82
management) should be set down to ensure an orderly and controlled
procedure.
An organisational structure encompassing Cloud users, Cloud providers and
other interested parties should be created as well. Such an organisation
should contain members with forensic, Cloud, organisational and legal
expertise.
35
After all, forensic analyses have legal implications. Requirements ensuing
from the Data Protection Act, Telecommunications Act or labour law must
be taken into account. Enterprises that avail themselves of Cloud services
should ask these questions before an investigation proves necessary.
Arrangements should be made with lawyers and staff councils on how these
investigations should proceed. A procedure should then be set with the
Cloud provider which can be initiated in the event of an investigation.
Cloud opportunities
Thus far we have seen the Cloud in relation to computer forensics as the
'
scene of the crime' from which data is collected and analysed. Yet the Cloud
may actually prove to be more of a solution for computer forensics, i.e.
Forensics as a Service. After all, the analysis of mass data requires a great
deal of storage space and machine time. As the Cloud is so scalable and
flexible, it could amply satisfy those requirements in a relatively short span
of time. In addition, it can be quite costly to acquire the necessary software
and training staff, instead enterprises could purchase these services from
the Cloud for the duration of the project.
3.2.6
Secure access – centralised administration
36
Access to Cloud services is dependent on certain technological and
organisational procedures:
How is access provided?
If from an external source, is access provided via VPN of a direct
internet connection?
With or without encryption? If with encryption, to what bit length of
keys?
35
Cf.
Cloud forensics: An overview
.
Ed.: Centre of Cybercrime Investigations, University College
Dublin
36
Cf. Dr. Tobias Höllwarth (Ed.),
The Way in the Cloud
,
Chapter 2.8.3
et sqq
.
and 6.2.5