered to customers. As contract values and service complexity “in the cloud” increase, however, more and more of such contracts are subject to review and challenge. This article accordingly considers some of the key points of common contention, and offers thoughts as to the direction of travel for such contracts in the months to come.     

Hey,you, get off of that cloud?

If the final years of this decade are to be over-shadowed by a ‘credit crunch’ and a global recession, then the IT industry's recent focus on cost and resource efficiency via cloud-computing will increasingly seem pertinent to many businesses. This paper will explore some of the legal and practical risks any business will need to consider in their cloud-computing arrangements.