Using Open Source Based Distributed Agents to Perform Digital Investigation in Virtual Environments

To solve the challenges of digital investigation in virtual environments, we propose the use of distributed agents to ensure valid and continuous network traffic observations in these environments. As one of the most relevant new evolution in information technology, cloud computing demands a flexible and highly dynamic infrastructure, provided by the virtualization of systems, networks and storage. However investigating computer related crime in these environments a necessity. Current techniques like computer or network forensic investigation are not suitable for these environments. The migration of virtual machines changes the environment permanently, thus every running investigation is aggravated. Our approach of open source based, distributed agents is able to implement viable investigations in these virtual environment.

[1]  Aaron Walters,et al.  The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory , 2014 .

[2]  Tobias Eggendorfer,et al.  Using network data to improve digital investigation in cloud computing environments , 2015, 2015 International Conference on High Performance Computing & Simulation (HPCS).

[3]  Lawrence Kreeger,et al.  Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks , 2014, RFC.

[4]  Brian D. Carrier,et al.  Open Source Digital Forensics Tools The Legal Argument 1 , 2003 .

[5]  Steven Furnell,et al.  Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions , 2013, 2013 Information Security for South Africa.

[6]  James E. Smith,et al.  Virtual machines - versatile platforms for systems and processes , 2005 .

[7]  Olivier Festor,et al.  Anomaly traceback using software defined networking , 2014, 2014 IEEE International Workshop on Information Forensics and Security (WIFS).

[8]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[9]  Alan T. Sherman,et al.  Design and Implementation of FROST - Digital Forensic Tools for the OpenStack Cloud Computing Platform , 2016 .

[10]  John B. Carter,et al.  SDN traceroute: tracing SDN forwarding without changing network behavior , 2014, HotSDN.

[11]  Tobias Eggendorfer,et al.  Challenges of Network Forensic Investigation in Virtual Networks , 2016, J. Cyber Secur. Mobil..

[12]  Pankaj Garg,et al.  NVGRE: Network Virtualization Using Generic Routing Encapsulation , 2015, RFC.

[13]  Tobias Eggendorfer,et al.  Network forensic investigation in OpenFlow networks with ForCon , 2017 .