Title :
Overcast: Forensic Discovery in Cloud Environments
Author :
Wolthusen, Stephen D.
Author_Institution :
Norwegian Inf. Security Lab., Gjovik Univ. Coll., Gjovik, Norway
Abstract :
While best practices and standards are emerging, supported by advances in research, for forensic investigations in individual computer systems and networks, new challenges are arising, which threaten to more than make up for the ground gained by investigators and researchers. In this paper we review some of the challenges posed by the increasingly common use of highly distributed and complex systems in a number of environments and attempt to outline a research agenda for investigations potentially spanning multiple jurisdictions, large numbers of distributed systems and services, and stretching out over extended periods of time, noting that - despite a strong focus on core areas of computer science and mathematics - there is an inherent strong need for interdisciplinary work linking the requirements and concepts of evidence arising from the legal field to what can be feasibly reconstructed and inferred algorithmically or in an exploratory manner.
Keywords :
distributed processing; forensic science; cloud environment; complex system; computer network; computer system; distributed system; forensic discovery; forensic investigation; Cloud computing; Computer networks; Computer security; Data structures; Digital forensics; Distributed computing; Information security; Law; Legal factors; Physics computing;
Conference_Titel :
IT Security Incident Management and IT Forensics, 2009. IMF '09. Fifth International Conference on
Conference_Location :
Stuttgart
Print_ISBN :
978-0-7695-3807-5
DOI :
10.1109/IMF.2009.21
