Chapter 17: The Challenges of Cloud Computing and Virtualization

The use of virtualized environments, whether it’s in conjunction with a cloud service or not, presents several clear challenges for law enforcement entities. Traditionally, data involved in a computer crime could be obtained by analyzing the hard drives of the system(s) involved. Pertinent data is expected to be found in allocated space or deleted and somewhere in unallocated space. Forensic applications such as EnCase and FTK could then be used to run specialized queries against the binary data to discover evidence. With cloud computing, applications and user data no longer exist on the hard drive. Service providers now need to work with law enforcement (and vice versa) to investigate ...