Australian Digital Forensics Conference

Document Type

Conference Proceeding

Publisher

Security Research Institute, Edith Cowan University

Place of Publication

Joondalup, Western Australia

Abstract

Forensic investigations of digital media traditionally involve seizing a device and performing a forensic investigation. Often legal and physical obstructions must be overcome so that the investigator has access to the device and the right to secure it for investigation purposes. Taking a forensic image of a hard disk may need to be done in the field but analysis can usually be performed at a later time. With the rapid increase in hard disk size, the acquiring of a forensic image can take hours or days. This poses significant issues for forensic investigators when potential evidence resides in the cloud. What is highly desirable is the ability to perform the acquisition of the image and the data recovery whilst the data remains in the cloud. The comparatively small amount of recovered data can then be downloaded from the cloud. This may solve legal, time and physical obstacles with one relatively simple method. This research describes the development of cloud-based software to perform a digital forensic investigation in the cloud and describes the efficiency of the process under several different configurations utilising Amazon Web Services cloud solutions.

Comments

Mody, S., & Nisbet, A. (2017). A centralised platform for digital forensic investigations in cloud-based environments. Paper presented in Valli, C. (Ed.). The Proceedings of 15th Australian Digital Forensics Conference 5-6 December 2017, Edith Cowan University, Perth, Australia.

DOI

10.4225/75/5a8392cd1d280

Share

 
COinS