Title :
Remote Programmatic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept
Author :
Martini, Ben ; Choo, Kim-Kwang Raymond
Author_Institution :
Inf. Assurance Res. Group, Univ. of South Australia, Adelaide, SA, Australia
Abstract :
With the increasing popularity of cloud services and their potential to either be the target or the tool in a cybercrime activity, organizational cloud services users need to ensure that they are able to collect evidential data should they be involved in litigation or a criminal investigation. In this paper, we seek to contribute to a better understanding of the technical issues and processes regarding collection of evidential data in the cloud computing environment. Using VMware vCloud as a case study in this paper, we describe the various artefacts available in the cloud environment and identify several forensic preservation considerations for forensics practitioners. We then propose a six-step process for the remote programmatic collection of evidential data to ensure as few changes as possible are made as part of evidence collection and that no potential evidence is missed. The six-step process is implemented in a proof of concept application to demonstrate utility of the process.
Keywords :
cloud computing; computer crime; digital forensics; VMware vCloud; cloud computing; cybercrime activity; evidential data; organizational cloud services; proof of concept; remote programmatic vCloud forensics; Catalogs; Cloud computing; Forensics; Organizations; Ports (Computers); Servers; Standards organizations; Cloud forensics; Remote cloud forensic process; Remote evidence collection; Remote evidence preservation; vCloud;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2014 IEEE 13th International Conference on
Conference_Location :
Beijing
DOI :
10.1109/TrustCom.2014.124
