Using network data to improve digital investigation in cloud computing environments

With the rise of cloud computing environments and the increasingly ubiquitous utilization of its opportunities, the amount of data analysed in a traditional digital forensic examination is increasing significantly, thus increasing the risk to miss evidence. Without adopting new methodology or different approaches investigators are unable to guarantee a valid digital forensic investigation. Due to the large amount of cloud platforms it is hardly feasible to identify them when investigating a computer. Knowing all different services of cloud computing platforms is impossible for a human. The paper therefore proposes to investigate raw network data in order to improve the complete digital investigation process by correlating network and computer forensic parts. We present a new method to analyse network traffic to find information about the usage of cloud specific data. With the possibility to automate this extraction and the comparison with a cloud service knowledge base, the error rate of a forensic investigation is reduced. It also reduces the risk of human errors.

[1]  A Min Tjoa,et al.  How the cloud computing paradigm could shape the future of enterprise information processing , 2011, MoMM.

[2]  Michaela Iorga Challenging Security Requirements for US Government Cloud Computing Adoption | NIST , 2012 .

[3]  Ragib Hasan,et al.  Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems , 2013, ArXiv.

[4]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[5]  H. Zimmermann,et al.  OSI Reference Model - The ISO Model of Architecture for Open Systems Interconnection , 1980, IEEE Transactions on Communications.

[6]  Antonio Nucci,et al.  Challenges in Network Application Identification , 2012, LEET.

[7]  Tim Storer,et al.  Calm Before the Storm: The Challenges of Cloud Computing in Digital Forensics , 2014, Int. J. Digit. Crime Forensics.

[8]  Stefan Tai,et al.  Cloud Computing - Web-Based Dynamic IT Services , 2011 .

[9]  Aiko Pras,et al.  Inside dropbox: understanding personal cloud storage services , 2012, Internet Measurement Conference.

[10]  Mark Pollitt,et al.  An Ad Hoc Review of Digital Forensic Models , 2007, Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'07).

[11]  Zahid Anwar,et al.  Digital Forensics for Eucalyptus , 2011, 2011 Frontiers of Information Technology.

[12]  Bernd Grobauer,et al.  Towards incident handling in the cloud: challenges and approaches , 2010, CCSW '10.

[13]  Alan T. Sherman,et al.  Design and Implementation of FROST - Digital Forensic Tools for the OpenStack Cloud Computing Platform , 2016 .

[14]  Joe Carthy,et al.  Cloud Forensic Maturity Model , 2012, ICDF2C.

[15]  Craig Hunt TCP/IP Network Administration , 1992 .

[16]  Mark John Taylor,et al.  Forensic investigation of cloud computing systems , 2011, Netw. Secur..