NIST Cloud Computing Forensic Reference Architecture

Martin Herman (NIST) , Michaela Iorga (NIST) , Ahsen Michael Salim (American Data Technology) , Robert Jackson (SphereCom Enterprises) , Mark Hurst (SphereCom Enterprises) , Ross Leo (University of Houston-Clear Lake) , Anand Kumar Mishra (National Institute of Technology Sikkim) , Nancy Landreville (University of Maryland Global Campus) , Yien Wang (Auburn University)

Abstract

This document summarizes the research performed by the NIST Cloud Computing Forensic Science Working Group and presents the NIST Cloud Computing Forensic Reference Architecture (CC FRA or FRA), whose goal is to provide support for a cloud system’s forensic readiness. The CC FRA helps users understand the cloud forensic challenges that might exist for an organization’s cloud system. It identifies challenges that require at least partial mitigation strategies and how a forensic investigator would apply those strategies to a particular forensic investigation. The CC FRA presented here is both a methodology and an initial implementation. Users are encouraged to customize this initial implementation for their specific situations and needs.

This document summarizes the research performed by the NIST Cloud Computing Forensic Science Working Group and presents the NIST Cloud Computing Forensic Reference Architecture (CC FRA or FRA), whose goal is to provide support for a cloud system’s forensic readiness. The CC FRA helps users. See full abstract

This document summarizes the research performed by the NIST Cloud Computing Forensic Science Working Group and presents the NIST Cloud Computing Forensic Reference Architecture (CC FRA or FRA), whose goal is to provide support for a cloud system’s forensic readiness. The CC FRA helps users understand the cloud forensic challenges that might exist for an organization’s cloud system. It identifies challenges that require at least partial mitigation strategies and how a forensic investigator would apply those strategies to a particular forensic investigation. The CC FRA presented here is both a methodology and an initial implementation. Users are encouraged to customize this initial implementation for their specific situations and needs.

Keywords

civil litigation ; criminal investigation ; cybersecurity ; digital forensics ; enterprise architecture ; enterprise operations ; forensic readiness ; incident response