Last week, Pavel and I gave an invited talk at InfoSecurity Russia 2012. From Digital FIRE:
Our talk explored the issues of digital forensics in the cloud environment. The first part of the talk introduced the concepts of cyber crime investigations and the challenges faced by the digital forensic practitioners. The second part of the talk explored investigative difficulties posed by cloud computing. A possible approach to dealing with some of these difficulties based on I-STRIDE methodology was then outlined.
Discussed security challenges with Cloud environments are further elaborated on in our chapter "Digital Forensics and Cloud Computing" that can be found in Cybercrime and Cloud Forensics: Applications for Investigation Processes. Some investigation challenges were introduced based on the work of our friends at CloudForensicsResearch.org, with a few of my own thoughts added. Finally, a very quick overview of the Investigation STRIDE (I-STRIDE) model was given to attempt to help investigators and first responders identify potential sources of evidence, their jurisdiction, and other factors that may effect the admissibility of evidence extracted from a Cloud Service Provider.
Image from Koraxdc