A forensic acquisition based upon a cluster analysis of non-volatile memory in IaaS
Institute of Electrical and Electronics Engineers Inc.
Place of Publication
Security Research Institute
Cloud computing technologies have significantly changed the way in which organizations implement their information technology infrastructure. It is a new paradigm that turned the long-held promises of computing services into reality. It allows organizations to focus on their business with minimal effort placed upon building, managing and maintaining their IT requirements. However, security and incident management requirements are still extremely challenging. Unfortunately, the underlining architecture of cloud computing poses a range of technical and organizational issues for digital investigators. Due to the dynamic nature of cloud computing, current forensic tools and procedures have ranges of limitations. Such limitations lead to devastating consequences including heavy monetary fines or even forcing the organization out of the business. However, an increasing emphasis has been placed on investigating the issues pertained to data acquisition - as it is the first and most difficult problem to be solved when conducting cloud based digital investigation. This study identifies the challenges in cloud forensics related to data acquisition and proposes a novel technique based upon a cluster analysis of non-volatile memory. The approach achieves forensically reliable images at the same level of integrity as the traditional computer forensic acquisition procedures with the additional capability to restore the virtual hard disk as a forensic image at any given time.