Cloud Separation: Stuck Inside the Cloud
When something erroneous happens happens in digital environment, a Digital Forensic Investigations (DFIs) can be used to gather information about the event. When conducting a DFI, Digital Forensic Procedures (DFPs) are followed. DFPs provide steps to follow to ensure the successful completion of the DFI. One of the steps in a DFP is to isolate possible evidence in order to protect the evidence from contamination and tampering. The introduction of Cloud computing complicated the isolation process because there is a shared layer between users. This means that the methods used to isolate evidence must be adapted and reworked to work in the Cloud environment. In some cases new procedures need to be introduced to address the isolation problem.
In this article we introduce the idea of Cloud separation to isolate a part of the Cloud. We argue that the separation process consists of methods to move instances, as well as methods to divide the Cloud. The paper also introduces methods to accomplish the movement of instances and the division of the Cloud. The paper reports on the finding of testing the dividing methods on different Cloud operating systems in experimental conditions. The experimental outcome was that some of the methods are not applicable to Cloud separation and the methods to be used will depend on the circumstances of the DFI. Out of the experiment some lessons were learnt which should be considered when conducting Cloud separation.
KeywordsCloud Computing Digital Forensic Digital Forensics Process Isolation
Unable to display preview. Download preview PDF.
- 1.Vouk, M.A.: Cloud computing - issues, research and implementations. In: 30th International Conference on Information Technology Interfaces, ITI 2008, pp. 31–40 (June 2008)Google Scholar
- 2.Barrett, D., King, T.: Computer networking illuminated. Jones and Bartlett illuminated series. Jones and Bartlett (2005)Google Scholar
- 3.Biggs, S., Vidalis, S.: Cloud computing: The impact on digital forensic investigations. In: International Conference for Internet Technology and Secured Transactions, ICITST 2009, pp. 1–6 (November 2009)Google Scholar
- 4.Foster, I., Zhao, Y., Raicu, I., Lu, S.: Cloud computing and grid computing 360-degree compared. In: Grid Computing Environments Workshop, GCE 2008, pp. 1–10 (November 2008)Google Scholar
- 5.Mell, P., Grance, T.: The NIST Definition of Cloud Computing, Recommendations of the National Institute of Standards and Technolog. Technical report, National Institute of Standards and Technology (2011)Google Scholar
- 6.Ashcroft, J.: Electronic Crime Scene Investigation: A Guide for First Responders. Technical Working Group for Electronic Crime Scene Investigation (July 2001)Google Scholar
- 7.Cohen, F.: Digital Forensic Evidence Examination, 2nd edn. Fed Cohen & Associates, Livermore (2010)Google Scholar
- 8.Delport, W., Olivier, M.S.: Isolation, stuck inside the cloud. In: Eighth Annual IFIP WG 11.9 International Conference on Digital Forensics (in Press, 2012)Google Scholar
- 12.Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud forensics: An overview. In: IFIP International Conference on Digital Forensics, p. 7 (2011)Google Scholar
- 15.Delport, W., Olivier, M.S., Köhn, M.: Isolating a cloud instance for a digital forensic investigation. In: 2011 Information Security for South Africa (ISSA 2011) Conference (2011)Google Scholar
- 16.Vmware inc. Computer Program. vSphere 5.0 (2011), http://www.vmware.com (accessed May 26, 2012)