The Cloud Security Alliance has formed a new working group that will focus on examining incident handling and forensics in cloud environments. The new Incident Management and Forensics Working Group was formed to create a better understanding of the cloud forensics industry, and in so doing, the group is publishing its first white paper.

What better way to kick things off than with a white paper that examines the basics of cloud forensics? Titled "Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing," the white paper was written to help researchers, data governance experts and forensic practitioners define standardized processes for conducting forensic investigations, ediscovery and other security apsects common within multitenant, highly virtualized environments.

"The objective of this new CSA Working Group is to define best practices that consider the legal, technical and procedural elements of responding to security incidents in the cloud in a forensically sound way," said Dominik Birk, co-chair of the CSA Incident Management and Forensics Working Group, in a prepared statement. "This initial white paper represents a significant effort on behalf of numerous individuals and marks an important first step in conducting proper forensic investigations in cloud environments following a security incident."

The working group is co-chaired by Birk, who spends his days working in forensics for Zurich Insurance Company, and Michael Panico of Stroz Frieberg.

The working group has plans to release a second white paper during the fourth quarter of 2013 under the title, "Developing a Capability Maturity Model (CMM) for Incident Management and Forensics in Cloud Environments."

The first white paper is available as a free download via the Cloud Security Alliance website.