Executive Summary



IST 454: Cyber ForensicsCloud Computing ForensicsTeam 1Terry BazemoreAmanda BennettShaan MulchandaniWilliam RigginsDecember 11, 2011Table of Contents TOC \o "1-3" \h \z \u Executive Summary PAGEREF _Toc185332898 \h 41.Introduction PAGEREF _Toc185332899 \h 51.1What is ‘The Cloud?’ PAGEREF _Toc185332900 \h 51.2Cloud Services PAGEREF _Toc185332901 \h 71.2.1Overview PAGEREF _Toc185332902 \h 71.2.2.Utilization and Purpose PAGEREF _Toc185332903 \h 71.3Cloud Solutions – A Forensic Perspective PAGEREF _Toc185332904 \h 92.Objectives PAGEREF _Toc185332905 \h 123.The Need for Cloud Forensics PAGEREF _Toc185332906 \h 144.Forensic Tools and Technologies PAGEREF _Toc185332907 \h 165.Cloud Services PAGEREF _Toc185332908 \h 195.1Amazon Web Services (AWS) PAGEREF _Toc185332909 \h 195.1.1Overview PAGEREF _Toc185332910 \h 195.1.2Forensic Capabilities PAGEREF _Toc185332911 \h 205.2Google App Engine PAGEREF _Toc185332912 \h 255.2.1.Overview PAGEREF _Toc185332913 \h 255.2.2Forensic Capabilities PAGEREF _Toc185332914 \h 255.3Microsoft Azure PAGEREF _Toc185332915 \h 285.3.1Overview PAGEREF _Toc185332916 \h 285.3.2Forensic Capabilities PAGEREF _Toc185332917 \h 285.4Salesforce PAGEREF _Toc185332918 \h 315.4.1Overview PAGEREF _Toc185332919 \h 315.4.2Forensic Capabilities PAGEREF _Toc185332920 \h 326.Ratings and Analysis PAGEREF _Toc185332921 \h 346.1Overview PAGEREF _Toc185332922 \h 346.2Ratings PAGEREF _Toc185332923 \h 356.3Analysis PAGEREF _Toc185332924 \h 366.3.1Amazon Web Services PAGEREF _Toc185332925 \h 366.3.2Google App Engine Ratings PAGEREF _Toc185332926 \h 386.3.3Microsoft Azure Ratings PAGEREF _Toc185332927 \h 406.3.4Salesforce Ratings PAGEREF _Toc185332928 \h 427.Scenarios and Analysis PAGEREF _Toc185332929 \h 457.1Cloud Forensics in Academia PAGEREF _Toc185332930 \h 457.1.1Scenario PAGEREF _Toc185332931 \h 457.1.2Analysis PAGEREF _Toc185332932 \h 467.2Cloud Forensics in a Software-as-a-Service Model PAGEREF _Toc185332933 \h 487.2.1Scenario PAGEREF _Toc185332934 \h 487.2.2Analysis PAGEREF _Toc185332935 \h 497.3Cloud Forensics in the Public Sector PAGEREF _Toc185332936 \h 507.3.1Scenario PAGEREF _Toc185332937 \h 507.3.2Analysis PAGEREF _Toc185332938 \h 517.4Cloud Forensics at an Enterprise Level PAGEREF _Toc185332939 \h 527.4.1Scenario PAGEREF _Toc185332940 \h 527.4.2Analysis PAGEREF _Toc185332941 \h 538.Project Website PAGEREF _Toc185332942 \h 559.Conclusion PAGEREF _Toc185332943 \h 56Appendices PAGEREF _Toc185332944 \h 57Appendix A: Project Plan and Timeline PAGEREF _Toc185332945 \h 57Milestone 1: Project Proposal PAGEREF _Toc185332946 \h 57Milestone 2: Project Report and Website Development PAGEREF _Toc185332947 \h 58Milestone 3: Project Presentation PAGEREF _Toc185332948 \h 59Appendix B: References PAGEREF _Toc185332949 \h 60Executive SummaryThe emergence of cloud computing has proven to be a reliable, cost saving IT infrastructure solution for numerous large corporations, which no longer require dedicated servers, facilities, and staff. While security – be it physical or information/logical – is a concern that has been investigated in depth, there is a lack of extensive research in terms of forensic capabilities offered by these cloud-computing solutions.Therefore this paper investigates four cloud-service providers, viz. Amazon Web Services (AWS), Google App Engine, Microsoft Azure, and Salesforce from a forensic perspective. Prior to conducting a detailed study on these products, we examine contemporary literature and challenges with cloud-computing solutions. Following analysis of the chosen products, findings are used to determine scores and suitability ratings based on weighted categories. Ratings assigned are justified, and applied to four different ‘practical’ scenarios in various sectors such as academia, provision of software as a service, the public sector, and corporations.Products evaluated in this paper, ratings, scenarios, and all analysis have also been presented on a website / portal developed for the purpose of our study, and may be found at cloudforensics..1.Introduction1.1What is ‘The Cloud?’‘The Cloud’ when used in the Information Technology realm, is a term that implies a vast network of distributed computing and storage services. Subscribers to cloud services are able to re-provision IT infrastructure services at will, and avail of ‘elastic’ or on-demand computing. As a layman’s analogy, we can imagine cloud-computing services to be similar to an electricity grid that supplies power to each household [or in this case subscriber] that can choose how much power he/she wishes to consume.Due to the fact that users can reallocate resources at will, and keeping in line with the analogy provided above, cloud computing provides services that are device and location independent – just as we continue to receive a supply of electricity in our homes without actually knowing where the nearest power grid is. Figure 1 illustrates this device and location independence.Figure 11.2Cloud Services1.2.1OverviewThe previous section, 1.1: What is ‘The Cloud,’ provided us with an introduction to cloud services and why they are rapidly gaining popularity. This section expands on the current and future uses of cloud computing services, and provides a literature review of cloud solutions from a forensic perspective – in other words, can traditional computer forensic practices keep up with rapid development in distributed computing and storage technology?1.2.2.Utilization and PurposeCloud computing services add tremendous value for end-users in addition to providing device and location independence. Some of these advantages are:These solutions empower end-users by putting the provisioning of computing resources in their own control, as opposed to the control of a centralized IT serviceAgility improves with users' ability to re-provision technological infrastructure resourcesCloud computing systems typically use REST-based APIs that lead to ease of data access and storageCost is reduced in a public cloud delivery modelReliability is improved, which makes cloud computing suitable for business continuity and disaster recoveryScalability and Elasticity via dynamic provisioning of resources on a fine-grained, self-service basis near real-time, without users having to engineer for peak loadsThese advantages, amongst numerous others, are evident in services that we use – such as Amazon Web Services’ Elastic Cloud Compute, SimpleDB, Elastic Beanstalk, and others such as Dropbox for file storage, or GitHub for social coding.1.3Cloud Solutions – A Forensic PerspectiveReilly et al discuss the merits and detriments of cloud computing as it relates to the operations of law enforcement’s ability to gather evidence. Of particular interest is a section of the paper devoted to computer forensics, and the challenges brought on by cloud based services. They argue that “where computer forensics is concerned, cloud computing has not been thoroughly considered in terms of its forensic readiness”, but also that the cloud was designed to be secure. It is this statement that instills the most fear, as the system may very well be secure, but is it able to be investigated using traditional forensics tools, or do we need an entirely different process? The authors also attempt to answer this question through application of legacy methods, only with a twist, to tailor forensic processes for use in the cloud.Barnett and Kipper, in their book titled ‘Virtualization and Forensics’ state that there are a number of obstacles when conducting forensic investigations in cloud environments, much less on (entire) cloud environments. They mention factors such as laws, court-approved methods, standard operating procedures for forensic investigators, and the involvement of a third party, viz. the cloud service producer introduce various challenges and complications. Part of this is attributed to the inapplicability of traditional forensic procedures, where forensic investigators must utilize different procedures for seized hard-drives, versus mobile platforms, etc. In this regard, researchers at Gartner state, “Investigating inappropriate or illegal activity may be impossible in cloud computing. Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across and ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation – along with evidence that the vendor has already supported such activities – then your only safe assumption is that investigation and discovery requests will be impossible.” However, with regard to forensic analysis within the cloud service, Barnett and Kipper suggest promising solutions. They say that cloud computing becomes an on demand service when using infrastructure as a service (IaaS) models, with the option of using as much storage and computing power as required. Dedicated forensic servers could also remain offline, until needed – which minimizes cost for corporations and/or law enforcement agencies. An example of this, with one of our cloud solutions being considered, is AWS – which allows for a MD5 hash file to be generated for every file present on the system.According to the project titled CLOIDFIN, which reveals (general) challenges faced in a cloud-computing environment, it is stated on forensics “Traditional digital forensic methodologies permit investigators to seize equipment and perform detailed analysis on the media and data recovered. The likelihood therefore, of the data being removed, overwritten, deleted or destroyed by the perpetrator in this case is low. More closely linked to a CC environment would be businesses that own and maintain their own multi-server type infrastructure, though this would be on a far smaller scale in comparison. However, the scale of the cloud and the rate at which data is overwritten is of concern.”Simson Garfinkel, in a paper on ‘Digital Forensics Research: The Next 10 Years” discusses cloud related issues within the scope of forensic investigations, listing “Use of the “cloud” for remote processing and storage, and to split a single data structure into elements, means that frequently data or code cannot even be found” as a concern. Furthermore, he states similar concerns as Gartner (earlier described) when he says “Encryption and cloud computing both threaten forensic visibility and both in much the same way. No matter whether critical information is stored in an unidentified server “somewhere in the cloud” or stored on the subject’s hard drive inside a TrueCrypt volume, these technologies deny investigators access to the case data. While neither technology is invincible, both require time and frequently luck to circumvent (Casey and Stellatos, 2008). Cloud computing in particular may make it impossible to perform basic forensic steps of data preservation and isolation on systems of forensic interest.”2.ObjectivesWe propose to research the feasibility of cloud-computing solutions, in particular: Amazon Web Services (AWS), Google App Engine, Salesforce, and Microsoft Azure from a forensics perspective – with a view to determine how these service providers rank in terms of favorability to various scenarios that require in depth forensic analysis capabilities on data and servers.A few examples of specific comparisons used to facilitate our research will include the ability to install and utilize various forensic tools such as EnCase, FTK, ProDiscover, dcfldd, etc. on machines, how effective they are (or not) on virtualized machines, custom forensics tools provided by the cloud-computing solutions, and whether providers lack the ability to prosecute their customers, viz. the corporations, for illegal/criminal activity (as we have seen in the case of ISPs), or if they are allowed to launch criminal or judicial investigations. The support of these providers as part of customer service in terms of providing evidence to corporations, when one or more of the corporation’s employees have abused the system and/or services will also be examined.As a result of this research, we will record our results of all research conducted, and surveys taken as applicable; to present a final report that documents our findings. Additionally, an interactive website showing the results of our findings, and a detailed comparison will also be developed as part of the final project presentation.Through our proposed research project, we aim to satisfy the following objectives:Establish that clouding computing solutions (especially the following) are cost-effective, and secure, for large corporations:Amazon Web ServicesGoogle App EngineMicrosoft AzureSalesforceReview and report the current relationship(s) between cloud computing and forensics in generalExamine forensic capabilities offered and/or supported by the above-mentioned cloud-computing service providers, to subscribers that are large corporationsDetermine if the above service providers allow for installation/utilization of (at a minimum) the following forensic tools on physical and/or virtualized servers:EnCaseFTKProDiscoverCompare and rank the above-mentioned service providers based on functionality and customer support offered in terms of forensicsPublish and document our findings in a report available to faculty, and other studentsDesign and develop an interactive website available to faculty, other students, and the public – as an available resource to the academic community, forensic investigators, and corporations keen on forensic related aspects of cloud-computing solutions3.The Need for Cloud ForensicsIn order for digital forensics investigators to stay current with emerging technologies, they will need to spend some time learning about the effects of cloud computing and services on their trade. In recent years, the ubiquity of cloud based processing power has made the era of physical hardware a thing of the past. A new virtual machine can be provisioned to a customer in seconds, databases can be scaled across hundreds of machines, and terabytes of media stored on the Internet all without the need for dedicated hardware. While this sounds like a perfect world for operations and maintenance crews, this makes forensic analysis far more difficult.There are several challenges inherent to forensic analysis in the cloud. First, can the cloud-based service support legacy forensics tools such as EnCase and FTK? Some services, like AWS, allow for full access to the virtual machine, which would allow us to use these tools. However, platform as a service (PaaS) solutions like Google App Engine, make it near impossible to use traditional forensics suites. Investigators need to know the limitations of each cloud service in order to determine how they can proceed in the event of an investigation.Second, who owns the actual, physical system? Are we able to do a logical data acquisition, or even a sparse one? With AWS, we can take what could be considered a logical copy, but with other services like Salesforce’s this is not possible. What should an investigator do in the event he or she cannot do a traditional data acquisition? These questions, and many like them, are answered in this whitepaper.Finally, which services should corporations and governments use for their critical infrastructure given that forensic analysis of an intrusion would be required? We have designed a set of criteria that can quantifiably evaluate cloud-based services based on their forensic capabilities. The framework allows for easy and accurate comparison of the various services from a forensic standpoint.The ability to maintain a proper chain of custody, use tried and tested tools, and verify results is critical to performing digital forensics. The cloud changes how that process can and should be executed but is nonetheless important.4.Forensic Tools and TechnologiesThe art of forensic investigations in a “normal” client-server environment involving a physical network configuration can provide remarkable challenges to a forensic investigator; however, the challenges are amplified significantly when dealing with a forensic investigation of a cloud resource. The cloud forensic challenges include but are not limited to the following:Volatility of memory via allocated memory that is immediately overwritten at next availabilityLack of understanding of data ownership and boundaries (i.e. multiple jurisdictions)Diminished access to certain network components such as routersInability to access logs, as well as consistency of information in the logsThe bulleted items are examples of a few of the issues forensic investigators face in the cloud that are not common issues within the physical network environment. To navigate these challenges a forensic investigator needs reliable and accurate tools to not only acquire an image, but to also analyze the image for electronic evidence to be admissible and used in court. To date most forensic tools are based on customary forensic methods pertaining to acquisition and analysis of forensic data, which poses a contest to the need of tools to adapt to the cloud environment. Due to the challenges and current state of forensic tools, there are few tools (commercially or free) that are efficient and effective in cloud-based forensics. Many of the traditionally popular forensic tools can be used for cloud forensics but are not as reliable in the cloud as they are on “traditional” configurations. The following tools are commonly used and trusted within the forensic investigator community due to their reliability and admissibility of evidence in court, and they are currently the most commonly used tools (including Windows and Linux based) as it pertains to cloud forensics:Guidance Software’s EnCase is a trusted software suite for e-Discovery and forensic analysis (on Windows, Macintosh, and Linux machines), due to its consideration as a reliable and efficient “go-to” tool for many forensic and legal professionals. The specific EnCase software package used for cloud forensics is the eDiscovery version 4.2, as it offers the same classic support, but offers new support in the area of Microsoft 365 – supporting Sharepoint and Microsoft Exchange in the cloud. As an e-discovery software, EnCase eDiscovery is “judicially accepted” and cloud friendly.AccessData Forensic Toolkit (FTK) is a suite of e-discovery and Forensic triage software that is court-validated and capable of cloud based forensic analysis and investigation (in Windows, Macintosh, and Linux machines). FTK offers no specific cloud solution, however the tools within the software suite are effective, efficient, and proven in “traditional” forensic settings.Both EnCase and Access are the only tools to be discussed at this time due to their proven efficiency, effectiveness, and court trust levels for eDiscovery. There are many other forensically sound tools that exist, however, they have not been used or proven in cloud based test, and are not acceptable in court for evidence. As far as hardware based forensic tools, something to note is that many of the hardware forensic tools are deemed ineffective in cloud based forensics as the physical machines will almost never be accessible due to the data being in the cloud; so, software based tools are the only tools able to be analyzed at this time in the cloud and forensics discussion.There is still much work to be done in the area of cloud based forensic tools, as any search engine search will show you. The tools currently available are proven technologies in traditional forensics, but used mainly out of lack of cloud-based tools at this time. As the issue of cloud computing becomes more popular, so will the cloud based attacks, thus spawning more research and production of cloud based forensic tools to perform thorough and court validated analysis of evidence.5.Cloud Services5.1Amazon Web Services (AWS)5.1.1OverviewAmazon Web Services (AWS) is a collection of remote computing services that make up a cloud-computing platform – that enables developers, and corporations, to efficiently utilize the infrastructure as a service model (IaaS) to in turn develop and design various applications and products. As such, subscribers can utilize varying levels of computing power, and storage, resulting in a “pay as you go” elastic IT model.With regard to information security policies and details, AWS utilizes a shared responsibility model, which relieves customers of operational burden as AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. However, the customer or subscriber assumes responsibility and management of, but not limited to, the guest operating system (including updates and security patches), other associated application software, as well as the configuration of the AWS provided security group firewall. This lays the emphasis on subscribers to appropriately determine what services they need, as responsibilities, rules, and regulations differ accordingly. The benefit, in this sense, is that they are able to leverage additional security measures such as host-based firewalls, host based intrusion detection/prevention, encryption and key management.Given the nature of this shared responsibility model, users seem to be able to install custom forensic tools – which the following section will confirm or deny, as well as address other details such as disk imaging, and retrieval for legal or corporate investigations – given that Amazon manages the hardware.5.1.2Forensic CapabilitiesAs mentioned in the previous section, AWS utilizes a shared responsibility model – wherein users are responsible for selecting an operating system, and applying patches, updates, etc. as appropriate. In this regard, a variety of operating systems – ranging from windows server platforms to different flavors of UNIX are available. The figures below, Figure 2 and Figure 3, illustrate the UNIX and Windows options available to users.Figure 2Figure 3What this implies is that despite AWS’ EC2 hosting the operating system on a distributed network of servers, traditional forensics tools such as EnCase, FTK, dcfldd, etc. can be used as they are done traditionally, with evidence obtained being admissible in court. To verify files and directories on these cloud instances, or even a copy of the instance itself, AWS provides a built-in MD5 hashing feature that utilizes shared processing power. Therefore image verification is extremely fast when using AWS, and can be done at any level of abstraction desired.With regard to backups of data [files, directories, or entire instances], AWS allows for creating of multiple copies, all with customizable permissions. This allows for provision of separate investigation environments, and allows for a more rigid chain of custody, since if one instance is compromised, there are multiple other copies available. Since backups can be made near instantly, they allow for faster processing of cases. Multiple forensic analysts can also process cases simultaneously, as AWS’ Identity and Access Management eliminates the need to share passwords or access keys when granting access, and makes it easy to enable or disable a user’s access as appropriate.The AWS whitepaper also states that data stored in Amazon S3, Amazon SimpleDB, or Amazon Elastic Block Store (EBS) is redundantly stored in multiple physical locations as part of normal operation of those services and at no additional charge. Amazon S3 and Amazon SimpleDB provide object durability by storing objects multiple times across multiple Availability Zones on the initial write and then actively doing further replication in the event of device unavailability or detected bit-rot. As a result of redundant storage options, coupled with OS level autonomy for the client, logical and sparse acquisition of images is extremely straightforward – surprisingly even more so than traditional forensic approaches at times, since analysts do not have to worry about specialized imaging equipment, legacy hardware, or write-blocking hardware!As we are aware, network and physical security are extremely important in the forensics realm in order to preserve chain of custody. AWS is exceptional in this regard, in that it uses a hypervisor to abstract clients and their data from physical interfaces, as well as ensures strict firewall rules and mechanisms for preventing the following types of attacks:Distributed Denial of Service (DDoS) attacksMan In the Middle (MITM) attacksIP SpoofingPort ScanningPacket Sniffing by other usersDue to the nature of cloud services provided, services are seamlessly replicated to another server in the extremely rare event that a server is compromised. AWS also possesses various audit certifications and standards [per their security whitepaper] as listed below, along with strict physical security controls:SAS70 Type II. This report includes detailed controls AWS operates along with an independent auditor opinion ?about the effective operation of those controls.PCI DSS Level 1. AWS has been independently validated to comply with the PCI Data Security Standard as a ?shared host service provider.ISO 27001. AWS has achieved ISO 27001 certification of the Information Security Management System (ISMS) ?covering infrastructure, data centers, and services.FISMA. AWS enables government agency customers to achieve and sustain compliance with the Federal ?Information Security Management Act (FISMA). AWS has been awarded an approval to operate at the FISMA- Low level. It has also completed the control implementation and successfully passed the independent security testing and evaluation required to operate at the FISMA-Moderate level. AWS is currently pursuing an approval to operate at the FISMA-Moderate level from government agencies.These certifications and conformance to standards works in favor of courts approving evidence gathered from systems – especially more so due to its compliance with FISMA.5.2Google App Engine5.2.1.OverviewGoogle App Engine is a cloud-based service that provides distributed application and database hosting for specially designed web applications. By using the Google App Engine framework, developers are able to effortlessly scale their applications across Google’s distributed hosting and database systems. Currently, the Engine supports Java, Python, and Go applications but only allows use of Google’s BigTable based distributed storage as the database backend. Businesses are then only billed for the storage, bandwidth, and applications they deploy on Google’s infrastructure. This “pay as you go” model greatly decreases the cost of scaling a web application and building out conventional, physical server infrastructure.However, there are some security concerns surrounding Google’s implementation that should be taken into account. In the event of an application compromise, what level of authority does the business have over the cloud infrastructure? Can the business acquire an image of all systems involved in hosting the application in order to analyze the logs? Are there hard copy backups of the data store objects? All of these questions relate back to computer forensics and how we can adequately perform analysis in the Google App Engine environment.5.2.2Forensic CapabilitiesUnlike Amazon’s EC2 service, and similar services which provide virtual machines, Google’s offering is what is called “platform as a service” (PaaS) wherein the tedious set up and low level configuration are taken care of by the service provider in a convention over configuration like manner. Essentially, the only thing the customer has control over is their application code, and their data store. While this does simplify the use of the platform, it makes anything but sparse acquisition nigh impossible. With that in mind, we can focus on that process and how it might work in the App Engine platform.Sparse acquisition, as we know it, is a process of acquiring data in a forensic investigation wherein we either do not need to, or cannot perform a full logical acquisition of the target system. In the App Engine model, this is very pertinent, as there is no way of really knowing how many logical devices might be supporting one Google App Engine data store or application. What we can do, however, is take a snapshot of the App Engine data store using the Administration Console. While this sounds simplistic, it actually requires us to use an experimental process to copy the data from the live application into another application to use as our forensics sandbox. This process does require putting the source application into Read Only mode, which may impact business. For more information on the data store copying process, documentation may be found at: feature that could assist in a forensics investigation when the target is an App Engine application is the application log. Applications that use Google App Engine are automatically configured to use a built in application logging function. In Figure 4, we can see data regarding a failed request to the application. This can be critical to identifying a malicious actor attempting to find holes in an application, or even identify their actions within the system post-exploitation. Likewise, we can use the data store viewer to peruse the data stored on Google’s servers.Figure 4The unfortunate fact with Google’s platform is that most of the services are geared towards developers. In order to get data out of the application and on to a remote forensics workstation, the investigator would need to be able to write a custom Python or Java script to pull the data out of the data store and into a human readable format. Some tools, such as Google’s appcfg.py, exist already but may not be suitable for forensics work. It is critical to note that in order to be able to access the administration console or the remote API that is used to access the log and data store, the investigator would need unfettered access to the application in the production environment.5.3Microsoft Azure5.3.1OverviewMicrosoft Windows Azure is a cloud service which is used by companies such as General Mills, Lockheed Martin, T-Mobile and NASA, to name a few. The Azure platform is comprised of three components: Windows Azure, SQL Azure and Azure AppFabric. The following details the differences between the three components.Windows Azure provides developers with on-demand compute, storage, networking and content delivery capabilities to host, scale and manage applications on the Internet through Microsoft data centers. Windows Azure is the development, service hosting and service management piece of the platform. SQL Azure is the data piece of the platform; it provides a relational database, reporting, and data synchronization. Lastly, Azure AppFabric is the middleware piece that allows developers to build and manage applications optimally for both server and cloud environments.The Windows Azure Platform offers many tools. One of them, Windows Azure Storage Explorer, provides customers with a GUI tool to inspect and alter their data. On a cost note, customers only pay for resources used on deployed items.5.3.2Forensic CapabilitiesRegarding Microsoft Windows Azure’s forensic capabilities, there are many options for backing up, synchronizing, exporting and importing data.Service Update 4 for SQL Azure introduced the ability to copy a database; this means being able to quickly copy a running database, creating a complete, second SQL Azure database.SQL Azure Data Sync is provides the option to create an offsite backup. No programming is required to create the backup. Using Data Sync, an SQL Azure database can be synchronized with one or more SQL Azure databases in any of the Windows Azure data centers. SQL Azure Data Sync can also be used to synchronize to an on-site SQL Server, essentially making a local backup.For exporting and importing options, a data-tier application export, also known as DAC, copies object definitions from an SQL Azure database to a DAC export file, also known as a BACPAC. From there the export process does a bulk copy of the data from the user tables to the export file. The DAC import operation can then be used to recreate the database and data on another SQL Azure server or instance of the SQL Server Database Engine.Because Microsoft acts as a third party in a cloud forensics investigation, there is very limited access to the data centers for making physical hard disk drive acquisitions as done in typical computer forensics where a drive can more simply be confiscated by authorities. After cutting through some red tape, access to the physical drives is possible, however.Regarding data integrity validation, Windows Azure is MD-5 and SHA hash encryption enabled. The use of MD-5 and SHA hashes allows for the verification of the integrity of data copied from the Windows Azure cloud to another location.Finally, forensic analysis can be performed on user behavior within the Windows Azure environment. The platform logs activity by Microsoft Live ID, which aids in determining which user did what, when and how. Microsoft Windows Azure Diagnostics is a great and robust log analysis tool that is provided by the platform. Also, Windows Events can be captured within Windows Azure; these events include state information about an application or the system. The use of Trace events provides for finer-tuned logs, if necessary.5.4Salesforce5.4.1OverviewSalesforce, an internationally operating (San Francisco, CA based) cloud computing solutions and services provider and is “leading the charge” to eliminate the need for software, data centers and the frustrations that go along with both of those historically essential items. Salesforce attests to its ability to help its 100,000+ customers drive up their sales while lowering their overhead equipment and software costs, through several innovative (Forbes labeled Salesforce as the World’s Most Innovative Company; Apple was 5th) cloud computing solutions and cost efficient monthly fee based services. One such innovative offering is the service called the Social Enterprise ?. The Social Enterprise ? is the offering Salesforce plans to use to further differ from its competitors, via its offer of a cost effective, customizable, and reliable cloud computing service that connects customers, employees, and sales leads through the conduit of social media. Traditionally, the terms social media and cloud computing would be a security nightmare, but not necessarily with Salesforce.Amidst ongoing debate regarding the security of data in the cloud, and methods of protecting the cloud, Salesforce has become an ISO 27001 certified Security Company. This demonstrates that Salesforce has exceeded the requirements of acceptable security practices based on independent security audit findings, bolstering customer confidence in data protection. Use of authentication through third party validation, and multilevel security tactics including: application security via MD-5 hashed passwords, network security via deployed IDS and configured firewalls, and physical security via five layers of biometric access controls, help to ensure customers have peace of mind when thinking about their data. Even with a security-minded cloud computing solutions and service provider such as Salesforce, one must wonder and consider the ability of the company to respond to the unfortunate event of a data leak, denial of service, or other attacks. With the data being in the cloud and not traditionally held in datacenters what incident handling techniques can be used? More focused to the purpose of this document, how compatible and able are current market ready forensic tools, when dealing with an incident in the cloud? The answers to these questions, is what this research paper expects to answer.5.4.2Forensic CapabilitiesSalesforce offers many services to its customers in the cloud and while cloud based forensics is not one of the defined services offered, Salesforce is capable of providing a limited amount of forensic tracking capability of user behavior via two distinct methods. The first is through the login history of a user in which an investigator/system admin can view in the Manage Users > Users menu bar to show when an user logged in, however it cannot detail actions the user executed while logged in. The other method of forensic tracking is via a request of detailed information from a Salesforce Account Manager/professional to include login/out times, actions performed, files viewed and created, downloaded files, and much more. The Salesforce Account Manager/professional can send the entire log of a user’s actions for review. The cost of this request varies but is standardly $500 per user per day. Beyond the capabilities listed Salesforce does not provide any built-in forensic tools as dynamic as Backtrack 4, Encase, FTK, etc. but it does provide enough capability to assist an investigator with an investigation.6.Ratings and Analysis6.1OverviewThe Ratings and Analysis section quantifies favorability of features provided by the cloud services evaluated, using a weighted average. Justification for ratings provided is documented in Section 6.3: Analysis. Ratings are subsequently used to provide solutions to example practical scenarios stated in Section 7.The legend for scores assigned in Section 6.2 is as follows:Score RangeObservation0 - 1None, or virtually non-existent2 - 5Partially meets requirements6 - 8Meets requirements9 - 10Best in class6.2RatingsScoring CriteriaAWSApp EngineAzureSalesforceLogical acquisition capability (15%)8056Sparse acquisition capability (15%)107100Live acquisition capability (15%)6040Ability to install custom forensics tools (15%)10070Built in forensics capability and validation (15%)7488Access to log files and reporting (10%)89109Contractual forensics support (5%)9568Cost of typical annual service agreement (5%)7988Usability (5%)9488Total82.034.572.042.06.3Analysis6.3.1Amazon Web ServicesThe ratings for Amazon Web Services cement its position as a frontrunner when forensic capabilities and services are considered for cloud services. In conjunction with information provided about AWS’ forensic capabilities in Section 5.1.2, rationale for ratings can be found below:Logical Acquisition – Logical acquisition is relatively straightforward in AWS, with the capability to backup and/or replicate files, directories, or entire instances virtually instantaneously. These backups can be permissioned and backed up in different physical regions of the U.S. as well – allowing for redundancy, preservation of chain of custody, and ability for forensic analysts to work independently.Sparse Acquisition – Since AWS allows end-users to choose Operating Systems, and manage the hardware seamlessly; sparse acquisitions can be performed using the client’s desired tools based on the OS and platform used.Live Acquisition – AWS allows for capture of information relating to processes run by the user.Ability to install custom forensic tools – Since AWS is an infrastructure as a service; end-users can choose operating systems and platforms to be installed, and all custom forensics tools that run on them.Built-in forensic capability and validation – AWS offers MD5 hashing for files, directories, and even entire instances. Hashing is performed using Elastic Cloud Compute – enabling fast verification for very large instances.Access to logs and file reporting – Clients can utilize all logging features offered by the operating systems chosen, as well as custom tools installed. Additionally, system logging is accessible via AWS’ console, with virtually unlimited storage space for logs.Contractual Forensics support – AWS utilizes a shared-responsibility model, which holds it accountable for maintenance and availability of servers and physical infrastructure. Physical and logical security is also part of contractual agreement, with a commitment to provide full customer support based on service packages selected.Cost of typical annual service agreement – Cost for all of AWS’ services are on a pay-as-you-go basis, making storage and computing services extremely cheap both at an individual and corporate level. There is also a year’s worth of free service, with all features and services enabled. Service packages are also available at fixed, relatively inexpensive rates.Usability – AWS has a clean interface for performing high-level functions related to the system, that even non-technical system administrators and analysts could utilize. Additionally, the operating systems offered are standard and user-friendly.6.3.2Google App Engine RatingsThe ratings for Google App Engine as defined by our team’s scoring criteria paints a harsh reality regarding this particular cloud service. In order to better explain and justify the reasoning behind the scores selected, please refer to the information below:Logical Acquisition – Logical acquisition under App Engine was not documented in Google’s documentation regarding the service. It is our assumption that any access to the underlying hardware would need special cooperation with Google’s service management team and would likely be a costly ordeal due to the distributed nature of the service.Sparse Acquisition - Google App Engine offers a read-only copy method that can be used to produce a copy of an application and its data in Google’s cloud infrastructure. It does not allow for a copy to a local disk or other storage medium. While this allows for sparse acquisition of data while maintaining the integrity of the original data and application, it is not a perfect solution.Live Acquisition – Google App Engine does not allow access to the physical RAM or other wired memory.Ability to install custom forensic tools – There is no capability to run custom forensics tools on App Engine. Custom code can be written and deployed as part of the App Engine application, but would alter the forensic copy.Built-in forensic capability and validation – App Engine does provide access control and error logs which provide some level of built-in forensic capability. The, albeit experimental, ability to copy an application or put it into read-only mode is also a plus.Access to logs and file reporting – Log files and file level reporting is readily available through the administration console. While the detail may not be as in depth or accessible as AWS, it is still very clear and easy to use and provides critical information about the application and environment.Contractual Forensics support – From what our team was able to find there is no specific contractual guarantee or offer of forensic support for Google App Engine. The company does, however, vow to protect the environment, as it was their own.Cost of typical annual service agreement – Cost for Google App Engine is very competitive with the entry level offering being free of charge. Cost scales with the customer, over time, and without requiring a minimum fee.Usability – Usability from both a customer and forensic investigation standpoint is relatively low. To use Google App Engine effectively, everyone on the team needs to understand Java, Python and Go as well as be able to utilize Google’s API.6.3.3Microsoft Azure RatingsBased on the weighted criteria as designed by Team 1, Microsoft Windows Azure’s forensic stature was revealed. The following provide explanations for the respective criteria ratings of Microsoft Windows Azure as a cloud service provider from a forensic capabilities perspective:Logical Acquisition – Windows Azure customers do not have the ability to perform logical acquisition, but it is technically possible for a Microsoft Windows Azure support representative to do so for a fee.Sparse Acquisition – In SQL Azure it is possible to copy a database to a second SQL Azure database. SQL Azure Data Sync allows for creating offsite backups to another SQL Azure database or locally.Live Acquisition - Sparse acquisition can be done live: SQL Azure allows for copying live, running databases.Ability to install custom forensic tools – because Windows Azure provides disk space and because the customer has full control over the virtual machine operating system and software, custom forensics tools can be installed in the Windows Azure environment.Built-in forensic capability and validation – Windows Azure offers MD-5 and SHA data integrity validation options.Access to logs and file reporting – Windows Azure provides extensive reporting and logging capabilities and also Windows Azure Diagnostics. Trace events allows for finer-tuned logging as necessary. Windows Live ID is used for tracking activities.Contractual Forensics support – Microsoft Windows Azure support representatives are able to provide forensics support for a fee.Cost of typical annual service agreement - Microsoft provides competitive annual service agreements.Usability – Microsoft Windows Azure’s usability is aligned with other Microsoft products’ usability, which is commonly considered to be very acceptable.6.3.4Salesforce RatingsAnalyzing Salesforce according to the criteria designed by Team 1 revealed the true forensic capability and value of Salesforce to perform forensics in the cloud. The following, is an explanation into the reason for the score based on the scenario and Salesforce capability:Logical Acquisition – The scenario details that the reader is the Lead Security Engineer expected to carry out the Incident Handling (forensics). This rating was based on the ability for the individual to be able to perform a logical acquisition of to obtain e-evidence. After researching and speaking with a Salesforce Representative, it was determined that this capability can be performed by a Salesforce Engineer, but not by an individual Forensics Investigator.Sparse Acquisition - After researching and speaking with a Salesforce Representative, it was determined that this capability cannot be performed by a Salesforce Engineer, nor by an individual Forensics Investigator.Live Acquisition - After researching and speaking with a Salesforce Representative, it was determined that this capability cannot be performed by a Salesforce Engineer, nor by an individual Forensics Investigator.Ability to install custom forensic tools - After researching and speaking with a Salesforce Representative, it was determined that this capability cannot be performed by a Salesforce Engineer, nor by an individual Forensics Investigator.Built-in forensic capability and validation – Salesforce has a decent tracking capability to be able to triage a series of events to discover intrusion, abuse, or other forms of criminal and/or negligent behavior. The forensic capability is available only through a Salesforce Engineer who would perform and provide the necessary information, and is a pay per service feature.Access to logs and file reporting – Salesforce received great reviews on its log management practices, which are rather dynamic. The individual user/manager can access logs but are limited in the information that can be gathered. There are extremely detailed versions of logs only available via a Salesforce Engineer. The logs obtainable by the Salesforce Engineer contain much more information than the user accessible logs, are available via a pay per service feature.Contractual Forensics support – The majority of Salesforce’s forensic capability comes from its contractual forensic support with only a portion of the abilities being handled by the individual user. Logs, Logical Acquisition Capability, use of built-in forensic capability are almost entirely performed through contracted support.Cost of typical annual service agreement – Salesforce pricing is slightly below fair market value making it a great deal for small businesses and enterprises alike that are looking to move into more cloud based computing. Salesforce unique offering of Social Media interaction with their service added to the value and the rating given.Usability – Review of Salesforce customers revealed numerous responses of the best feature of Salesforce being its extremely easy to use GUI, and the organization of information for users. 7.Scenarios and Analysis7.1Cloud Forensics in Academia7.1.1ScenarioYou are the senior faculty member of The Center for Education & Research in Information Assurance & Security (CERIAS) at Purdue University.Recently a need was identified to investigate the challenges of what has become known as “cloud computing.” The need was brought on by events such as wikileaks and President Obama’s desire to have such events avoided.After a meeting with other top engineering officials in the USA, the president of Purdue University has appointed you as the lead in the investigation of cloud computing challenges.You are to put together a team of experts (within or outside of CERIAS) and develop a report, which addresses the following topics:Overview of the current state of cloud computingExamine various cloud computing products, vendors and architecturesExamine the complexity of the cloud (specifically, the issue of the ever-increasing scale of nodes)Examine security issuesDecreased knowledge of nodesTrustworthiness of nodesAccountabilityReliabilityNetwork security versus end-point securityExamine the following models in the cloudAttacksRisksTrustExamine legal aspects and consequences of using the cloudStandardizationYou are to submit the full report to the president of Purdue University in 4 weeks’ time. Once the report is received, the president of Purdue University will then brief President Obama and other interested parties on your findings.7.1.2AnalysisThe senior faculty member put together a team to conduct research. Their findings reported that between Amazon Web Services, Google App Engine, Microsoft Windows Azure and Salesforce, all top cloud computing services, Amazon Web Services was the clear leader. Amazon Web Services offers the most robust support for forensic analysis with its high ratings for acquisitions: sparse, live and especially logical. Amazon Web Services also trumped the other services in the area of being able to install custom forensics tools for analysis and investigation.7.2Cloud Forensics in a Software-as-a-Service Model7.2.1ScenarioYou are a system administrator for a large-scale web application hosted in the cloud using distributed processing power and storage. Recently, users of the application have reported that you have been sending them unsolicited, spam emails.After reviewing the log files, you realize the system has been compromised, and that the user information was accessed through the server and related cloud storage service. Closer inspection reveals that several failed login attempts were made on one of the cloud servers prior to the emails being sent out.Your management requests a full forensic analysis of the attack in order to find and mitigate the vulnerabilities. You will need to work with local law enforcement and follow corporate policy whilst handling the breach.In order to complete this task, you will need specialized software, processes, and procedures for working with cloud based infrastructure. While a full forensic analysis was requested, you may not be able to acquire an image of the entire cloud-based storage block or take a live acquisition of the cloud server’s RAM.After the analysis has been completed, you will need to prepare a report listing the evidence found, the method of verification, and any deviations from standard digital forensics procedures.7.2.2AnalysisFor a classically trained system administrator who is comfortable at the OS and service level, the clear winner amongst the cloud services is Amazon Web Services (AWS) for their EC2 distributed processing and S3 distributed storage services. The ability to do logical acquisition and view the system level log files would be critical to any forensics investigation. Furthermore, AWS is one of the few cloud services wherein the administrator could actually open and view the SMTP logs on the application server.For this particular scenario, those logs would likely contain the evidence needed to see what emails were sent, to whom, and to what end. Custom tools and legacy forensic analysis suites such as EnCase could be used on the AWS EC2 instance for fast, thorough exploration of all of the relevant data. Essentially, AWS is the closest we can get to a physical hardware acquisition in the cloud. In a case like this one, it is important that our methods closely match that of traditional digital forensics, as we will need the evidence to be admissible in court.7.3Cloud Forensics in the Public Sector7.3.1ScenarioYou are the Lead Security Engineer (on the Incident Handling Team) for the government intelligence agency, We Don’t Exist (WDE). A year ago after performing a thorough cost-benefit analysis, WDE decided to use the cost saving and footprint consolidation benefits of moving their data and applications to the cloud. Thus far everything has been a success – cost benefits clearly visible and the infrastructure is more efficient and easily managed – until one day you get a call from the government Project Manager. The PM is asking you to investigate a possible computer use policy abuse case, regarding a former system admin who was part of the cloud implementation team last year. The Project Manager explains that their request is for you to investigate possible abuse of Internet privileges pertaining to the employee operating a business, utilizing government resources, and the viewing of inappropriate material to include anti-government websites and wikileaks. The electronic evidence you pull will be included in a Federal case involving the former employee, including testifying on stand your findings from the investigation. The Project Manager has provided you the hard drive you need for your investigation, analysis, and completed report due two weeks from today.The only requirement is that you use the following tools for your investigation, as they are trusted and virtually always permissible in court: EnCase, ProDiscover, and WinHex. The Project Manager expects for you to be able to explain your steps taken in detail as well as to have a well-written report completed within the two weeks.7.3.2AnalysisAfter analyzing Salesforce’s capabilities compared to the requirements/needs of the scenario, it is decided that Salesforce does not meet the requirements of the scenario. Through further analyzing and rating the other Cloud computing services it is decided that AWS would best meet the needs to fulfill the scenario, with the major decision point being AWS’ ability to provide Logical and Sparse Acquisition, as well as the ability to incorporate and install custom forensic tools which would allow for the installation and use of EnCase and ProDiscover for forensic investigation.7.4Cloud Forensics at an Enterprise Level7.4.1ScenarioYou are a principal systems architect at a large (10,000+ employees) corporation that provides a number of products and services to both – the public, and private sector. These products include highly sophisticated defense equipment, as well as software that are part of the overall national infrastructure. Due to the nature of contracts, commitments, and customer expectations, forensic analysis is an absolute requirement for all internal and external IT infrastructure and processes.The Corporation, however, has been faced with tough budgeting decisions due to the current economic climate, and cost-cutting challenges have been issued to the IT department. As a cost-effective, and modernization solution, the Vice President of Research Engineering tasks you with investigating porting their entire IT infrastructure to the cloud, and if this would be cost effective. Per your expertise in distributed systems and cloud computing, you are convinced that the redesigned solution will offer the following benefits:Elastic demand and supply of data, eliminating the possibility of under-provision, or over-provision of in-house IT infrastructure and capabilitiesUtilization of Software-as-a-Service, or Infrastructure-as-a-Service, which assists in eliminating in-house IT positions, and subsequent healthcare and other costsConsolidation of facilities, elimination of in-house servers, and contributions to ‘Green IT’Constant availability / up-time SLAs ensuring Business Continuity and Disaster Recovery have been accounted forHowever, you are concerned with the forensic capabilities offered by various cloud-computing vendors: Amazon, Google, Microsoft, and Salesforce. You decide to engage a couple of forensic analysts to perform a trade study on the products offered by the above-mentioned companies, with the following criteria in mind:Imaging capabilities for Cloud solutionsLive and remote acquisitionsUtilization and effectiveness of: EnCase, ProDiscover, dcfldd, and WinHex – which are the Corporation’s favored forensic toolsBased on the results of this trade study, cloud solutions are to be rated on a favorability scale from 1 – 100, with a minimum score of 60 required for further consideration of any product. The product will then be recommended to the Vice President, who will begin contractual negotiations with the vendor.7.4.2AnalysisAs a result of the ratings obtained in Section 6.2 that would have been used within the trade study, it is evident that Google App Engine and Salesforce do not satisfy the minimum score criteria of 60. Amongst the products that do qualify – AWS and Microsoft Azure, AWS not only boasts of a much higher score [82.0], but also provides the Corporation with a choice of Windows and/or UNIX environments. Furthermore, it operates with authorization by the Federal ?Information Security Management Act [FISMA] – which is important to the corporation due to the nature of its defense related work and dealing with the government. As such, all information gathered during the trade study is presented to the VP of Research Engineering, along with a recommendation to obtain a corporate subscription to AWS to enable cost savings while still allowing the corporation to conduct forensic analysis as desired, and leverage AWS’ customer services as needed.8.Project WebsiteThe team built a website to share our research on Cloud Forensics. The website is broken down into four sections. The first is the Home page where you can read about the need for Computing Forensics. In the second section, Product Analysis, one can review each of the four cloud services that have been highlighted in this paper. Third is the Scenarios section where one can read examples of how Cloud Forensics affects the world. Examples include the public sector, at the enterprise level, a Software-as-a-Service model and from academia. Lastly, the About page where one can learn more about Team 1’s Cloud Forensics project. On the right-hand-side of the website, this paper is available for download. The link to the website is as follows: conclusion, the team covered several topics related to Cloud Forensics, starting with an overview of what Cloud Computing is and what it has to offer.Cloud Computing is a set of services which provide virtual computation, software, and data access and storage solutions. Cloud Computing offers Software-as-a-Service, Platform-as-a-Service and Infrastructure-as-a-Service.Cloud Computing is currently used to predominately to provide more control of computing resources to the end-user. It also greatly improves customers’ technological infrastructure by making it more agile. Cost reduction, reliability and scalability for the customer are large drivers in the decision to make the move to Cloud Computing.The team covered justification and needs of Cloud Forensics. Advantages of using Cloud Computing for forensic analysis include reduced evidence acquisition times, service downtime, evidence transfer time and image acquisition time. There is a growing demand for Cloud Computing because of its reliability and affordability; as a result, there are growing needs for Cloud Forensics. Forensic tools specific to Cloud Computing are needed to mitigate issues such as the volatility of memory, data ownership and boundaries, diminished access to network components and inability to access logs.Finally, the team explored four top Cloud Computing services: Amazon Web Services, Google App Engine, Microsoft Windows Azure and Salesforce. For each service the team provided an overview, detail of its forensic capabilities and a rating to show how it stands against other services per particular criteria.AppendicesAppendix A: Project Plan and TimelineMilestone 1: Project ProposalActionAssigneesDate(s)Project TitleAllOctober 1Project OverviewShaan MulchandaniOctober 5Project ObjectivesShaan MulchandaniOctober 5Project Plan & TimelineAllOctober 5Amazon Web Services Literature ReviewShaan MulchandaniOctober 5 – 7Google App Engine Literature ReviewWilliam RigginsOctober 5 – 7Microsoft Azure Literature ReviewAmanda BennettOctober 5 – 7Salesforce Literature ReviewTerry BazemoreOctober 5 – 7Cloud Computing Forensics Literature ReviewAllOctober 5 – 7Preliminary CitationsAllOctober 5 – 8Proposal CompilationShaan MulchandaniOctober 5 – 8Proposal ReviewAllOctober 8Milestone 2: Project Report and Website DevelopmentActionAssigneesDate(s)AWS Forensic Capabilities, ServicesShaan MulchandaniOctober 9 – November 20Google App Engine Forensic Capabilities, ServicesWilliam RigginsOctober 9 – November 20Microsoft Azure Forensic Capabilities, ServicesAmanda BennettOctober 9 – November 20Salesforce Forensic Capabilities, ServicesTerry BazemoreOctober 9 – November 20Scenario 1 EvaluationAmanda BennettNovember 3 – November 20Scenario 2 EvaluationWilliam RigginsNovember 3 – November 20Scenario 3 EvaluationTerry BazemoreNovember 3 – November 20Scenario 4 EvolutionShaan MulchandaniNovember 3 – November 20Report CompilationShaan Mulchandani & Amanda BennettNovember 20 – December 12Report ReviewAllDecember 1 - 12Website Design & DevelopmentAllNovember 1 – December 12Milestone 3: Project PresentationActionAssigneesDate(s)Final PresentationAllNovember 20 – November 29Appendix B: References"About AWS." Amazon Web Services. Web. 08 Oct. 2011. < Web Services: Overview of Security Processes May 2011 , Diane, and Gregory Kipper. "Virtual Environments and Compliance." Virtualization and Forensics: a Digital Forensic Investigator's Guide to Virtual Environments. Amsterdam: Syngress/Elsevier, 2010. 206-08. Print.Baving, Rudy, & Burke, Wayne (2011). Cyber Forensics in the Cloud: Challenges and Best Practices. Retrieved 17 November 2011, from , Dominik. (2011, January). Technical Challenges of Forensic Investigations in Cloud Computing Environments. Retrieved 17 November 2011, from . 96b,00.htm?new_comment.Coffee, Peter. "When the Cloud Knows Where You Are - The Cloud." Salesforce. Web. 08 Oct. 2011. < Fri, Bernard. "Cloud CIO: The Two Biggest Lies About Cloud Security ." . 27 May 2011. Web. 08 Oct. 2011. <, Haggerty, Lamb & Taylor. (2011). Forensic Investigation of Cloud Computing.How to: Export a Data-tier Application (SQL Azure). (2011). MSDN Library. Retrieved 17 November 2011, from "ISO/IEC 27001 Certification Standard." ISO27k Infosec Management Standards. Web. 08 Oct. 2011. <, Charlie, and Ramanathan VenkatapathyAbstract. "Windows Azure Whitepapers | Cloud Computing Whitepapers | Windows Azure Platform." Windows Azure Security Overview. Microsoft. Web. 08 Oct. 2011. <. Cloud Computing and the Forensic Challenges."Microsoft's Windows Azure: What a Difference a Year Makes | ZDNet." Technology News, Analysis, Comments and Product Reviews for IT Professionals | ZDNet. Web. 08 Oct. 2011. < Diagnostic Models. (2011, October). Windows Azure. Retrieved 17 November 2011, from , D.; Wren, C.; Berry, T.; "Cloud computing: Forensic challenges for law enforcement," Internet Technology and Secured Transactions (ICITST), 2010 International Conference for , vol., no., pp.1-7, 8-11 Nov. 2010 URL: "Security Statement - ." CRM, the Cloud, and the Social Enterprise - . Web. 08 Oct. 2011. <;."Sales Force Automation - ." CRM, the Cloud, and the Social Enterprise - . Salesforce. Web. 08 Oct. 2011. < Azure Backup and Restore Strategy. (2011). Microsoft TechNet Wiki. Retrieved 17 November 2011, from , Jonathan. (2011). Crypto Services and Data Security in Windows Azure. Retrieved 17 November 2011, from "Windows Azure Platform | Microsoft Cloud Services." Microsoft. Web. 08 Oct. 2011. <, Stephen D. "Overcast: Forensic Discovery in Cloud Environments," imf, pp.3-9, 2009 Fifth International Conference on IT Security Incident Management and IT Forensics, 2009 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download