Cloud-based digital forensics evaluation test (D-FET) platform.

This paper outlines the specification of the Cloud-based DFET platform which is used to evaluate the performance of digital forensics tools, which aim to detect the presence of trails of evidence, such as for the presence of illicit images and determination of user accounts from a host. Along with measuring key quality metrics, such as truepositives, and false-positives, it also measures operational performance, such as for the speed of success, CPU utilization and memory usage. This is used to determine the basic footprint of the package-under-test. The paper presents a proof-of-concept of the system using the VMware vSphere Hypervisor (ESXi) within the vCenter Cloud management infrastructure, which provides a cluster environment, and supports the creation and instantiation of a well-defined virtual test operation system. The infrastructure has been used within a teaching environment for two semesters, and has been shown to cope well in terms of performance and administration. Two key evaluation points related to whether a cloudbased infrastructure will provide improvement on existing stand-alone and workstation-based virtualisation are related to the improvement in energy consumption and in the CPU utilization footprint for each virtual machine. Thus the results show some metrics related to the energy and CPU consumptions of the created digital forensics instances, which can be used to justify the improvements in energy consumption, as opposed to stand-alone instances, and in the scalability of the infrastructure.

[1]  Simson L. Garfinkel,et al.  Bringing science to digital forensics with standardized forensic corpora , 2009, Digit. Investig..

[2]  Giovanni Vigna,et al.  Using a virtual security testbed for digital forensic reconstruction , 2007, Journal in Computer Virology.

[3]  William J Buchanan,et al.  Performance and student perception evaluation of cloud-based virtualised security and digital forensics labs. , 2011 .

[4]  Philip Clark Digital Forensics Tool Testing - Image Metadata in the Cloud , 2011 .

[5]  Norah Rudin,et al.  Quality Assurance Standards for Forensic DNA Testing Laboratories , 2001 .

[6]  Ewa Huebner,et al.  Computer Forensic Analysis in a Virtual Environment , 2007, Int. J. Digit. EVid..

[7]  Nicole Beebe,et al.  Digital Forensic Research: The Good, the Bad and the Unaddressed , 2009, IFIP Int. Conf. Digital Forensics.

[8]  Daniel Ayers,et al.  A second generation computer forensic analysis system , 2009, Digit. Investig..

[9]  William J. Buchanan,et al.  Correlation between academic and skills-based tests in computer networks , 2006, Br. J. Educ. Technol..

[10]  Raphael C.-W. Phan,et al.  Metrics for network forensics conviction evidence , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[11]  Michael Cohen,et al.  Hash based disk imaging using AFF4 , 2010 .

[12]  Brian D. Carrier,et al.  File System Forensic Analysis , 2005 .

[13]  Sarah Mocas,et al.  Building theoretical underpinnings for digital forensics research , 2004, Digit. Investig..

[14]  Simson L. Garfinkel,et al.  Automating Disk Forensic Processing with SleuthKit, XML and Python , 2009, 2009 Fourth International IEEE Workshop on Systematic Approaches to Digital Forensic Engineering.

[15]  Frank Adelstein,et al.  Automated computer forensics training in a virtualized environment , 2008 .

[16]  Simson L. Garfinkel,et al.  Digital forensics research: The next 10 years , 2010, Digit. Investig..

[17]  Brian D. Carrier,et al.  Open Source Digital Forensics Tools The Legal Argument 1 , 2003 .

[18]  Matthew Meyers,et al.  Computer Forensics: The Need for Standardization and Certification , 2004, Int. J. Digit. EVid..

[19]  J. Philip Craiger,et al.  Analyzing the Impact of a Virtual Machine on a Host Machine , 2009, IFIP Int. Conf. Digital Forensics.

[20]  Mark Pollitt,et al.  An Ad Hoc Review of Digital Forensic Models , 2007, Second International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE'07).

[21]  Michael Cohen,et al.  PyFlag - An advanced network forensic framework , 2008, Digit. Investig..

[22]  Jill Slay,et al.  Validation of forensic computing software utilizing Black Box testing techniques , 2006 .

[23]  Jesse D. Kornblum The Linux Kernel and the Forensic Acquisition of Hard Discs with an Odd Number of Sectors , 2004, Int. J. Digit. EVid..