A forensic acquisition based upon a cluster analysis of non-volatile memory in IaaS
Document Type
Conference Proceeding
Publication Title
2017 2nd International Conference on Anti-Cyber Crimes (ICACC)
Publisher
Institute of Electrical and Electronics Engineers Inc.
Place of Publication
United States
School
Security Research Institute
RAS ID
25579
Abstract
Cloud computing technologies have significantly changed the way in which organizations implement their information technology infrastructure. It is a new paradigm that turned the long-held promises of computing services into reality. It allows organizations to focus on their business with minimal effort placed upon building, managing and maintaining their IT requirements. However, security and incident management requirements are still extremely challenging. Unfortunately, the underlining architecture of cloud computing poses a range of technical and organizational issues for digital investigators. Due to the dynamic nature of cloud computing, current forensic tools and procedures have ranges of limitations. Such limitations lead to devastating consequences including heavy monetary fines or even forcing the organization out of the business. However, an increasing emphasis has been placed on investigating the issues pertained to data acquisition - as it is the first and most difficult problem to be solved when conducting cloud based digital investigation. This study identifies the challenges in cloud forensics related to data acquisition and proposes a novel technique based upon a cluster analysis of non-volatile memory. The approach achieves forensically reliable images at the same level of integrity as the traditional computer forensic acquisition procedures with the additional capability to restore the virtual hard disk as a forensic image at any given time.
DOI
10.1109/Anti-Cybercrime.2017.7905276
Access Rights
subscription content
Comments
Alqahtany, S., Clarke, N., Furnell, S., & Reich, C. (2017). A forensic acquisition based upon a cluster analysis of non-volatile memory in IaaS. In 2017 2nd International Conference on Anti-Cyber Crimes (ICACC) (pp. 123-128). IEEE. Available here.