Forensics in the Cloud

Rob Lee of SANS Institute on Unique Challenges, Careers

By , July 26, 2011.
Forensics in the Cloud
Read Transcript

Performing digital forensics in the cloud isn't necessarily a new discipline, says Rob Lee of SANS Institute. But the task definitely requires a whole new mindset and some new skills from investigators.

"For many years, analysts have felt that the only way to perform perfect forensics was to have access to the original hard drive," says Lee, who is the curriculum lead for digital forensics training at SANS. "But in this instance, you're not going to be able to say it's all-encompassing of the data from just that one system because of all the remote locations where the data can be stored. So, I think there's going to be a reduction on the necessity to do the standard tag-and-bag, remove-the-hard-drive approach for cases involving mobile devices and [tablet computers] that have a major connection into the cloud."

The new challenges require new skills, Lee says. In many ways, one needs to be a jack-of-all-trades. "To a certain extent, the skills required are flexibility and a major capacity to be able to learn on the fly," Lee says. "You can't point to a certain area and say 'Focus on learning X.'"

In an exclusive interview on digital forensics in the cloud, Lee discusses:

  • Identifying and overcoming key challenges;
  • The new skills required for forensics in the cloud;
  • Advice for those looking to shift their career into forensics.

Lee, curriculum lead for digital forensic training at SANS Institute, has more than 13 years experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response. Rob graduated from the U.S. Air Force Academy and served in the U.S. Air Force as a founding member of the 609th Information Warfare Squadron, the first U.S. military operational unit focused on Information Operations. Later, he was a member of the Air Force Office of Special Investigations where he conducted computer crime investigations, incident response, and computer forensics.

In past roles, he directly worked with a variety of government agencies in the law enforcement, Dept. of Defense, and intelligence communities where he was the technical lead for a vulnerability discovery and exploit development team, lead for a cyber forensics branch, and led a computer forensic and security software development team. Rob also coauthored the bestselling book, Know Your Enemy, 2nd Edition.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Cybersecurity: Whose Job Is It?

Most organizations are still doing poor jobs of adequately communicating threat information, even...

Latest Tweets and Mentions

ARTICLE Cybersecurity: Whose Job Is It?

Most organizations are still doing poor jobs of adequately communicating threat information, even...

The ISMG Network