Title :
Automated Forensic Data Acquisition in the Cloud
Author :
Reichert, Zachary ; Richards, Katarina ; Yoshigoe, Kenji
Author_Institution :
Div. of Inf. Technol. & Sci., Champlain Coll., Burlington, VT, USA
Abstract :
Movement of businesses and individuals to the cloud has posed many new complications for digital forensic investigators. This is due to a multi-tenant environment on cloud servers, chain of custody problems, globalization of data, and the inability of the Cloud Service Provider (CSP) to keep logs of everything within their network. This paper proposes a practical solution that can be implemented to mitigate the challenges with minimal to no CSP upkeep. Our model builds upon and adds to existing models and solutions including network monitoring for Infrastructure as a Service and snapshot capabilities to provide forensic evidence. We propose to utilize the automation of snapshots and an open-source tool, Google Rapid Response (GRR), set off by a hypervisor-based intrusion detection system in order to collect forensic evidence. Finally, we discuss the ideal implementation of our model and the future research direction.
Keywords :
cloud computing; data acquisition; digital forensics; CSP; GRR; Google Rapid Response; automated forensic data acquisition; cloud service provider; digital forensic investigators; hypervisor-based intrusion detection system; infrastructure as a service; network monitoring; open-source tool; Computational modeling; Databases; Forensics; Intrusion detection; Servers; Virtual machine monitors; Virtual machining; cloud forensics; automated snapshots; hypervisorbased intrusion detection systems;
Conference_Titel :
Mobile Ad Hoc and Sensor Systems (MASS), 2014 IEEE 11th International Conference on
Conference_Location :
Philadelphia, PA
Print_ISBN :
978-1-4799-6035-4
DOI :
10.1109/MASS.2014.135
