SaaS Incident Response: Evidence Provenance in a Cloud Service
Project Members
Jake Kambic, Dr. Samuel Liles
Jake Kambic, Dr. Samuel Liles
The purpose of this project was to analyze the origins of evidence in a cloud service, specifically targeting the Software as a Service (SaaS) business model. Due to the high volatility of cloud services, their abstract nature, and the physically dispersed infrastructure upon which they are based, forensic collection and analysis in the cloud is not realistically feasible. However, techniques for gathering evidence which can produce reasonably accurate results do exist. For this reason, an analysis of Incident Response in the cloud was undertaken, with the expressed purpose of identifying places where evidence is located in an SaaS cloud environment and the determining the level of effort required to acquire that evidence.