Digital Forensic Architecture for Cloud Computing Systems: Methods of Evidence Identification, Segregation, Collection and Partial Analysis

Povar, Digambar; Geethakumari, G.

doi:10.1007/978-81-322-2755-7_22

Digambar Povar⁶ &
G. Geethakumari⁶

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 433))

1543 Accesses
2 Citations

Abstract

Various advantages offered by cloud computing business model has made it one of the most significant of current computing trends like personal, mobile, ubiquitous, cluster, grid, and utility computing models. These advantages have created complex issues for forensic investigators and practitioners for conducting digital forensic investigation in cloud computing environment. In the past few years, many researchers have contributed in identifying the forensic challenges, designing forensic frameworks, data acquisition methods for cloud computing systems. However, to date, there is no unique universally accepted forensic process model for cloud computing environment to acquire and analyze data available therein. This paper contributes in three specific areas to expedite research in this emerging field. First is designing a digital forensic architecture for cloud computing systems; second is evidence source identification, segregation and acquisition; and finally methods for partial analysis of evidence within and outside of a virtual machine (VM).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Dominik Birk, Michael Panico: Mapping the Forensic Standard ISO/IEC 27037 to Cloud Computing. Available at (https://downloads.cloudsecurityalliance.org/initiatives/imf/Mapping-the-Forensic-Standard-ISO-IEC-27037-to-Cloud-Computing.pdf) [Accessed June 25th, 2015].
Michaela Iorga, Eric Simmon: NIST Cloud Computing Forensic Science Challenges. NIST Cloud Computing Forensic Science Working Group, June 2014. (available at: http://csrc.nist.gov/publications/drafts/nistir-8006/draft_nistir_8006.pdf.
Encase, https://www.guidancesoftware.com/products/Pages/encase-forensic/overview.aspx?cmpid=nav [Accessed June 25th, 2015].
Forensic Tool Kit (FTK), https://www.accessdata.com/solutions/digital-forensics/forensic-toolkit-ftk [Accessed June 25th, 2015].
X-Ways Forensics, http://www.x-ways.net [Accessed June 25th, 2015].
CyberCheck, http://www.cyberforensics.in/Products/Cybercheck.aspx [Accessed June 25th, 2015].
The Sleuth Kit (TSK), http://www.sleuthkit.org/sleuthkit [Accessed June 25th, 2015].
Digital Forensics Framework (DFF), http://www.digital-forensic.org/download [Accessed June 25th, 2015].
Ruan, K. et al.: Cloud forensics. Advances in Digital Forensics VII, pp.35–46, IFIP AICT 361, Springer (0211).
Google Scholar
Shams Zawoad, Ragib Hasan: Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems. arXiv:1302.6312v1[cs.DC] (2013).
Dykstra, J. and Sherman, A.T.: Acquiring forensic evidence from infrastructure-as-a-service cloud computing: exploring and evaluating tools, trust, and techniques. Digital Investigation, Vol. 9, Supplement, pp.590–598, Elsevier (2012).
Google Scholar
Dykstra, J. and Sherman, A.T.: Design and Implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform. Digital Investigation, Vol. 10, Supplement, pp.87–95, Elsevier (2013).
Google Scholar
https://www.openstack.org/software [Accessed June 25th, 2015].
Fang Liu et al.: NIST Cloud Computing reference architecture, Recommendations of the NIST, Special Publication 500–292 (2011).
Google Scholar
Jerry Honeycutt: Microsoft windows registry guide (2005).
Google Scholar
The Volatility Framework, https://code.google.com/p/volatility [Accessed June 25th, 2015].
Boyer, R.S., Moore, J.S.: A Fast String Searching Algorithm. Communications of the Association for Computing Machinery 20(10), pp. 762–772 (1977).
Google Scholar

Download references

Acknowledgments

Our sincere thanks to Department of Computer Science and Information Systems of BITS Pilani, Hyderabad Campus, India, for providing us with the research environment.

Author information

Authors and Affiliations

Department of Computer Science and Information Systems, BITS Pilani, Hyderabad Campus, Jawaharnagar, Ranga Reddy District, 50078, Telangana, India
Digambar Povar & G. Geethakumari

Authors

Digambar Povar
View author publications
You can also search for this author in PubMed Google Scholar
G. Geethakumari
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Digambar Povar .

Editor information

Editors and Affiliations

Deparment of CSE, Anil Neerukonda Ins. of Tech. & Sci., Vishakapatnam, India
Suresh Chandra Satapathy
Kalyani University, Nadia, West Bengal, India
Jyotsna Kumar Mandal
University of Hyderabad, Hyderabad, Andhra Pradesh, India
Siba K. Udgata
Dept. of ECE, Shri Ramswaroop Mem. Group of Prof. Clg, Lucknow, Uttar Pradesh, India
Vikrant Bhateja

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Povar, D., Geethakumari, G. (2016). Digital Forensic Architecture for Cloud Computing Systems: Methods of Evidence Identification, Segregation, Collection and Partial Analysis. In: Satapathy, S., Mandal, J., Udgata, S., Bhateja, V. (eds) Information Systems Design and Intelligent Applications. Advances in Intelligent Systems and Computing, vol 433. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2755-7_22

Download citation

DOI: https://doi.org/10.1007/978-81-322-2755-7_22
Published: 06 February 2016
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2753-3
Online ISBN: 978-81-322-2755-7
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics