In recent years, cloud computing has become popular as a cost-effective and
efficient computing paradigm. Unfortunately, today's cloud computing
architectures are not designed for security and forensics. To date, very little
research has been done to develop the theory and practice of cloud forensics.
Many factors complicate forensic investigations in a cloud environment. First,
the storage system is no longer local. Therefore, even with a subpoena, law
enforcement agents cannot confiscate the suspect's computer and get access to
the suspect's files. Second, each cloud server contains files from many users.
Hence, it is not feasible to seize servers from a data center without violating
the privacy of many other users. Third, even if the data belonging to a
particular suspect is identified, separating it from other users' data is
difficult. Moreover, other than the cloud provider's word, there is usually no
evidence that links a given data file to a particular suspect. For such
challenges, clouds cannot be used to store healthcare, business, or national
security related data, which require audit and regulatory compliance. In this
paper, we systematically examine the cloud forensics problem and explore the
challenges and issues in cloud forensics. We then discuss existing research
projects and finally, we highlight the open problems and future directions in
cloud forensics research area. We posit that our systematic approach towards
understanding the nature and challenges of cloud forensics will allow us to
examine possible secure solution approaches, leading to increased trust on and
adoption of cloud computing, especially in business, healthcare, and national
security. This in turn will lead to lower cost and long-term benefit to our
society as a whole.