Abstract
As the use – and abuse – of cloud computing increases, it becomes necessary to conduct forensic analyses of cloud computing systems. This paper evaluates the feasibility of performing a digital forensic investigation on a cloud computing system. Specifically, experiments were conducted on the Nimbula on-site cloud operating system to determine if meaningful information can be extracted from a cloud system. The experiments involved planting known, unique files in a cloud computing infrastructure, and subsequently performing forensic captures of the virtual machine image that executes in the cloud. The results demonstrate that it is possible to extract key information about a cloud system and, in certain cases, even re-start a virtual machine.
Chapter PDF
Similar content being viewed by others
References
F. Adelstein, Live forensics: Diagnosing your system without killing it first, Communications of the ACM, vol. 49(2), pp. 63–66, 2006.
Amazon Web Services, Amazon Elastic Compute Cloud (Amazon EC2), Seattle, Washington ( aws.amazon.com/ec2 ).
M. Andrew, Defining a process model for forensic analysis of digital devices and storage media, Proceedings of the Second IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 16–30, 2007.
D. Barrett, Virtualization and Forensics: A Digital Forensic Investigator’s Guide to Virtual Environments, Syngress, Burlington, Massachusetts, 2010.
D. Barrett, R. Silverman and R. Byrnes, SSH, The Secure Shell: The Definitive Guide, O’Reilly, Sebastopol, California, 2005.
B. Carrier, Autopsy ( www.sleuthkit.org/autopsy ).
B. Carrier, The Sleuth Kit ( www.sleuthkit.org/sleuthkit ).
E. Casey (Ed.), Handbook of Digital Forensics and Investigations, Elsevier Academic Press, Burlington, Massachusetts, 2010.
H. Cervone, An overview of virtual and cloud computing, OCLC Systems and Services, vol. 26(3), pp. 162–165, 2010.
D. Chappell, Introducing the Windows Azure Platform, Technical Report, David Chappel and Associates, San Francisco, California, 2008.
M. Christodorescu, R. Sailer, D. Schales, D. Sgandurra and D. Zamboni, Cloud security is not (just) virtualization security: A short paper, Proceedings of the ACM Workshop on Cloud Computing Security, pp. 97–102, 2009.
F. Cohen, Digital Forensic Evidence Examination, ASP Press, Livermore, California, 2010.
Google, Google Apps for Business, Mountain View, California ( www.google.com/apps/intl/en/business ).
S. Gopisetty, S. Agarwala, E. Butler, D. Jadav, S. Jaquet, M. Korupolu, R. Routray, P. Sarkar, A. Singh, M. Sivan-Zimet, C. Tan, S. Uttamchandani, D. Merbach, S. Padbidri, A. Dieberger, E. Haber, E. Kandogan, C. Kieliszewski, D. Agrawal, M. Devarakonda, K. Lee, K. Magoutis, D. Verma and N. Vogl, Evolution of storage management: Transforming raw data into information, IBM Journal of Research and Development, vol. 52(4), pp. 341–352, 2008.
K. Hess and A. Newman, Practical Virtualization Solutions: Virtualization from the Trenches, Prentice-Hall, Boston, Massachusetts, 2009.
J. Hurwitz, R. Bloor, M. Kaufman and F. Halper, Cloud Computing for Dummies, Wiley, Hoboken, New Jersey, 2010.
W. Kruse and J. Heiser, Computer Forensics: Incident Response Essentials, Addison-Wesley, Indianapolis, Indiana, 2002.
KVM Admin, Kernel Based Virtual Machine ( www.linux-kvm.org/page/Main_Page ).
H. Lagar-Cavilla, J. Whitney, R. Bryant, P. Patchin, M. Brudno, E. de Lara, S. Rumble, M. Satyanarayanan and A. Scannell, SnowFlock: Virtual machine cloning as a first-class cloud primitive, ACM Transactions on Computer Systems, vol. 29(1), pp. 2:1–2:45, 2011.
T. Lillard, Digital Forensics for Network, Internet and Cloud Computing: A Forensic Evidence Guide for Moving Targets and Data, Syngress, Burlington, Massachusetts, 2010.
E. Manoel, C. Carlane, L. Ferreira, S. Hill, D. Leitko and P. Zutenis, Linux Clustering with CSM and GPFS, IBM Redbooks, Armonk, New York, 2002.
P. Mell and T. Grance, The NIST Definition of Cloud Computing, Recommendations of the National Institute of Standards and Technology, NIST Special Publication 800-145, National Institute of Standards and Technology, Gaithersburg, Maryland, 2011.
R. Moreno-Vozmediano, R. Montero and I. Llorente, Elastic management of cluster-based services in the cloud, Proceedings of the First Workshop on Automated Control for Datacenters and Clouds, pp. 19–24, 2009.
R. Morris and B. Truskowski, The evolution of storage systems, IBM Systems Journal, vol. 42(2), pp. 205–217, 2003.
S. Naqvi, G. Dallons and C. Ponsard, Applying digital forensics in future Internet enterprise systems – European SME’s perspective, Proceedings of the Fifth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering, pp. 89–93, 2010.
Nimbula, Nimbula Director User Guide, Mountain View, California, 2010.
M. Noblett, F. Church, M. Pollitt and L. Presley, Recovering and examining computer forensic evidence, Forensic Science Communications, vol. 2(4), p. 1–13, 2000.
G. Pangalos, C. Ilioudis and I. Pagkalos, The importance of corporate forensic readiness in the information security framework, Proceedings of the Nineteenth IEEE International Workshop on Enabling Technologies: Infrastructures for Collaborative Enterprises, pp. 12–16, 2010.
D. Reilly, C. Wren and T. Berry, Cloud computing: Forensic challenges for law enforcement enforcement, Proceedings of the International Conference on Internet Technology and Secured Transactions, pp. 1–7, 2010.
B. Siddhisena, L. Warusawithana and M. Mendis, Next generation multi-tenant virtualization cloud computing platform, Proceedings of the Thirteenth International Conference on Advanced Communication Technology, pp. 405–410, 2011.
Technical Working Group for Electronic Crime Scene Investigation, Electronic Crime Scene Investigation: A Guide for First Responders, NIJ Guide, NCJ 187736, U.S. Department of Justice, Washington, DC, 2001.
M. Zhou, R. Zhang, D. Zeng and W. Qian, Services in the cloud computing era: A survey, Proceedings of the Fourth International Universal Communication Symposium, pp. 40–46, 2010.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Ras, D., Olivier, M. (2012). Finding File Fragments in the Cloud. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics VIII. DigitalForensics 2012. IFIP Advances in Information and Communication Technology, vol 383. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33962-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-642-33962-2_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33961-5
Online ISBN: 978-3-642-33962-2
eBook Packages: Computer ScienceComputer Science (R0)