Cloud Network Data Acquisition Challenges
Main Article Content
Keywords
Networking, Cloud, Virtualization, Forensics
Abstract
The challenge and problem for network investigators is that many of the data repositories are now virtualized and Cloud distributed. This paper reviews the extraction of evidence from virtualized RAM in the Cloud context on two virtual machines. Such evidence informs network system fault correction, and attack diagnosis. The contribution of this research is to promote an awareness of valuable evidence held in Cloud virtual machines, where it is located, and the extraction tools kits required. A challenge for network investigators is the variation in distributed network architecture and protocols. There is little consistency in the Cloud environment beyond proprietary dominance of Cloud services, and vendor virtualization provisions. This exploratory research takes up this challenge and demonstrates a working solution to the extraction of data in Cloud distributed networks.
References
Aljaedi, A., Lindskog, D., Zavarsky, P., Ruhl, R., Almari, F. (2011). "Comparative analysis of volatile memory forensics: live response vs. memory imaging". IEEE Third International Conference on Social Computing (pp. 1253-1258).
Baldoni, R. and Montanari, L. (2016). "Italian Cyber Security Report 2015 - A national framework," Capienza Universita` di Roma and Cini Cyber Security National Lab, Roma.
Belkasoft. (2021). Belkasoft Evidence Center X. https://belkasoft.com/x
Block, F. and Dewald, A. (2017). "Linux memory forensics: Dissecting the user space process heap". Digital Investigation, 22, S66-S75.
Dykstra, J. and Sherman, A. (2012). "Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques". Digital Investigation, 9, S90-S98.
Freiling, F. Groß, T. Latzo, T. Müller, T. and Palutke, T. (2018). "Advances in forensic data acquisition". IEEE Design & Test, 35(5),pp. 63-74.
Grobler, C. and Louwrens, C. (2007). "Digital Forensic Readiness as a Component of Information Security Best Practice.," in IFIP International Information Security Conference, Boston.
Guttman, B., Lyle, J. and Ayers,R. (2011). "Ten years of computer forensic tool testing". Digital Evidence & Elec. Signature L. Rev., 8, 139.
Hannon, M. (2020). "RAM Dumps, Hash Algorithms, Smearing, Encryption, and Order of Volatility", Computer & Internet Lawyer, 37(6), 8-18, 2020.
Jones, E. (2021). "Cloud Market Share – a Look at the Cloud Ecosystem in 2021", https://kinsta.com/blog/cloud-market-share/
Joseph, P. and Norman, J. (2020) "Systematic Memory Forensic Analysis of Ransomware using Digital Forensic Tools". International Journal of Natural Computing Research (IJNCR), 9(2), pp. 61-81.
Kolhe, M. and Ahirao, P. (2017) "Live vs dead computer forensic image acquisition". International Journal of Computer Science and Information Technologies, 8(3), 455-457, 2017.
Krotov V. and Ives, B. (2016). "IT cost benchmarking: Drawing the right conclusions". Business Horizons, 59, 645-653.
Logen, S. Höfken, H. and Schuba, M. (2012). "Simplifying RAM forensics: A GUI and extensions for the volatility framework". Seventh International Conference on Availability, Reliability and Security (pp. 620-624).
Meera, V. Isaac, M. and Balan, C. (2013). "Forensic acquisition and analysis of VMware virtual machine artifacts". In 2013 International Mutli-Conference on Automation, Computing, Communication, Control and Compressed Sensing (iMac4s) (pp. 255-259).
Periyadi, G. Mutiara, A. and Wijaya, R. (2017). "Digital forensics random access memory using live technique based on network attacked." 5th International Conference on Information and Communication Technology (ICoIC7) (pp. 1-6).
Rafique M. and Khan, M. (2013). "Exploring static and live digital forensics: Methods, practices and tools". International Journal of Scientific & Engineering Research, 4(10), 1048-1056.
Reyes, A. O’shea, K. Steele, J. Hansen, J., Jean, B. and Ralph, T. (2007). "Incident response: Live forensics and investigations". Cyber Crime Investigation, pp. 89-109, 2007
Rowlingson, R. (2004). "A Ten Step Process for Forensic Readiness," International Journal of Digital Evidence, 2(3), pp. 1-28.
Schatz B. and Cohen, M. (2017). "Advances in volatile memory forensics". Digital Investigation, 100(20), 1.
Schramp, R. (2017). "Live transportation and RAM acquisition proficiency test". Digital Investigation, 20, 44-53.
Sharma, R. and Singh, U. (2015). "Framework for Live Forensics of a System by Extraction of Clipboard Data and Other Forensic Artefacts from RAM Image". International Symposium on Security in Computing and Communication (pp. 473-482). Springer, Cham. 2015.
Zawoad, S. and Hasan, T. (2016). "Trustworthy digital forensics in the cloud". Computer, 49(3), pp. 78-81.
Zhang, L. Zhang L. and Wang, L. (2010)."Live digital forensics in a virtual machine". International Conference on Computer Application and System Modeling (ICCASM 2010) (Vol. 4, pp. V4-328).
Zhang, S., Wang, L., Xu, S., Xu, X., Han, R. and Sang, S. (2019). "Virtual Machine Memory Forensics Method for XenServer Platform". International Conference on Networking and Network Applications (NaNA) (pp. 302-308).
Article Sidebar
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright © Australasian Association for Information and Communication Technology General permission to republish, but not for profit, all or part of this material is granted, under the Creative Commons Australian Attribution-NonCommercial-NoDerivs 4.0 Licence, provided that the copyright notice is given and that reference is made to the publication, to its date of issue, and to the fact that reprinting privileges were granted by permission of the Copyright holder.