2013 Symposium Posters

Project Members
Susan Fowler

Abstract The issues of privacy and security are an important consideration to a forensic analyst. For example, if data capture compromises confidentiality or creates a security breach, the remaining steps may also be compromised or rendered useless. The considerations of private and public cloud environments and the collection of data within them add another angle. Additionally, as network forensics is an emerging discipline, the issue of privacy for both the provider and the consumer may not be well defined or established through policies and procedures. The main audience for this topic would be the investigator themselves as obtaining data while maintaining privacy and security for both the provider and the customer is the primary goal. Secondary stakeholders in this topic would be the providers and customers. While both providers and customers would have concerns, providers would be especially concerned with security, privacy and integrity during the data capturing process. Depending on the terms of service in use, the software as a service or SaaS provider may be vulnerable to legal recourse should a customer experience loss or exposure of data to security breaches. The primary method of answering this question will be through research of current forensic practices and tools as well as policies and procedures currently in place with regard to SaaS privacy and security. While this list is not exhaustive, some of the issues to be discussed are: end sides (client and provider) data collection and intermediary data collection with respect to data artifacts, collection, jurisdictional and confidentiality considerations. Further, the two main deployment models of private and public clouds will be discussed with regard to the research criteria posed. Keywords: Privacy, Security, network forensics, SaaS