Abstract:
The cloud has exacerbated the difficulty of digital forensic investigations because data may be spread over an ever-changing set of hosts and data centers. The normal search and seizure approach digital forensic investigators tend to follow does not scale well in the cloud because it is difficult to identify the physical device�s data resides on. The location of these devices is often unknown or unreachable. A solution to identifying the physical devices can be found in data provenance. Similar to the tags included in an email header indicating where the email originated from, a tag added to data as it is accessed both in and out of the cloud identifies where the data has been. If such a trace can be provided for data in the cloud, it may ease the investigating process by indicating where the data can be found to be able to continue with the investigation. In this research, the author proposes the development of a Digital Passport that aims to provide a detailed history of where user data came from and where it has been since it came under the control of a cloud service provider. The Digital Passport further provides the user with access control, allowing the user to choose the location from where the digital passport may be accessed. The ability to control access to the digital passport regarding its location holds many advantages for cloud service providers, users and digital forensic investigators alike. The digital passport provides digital forensic investigators with a clear audit log of where the data has been. The digital passport furthermore holds the advantage that digital forensic investigating teams are not limited by jurisdictional issues that grant them only limited access to the data they need. Because of location-based access control, it is possible to ensure the data does not move into a jurisdiction that is outside the control of the cloud service provider.
