Cloud Authentication and Forensics

Monograph no. 69

Kim-Kwang Raymond Choo, Jill Slay

Criminally motivated individuals will seek to exploit opportunities to avoid prosecution, such as using the latest technologies (e.g. cloud computing and services) to enhance their operations and to evade law enforcement scrutiny. This report highlights and provides a better understanding of some of the key contemporary areas impacting on successful cloud forensic investigations. For example, one significant impediment to successful remote evidence collection is the need for forensic practitioners to have the capability to bypass access control restrictions in order to collect evidence remotely. Using Cloud Foundry (CF) as a case study, the authentication component of CF is analysed in some detail, focusing on the user and OAuth client data stored by CF, and the type, format and utility of the tokens issued by CF. Techniques for exploiting this authentication token implementation for the purpose of digital forensic collection are also discussed, including re-signing tokens with changed attributes (e.g. extended expiries and escalated privileges).