Lab Manager | Run Your Lab Like a Business

Digital Crime-Fighters Face Technical Challenges with Cloud Computing

The National Institute of Standards and Technology (NIST) has issued for public review and comment a draft report summarizing 65 challenges that cloud computing poses to forensics investigators who uncover, gather, examine and interpret digital evidence to help solve crimes.

by National Institute of Standards and Technology
Register for free to listen to this article
Listen with Speechify

Image credit: Sam Johnston, Wikimedia CommonsThe report, NIST Cloud Computing Forensic Science Challenges,* was prepared by the NIST Cloud Computing Forensic Science Working Group, an international body of cloud and digital forensic experts from industry, government and academia. 

Through the report, the working group aims to initiate a dialogue on forensic science concerns in cloud computing ecosystems. "The long-term goal of this effort," explains NIST’s Martin Herman, co-chair of the working group, "is to build a deeper understanding of, and consensus on, the high-priority challenges so that the public and private sectors can collaborate on effective responses." 

The ultimate in distributed computing, cloud computing** is revolutionizing how digital data is stored, processed and transmitted. It enables convenient, on-demand network access to a shared pool of configurable computing resources, including servers, storage and applications. 

Get training in Lab Quality and earn CEUs.One of over 25 IACET-accredited courses in the Academy.
Lab Quality Course

Benefits include cost savings, convenience and greater flexibility in how businesses and other consumers employ information technology. 

The characteristics that make this new technology so attractive also create challenges for forensic investigators who must track down evidence in the ever-changing, elastic, on-demand, self-provisioning cloud computing environments. Even if they seize a tablet or laptop computer at a crime scene, digital crime fighters could come up empty handed if these devices are linked to pooled resources in the cloud. 

Technical challenges—the focus of the draft report—abound, but almost all intersect with legal and organizational issues. The 65 challenges that the working group identified are divided among nine categories. These include architecture, data collection, analysis, standards, training and "anti-forensics" such as data hiding and malware. 

These technical challenges "need to be understood in order to develop technology and standards-based mitigation approaches," the draft report says.

The NIST Cloud Computing Forensic Science Working Group is requesting comments from the public by July 21, 2014, on the draft of NIST Cloud Computing Forensic Science Challenges. The draft is available at; the comment template can be downloaded from

* NIST Cloud Computing Forensic Science Working Group. NIST Cloud Computing Forensic Science Challenges (Draft) (NIST Interagency Report 8006). June 2014. Available at

**P. Mell and T. Grance. The NIST Definition of Cloud Computing (NIST Special Publication 800-145). September 2011. Available at