2.2.2. The technical dimension

The technical dimension 1/1

After   : 1 : "The technical dimension involves a set of tools and procedures to carry out the forensic process in cloud computing environments." Some of the key aspects in the technical dimension as follows: forensic data collection; elastic, static and live forensics; evidence segregation; investigations in virtualized environments; pro-active preparations.

Forensic data collection

  • After   : 1 : "Cloud forensic collection is the process of identifying, labelling, recording, and acquiring forensic data from the possible sources of data in the Cloud."
  • The sources of data include:
    • client-side artefacts,
    • provider-side artefacts.
  • The tools and procedures to collect forensic data are dependent of cloud service models - the segregation of duties is different in different cloud service models.

Elastic, static and live forensics

  • Cloud resources are provisioned and deprovisioned on demand.
  • Cosequently, cloud investigation tools need to be elastic { in most cases large scale static and live forensic tools are required.

Evidence segregation

  • In multi-tenant environments, where various resources are shared, IT cost is reduced.
  • On the other hand the infrastructure componets like CPU caches, GPUs, etc., were not designed for strong compartmentalization in a multi-tenant architecture.
  • As a result tools and procedures to segregate forensic data in the cloud among muliple tenants need to be developed.

Investigations in virtualized environments

  • Virtualizaton is the basic technology in the cloud.
  • However, investigations in most cases require evidence retrieval from physical locations.
  • Loss of data control is a challenge for cloud forensic { tools and procedures need to be developed to physically locate forensic data at a given timestamp.

Pro-active preparations

  • Pro-active measures can be taken to make forensic investigation easier:
    • designing forensic-aware cloud applications,
    • pro-actively collecting forensic data in the cloud.
  • It often involves a set of design principles, such as making regular snapshots or regularly checking authentication and access-control records.

Bibliography 1/1

1

Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.:: Cloud forensics: An overview.

(2011). http://cloudforensicsresearch.org/publication/Cloud_Forensics_An_Overview_7th_IFIP.pdf



PREV
NEXT

Projekt Cloud Computing – nowe technologie w ofercie dydaktycznej Politechniki Wrocławskiej (UDA.POKL.04.03.00-00-135/12)jest realizowany w ramach Programu Operacyjnego Kapitał Ludzki, Priorytet IV. Szkolnictwo wyższe i nauka, Działanie 4.3. Wzmocnienie potencjału dydaktycznego uczelni w obszarach kluczowych w kontekście celów Strategii Europa 2020, współfinansowanego ze środków Europejskiego Funduszu Społecznego i budżetu Państwa