A Distributed Snapshot Framework for Digital Forensics Evidence Extraction and Event Reconstruction from Cloud Environment

In a heterogeneous and volatile environment such as the cloud, recording the underlying infrastructure state - snapshot-is an important paradigm for analysis, testing and verification of properties associated with distributed executions. In case of crime or e-discovery investigation, possible execution might require to generate digital forensics evidences. The aim of this research is to generate distributed snapshot and extract evidences in a forensically sound manner. The paper will cover literature review outcomes, preliminary findings, research methodology and work in progress.

[1]  S. Almulla,et al.  Cloud forensics: A research perspective , 2013, 2013 9th International Conference on Innovations in Information Technology (IIT).

[2]  Martin S. Olivier,et al.  Isolating Instances in Cloud Forensics , 2012, IFIP Int. Conf. Digital Forensics.

[3]  Abha Belorkar,et al.  Regenerating Cloud Attack Scenarios using LVM2 based System Snapshots for Forensic Analysis , 2012, CloudCom 2012.

[4]  Zhen Ling,et al.  Cyber Crime Scene Investigations (C²SI) through Cloud Computing , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems Workshops.

[5]  D. Allen,et al.  Putting the horse back in front of the cart: using visions and decisions about high-quality learning experiences to drive course design. , 2007, CBE life sciences education.

[6]  Daniele Catteddu,et al.  Cloud Computing: Benefits, Risks and Recommendations for Information Security , 2009 .

[7]  Chris Wren,et al.  Cloud computing: Forensic challenges for law enforcement , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[8]  Alan T. Sherman,et al.  Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques , 2012, Digit. Investig..

[9]  Ajay D. Kshemkalyani,et al.  Distributed Computing: Principles, Algorithms, and Systems , 2008 .

[10]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[11]  Ajay D. Kshemkalyani,et al.  Distributed Computing: Index , 2008 .

[12]  Tom White,et al.  Hadoop: The Definitive Guide , 2009 .

[13]  Edgar R. Weippl,et al.  Dark Clouds on the Horizon: Using Cloud Storage as Attack Vector and Online Slack Space , 2011, USENIX Security Symposium.

[14]  Daniele Catteddu and Giles Hogben Cloud Computing. Benefits, risks and recommendations for information security , 2009 .

[15]  Ajit Narayanan,et al.  Organisational preparedness for hosted virtual desktops in the context of digital forensics , 2011 .

[16]  Alan T. Sherman,et al.  UNDERSTANDING ISSUES IN CLOUD FORENSICS: TWO HYPOTHETICAL CASE STUDIES , 2011 .

[17]  Mark John Taylor,et al.  Forensic investigation of cloud computing systems , 2011, Netw. Secur..

[18]  Leslie Lamport,et al.  Distributed snapshots: determining global states of distributed systems , 1985, TOCS.

[19]  Vasilios Katos,et al.  Requirements for a Forensically Ready Cloud Storage Service , 2011, Int. J. Digit. Crime Forensics.