Automated Forensic Data Acquisition in the Cloud

Author

Reichert, Zachary ; Richards, Katarina ; Yoshigoe, Kenji

Author_Institution

Div. of Inf. Technol. & Sci., Champlain Coll., Burlington, VT, USA

fYear

2014

fDate

28-30 Oct. 2014

Firstpage

725

Lastpage

730

Abstract

Movement of businesses and individuals to the cloud has posed many new complications for digital forensic investigators. This is due to a multi-tenant environment on cloud servers, chain of custody problems, globalization of data, and the inability of the Cloud Service Provider (CSP) to keep logs of everything within their network. This paper proposes a practical solution that can be implemented to mitigate the challenges with minimal to no CSP upkeep. Our model builds upon and adds to existing models and solutions including network monitoring for Infrastructure as a Service and snapshot capabilities to provide forensic evidence. We propose to utilize the automation of snapshots and an open-source tool, Google Rapid Response (GRR), set off by a hypervisor-based intrusion detection system in order to collect forensic evidence. Finally, we discuss the ideal implementation of our model and the future research direction.

Keywords

cloud computing; data acquisition; digital forensics; CSP; GRR; Google Rapid Response; automated forensic data acquisition; cloud service provider; digital forensic investigators; hypervisor-based intrusion detection system; infrastructure as a service; network monitoring; open-source tool; Computational modeling; Databases; Forensics; Intrusion detection; Servers; Virtual machine monitors; Virtual machining; cloud forensics; automated snapshots; hypervisorbased intrusion detection systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Mobile Ad Hoc and Sensor Systems (MASS), 2014 IEEE 11th International Conference on

Conference_Location

Philadelphia, PA

Print_ISBN

978-1-4799-6035-4

Type

conf

DOI

10.1109/MASS.2014.135

Filename

7035772