Cyber Crime Scene Investigations (C²SI) through Cloud Computing

Cloud computing brings opportunities for network forensics tracing Internet criminals in the distributed environment. We may use the new “pay-as-you-go” model of the cloud computing to deploy the on-demand cyber surveillance sentinels and conduct distributed trace back in complicated cyber crime scene investigations. To trace criminals abusing anonymous communication networks such as Tor, law enforcement can deploy high-bandwidth Amazon EC2 sentinels into the Tor network. Some sentinels are configured as Tor entry guards and others work as Tor exits nodes. With the high bandwidth and appropriate number of such sentinels, we can achieve a required probability that a Tor circuit passes through an entry sentinel and an exit sentinel in order to capture the suspects. The proposed “pay-as-you-go” traceback model is cost-effective since the investigation may last for just hours with effective traceback techniques. Our experiments demonstrate the feasibility of this new traceback strategy through the cloud.