Digital forensics investigations in the Cloud

Neha Thethi, Anthony Keane

    Research output: Contribution to conferencePaperpeer-review

    39 Citations (Scopus)

    Abstract

    The essentially infinite storage space offered by Cloud Computing is quickly becoming a problem for forensics investigators in regards to evidence acquisition, forensic imaging and extended time for data analysis. It is apparent that the amount of stored data will at some point become impossible to practically image for the forensic investigators to complete a full investigation. In this paper, we address these issues by determining the relationship between acquisition times on the different storage capacities, using remote acquisition to obtain data from virtual machines in the cloud. A hypothetical case study is used to investigate the importance of using a partial and full approach for acquisition of data from the cloud and to determine how each approach affects the duration and accuracy of the forensics investigation and outcome. Our results indicate that the relation between the time taken for image acquisition and different storage volumes is not linear, owing to several factors affecting remote acquisition, especially over the Internet. Performing the acquisition using cloud resources showed a considerable reduction in time when compared to the conventional imaging method. For a 30GB storage volume, the least time was recorded for the snapshot functionality of the cloud and dd command. The time using this method is reduced by almost 77 percent. FTK Remote Agent proved to be most efficient showing an almost 12 percent reduction in time over other methods of acquisition. Furthermore, the timelines produced with the help of the case study, showed that the hybrid approach should be preferred to complete approach for performing acquisition from the cloud, especially in time critical scenarios.

    Original languageEnglish
    Pages1475-1480
    Number of pages6
    DOIs
    Publication statusPublished - 2014
    Event2014 4th IEEE International Advance Computing Conference, IACC 2014 - Gurgaon, India
    Duration: 21 Feb 201422 Feb 2014

    Conference

    Conference2014 4th IEEE International Advance Computing Conference, IACC 2014
    Country/TerritoryIndia
    CityGurgaon
    Period21/02/1422/02/14

    Keywords

    • Cloud evidence acquisition
    • Cloud forensics

    Fingerprint

    Dive into the research topics of 'Digital forensics investigations in the Cloud'. Together they form a unique fingerprint.

    Cite this