Remote programmatic vCloud forensics: a six-step collection process and a proof of concept
Date
2014
Authors
Martini, B.
Choo, K.K.R.
Editors
Advisors
Journal Title
Journal ISSN
Volume Title
Type:
Conference paper
Citation
2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, 2014, pp.935-942
Statement of Responsibility
Conference Name
2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications (24 Sep 2014 - 26 Sep 2014 : Beijing, China)
Abstract
With the increasing popularity of cloud services and their potential to either be the target or the tool in a cybercrime activity, organizational cloud services users need to ensure that they are able to collect evidential data should they be involved in litigation or a criminal investigation. In this paper, we seek to contribute to a better understanding of the technical issues and processes regarding collection of evidential data in the cloud computing environment. Using VMware vCloud as a case study in this paper, we describe the various artefacts available in the cloud environment and identify several forensic preservation considerations for forensics practitioners. We then propose a six-step process for the remote programmatic collection of evidential data to ensure as few changes as possible are made as part of evidence collection and that no potential evidence is missed. The six-step process is implemented in a proof of concept application to demonstrate utility of the process.
School/Discipline
Dissertation Note
Provenance
Description
Access Status
Rights
Copyright 2014 IEEE