Forensic data pertaining to security incidents happening in cloud environments are left behind both on the CSCs and CSPs sides. Investigating cloud security incidents generally starts at the CSCs side. Identifying sources of forensic data and collecting them on the CSCs side is therefore deemed as a vital part of the cloud investigation process [12]. In order for the forensic data to be used as evidence, in cloud forensics, data have to be collected as early as possible in their sterile state. That is, forensic data residing in the cloud can purposefully or inadvertently be erased by the stakeholders. Similarly, it can also be erased by the cloud resources due to system configuration. For instance, the web browser history and session logs can be configured to be overwritten or erased after a specific period or when the file size reaches the configured maximum limit.

Download Encase Forensic V6 17 Full 82

2ff7e9595c