Wednesday, December 23, 2015

Rackspace Cloud Forensics: The Challenges

Rackspace is one of the most popular cloud computing and hosting company. The main motive of Rackspace is to save customer’s time; money and worry of managing their own IT infrastructure. It has two service types - Managed (on-demand services are provided and user can contact Rackspace whenever needed) and Intensive (active services with additional consultations about their server configuration). Both the services are received through email, phone, live chat etc. Majority of Rackspace customers are cloud customers. The user of Rackspace gets the service by giving payment on monthly basis and they may demand more as per their requirement with extra charges.

Users of Rackspace get privileges to use domain names that help in in-depth investigation on user’s mailbox during Rackspace cloud forensics. The Rackspace account can be synchronized with Outlook and Mac Mail account. The page will be discussing on how to perform Rackspace webmail analysis and extract artifacts so that it can be used in Investigations.

Why Investigation on Rackspace Webmail is Required?

The growth rate of Rackspace users has been increasing tremendously every year with more than 80 percent of users opting for Rackspace’s cloud computing services. As the number of cyber-crimes is increasing day by day, especially in corporate level, the requirement of investigation has also seen an eminent rise. eDiscovery experts are doing everything they can, to get into the evidence by applying applicable techniques and applications.

The first step of investigation team is to search every single data related to the suspect. If the suspect has been using Rackspace for hosting his account, the analysis of contents of the account is necessary for the investigation. However, the task of extracting mail items of the account is not an easy task as it is possible only when the person has admin user credentials. Not every company gives access to the credentials due to fear of losing the workflow of their organization. There are tools that could help in extracting the contents of the account. Using them, the investigators can analyze the mails and help in solving the Rackspace cloud forensics investigation cases.

Challenges of Rackspace Webmail Analysis

The benefits of cloud computing services like Rackspace are well known but there are drawbacks too that make an impact on its overall benefits. The forensic investigators need to have access on the Rackspace account in order to analyze the contents. The access to Rackspace account is available only in paid version. Many times, it is very difficult for forensic investigation teams to trace the data stored in cloud. Some of the challenges are as follows:

  • Lack of Acquisition: The data in Rackspace webmail is sectioned into single data structures, which is again divided into elements. It makes the process of identifying and acquiring data very tough. Data that lacks preservation and integrity would not help much in investigations. For Rackspace cloud Forensics, it is necessary for data to be preserved in its original form without losing data integrity, as those data will be used in criminal investigations.
  • Evidence Spoliation: The data in cloud is scalable, which means data from several organizations can occupy the same sector of storage media at some point of time or other. Therefore, the investigation team may unknowingly acquire data of company A when company B is being investigated.
  • Accessibility: Not all the data are stored at same location. If data is stored in some country with no data privacy or security laws, investigators could find it difficult to access data for analysis purposes. 
In order to overcome the challenges faced by data stored in cloud computing environment like Rackspace, we need to get the physical access of the data located in the cloud. It can be done by either contacting Cloud Server Administrator to get all the mails of the account associated with the cloud. Another option is to use a Rackspace cloud forensics utility to help in accessing the mails on local machine. Getting the physical access of data is required because any evidence should be available in a court admissible format. It must be ensured that the data is authentic and verifiable without any modifications. Rackspace webmail analysis must meet all the standards of investigation that involves physical acquisition of evidence and imaging so that evidence can be used for forensic investigation purpose.

No comments:

Post a Comment