Acquiring Forensic Evidence from Infrastructure-as-a-Service Cloud Computing: Exploring and Evaluating Tools, Trust, and Techniques
| dc.contributor.author | Dykstra, Josiah | |
| dc.contributor.author | Sherman, Alan T. | |
| dc.date.accessioned | 2019-02-19T17:10:01Z | |
| dc.date.available | 2019-02-19T17:10:01Z | |
| dc.date.issued | 2012-08-06 | |
| dc.description | The Digital Forensic Research Conference | en_US |
| dc.description.abstract | We expose and explore technical and trust issues that arise in acquiring forensic evidence from infrastructure-as-aservice cloud computing and analyze some strategies for addressing these challenges. First, we create a model to show the layers of trust required in the cloud. Second, we present the overarching context for a cloud forensic exam and analyze choices available to an examiner. Third, we provide for the first time an evaluation of popular forensic acquisition tools including Guidance EnCase and AccesData Forensic Toolkit, and show that they can successfully return volatile and non-volatile data from the cloud. We explain, however, that with those techniques judge and jury must accept a great deal of trust in the authenticity and integrity of the data from many layers of the cloud model. In addition, we explore four other solutions for acquisition—Trusted Platform Modules, the management plane, forensics as a service, and legal solutions, which assume less trust but require more cooperation from the cloud service provider. Our work lays a foundation for future development of new acquisition methods for the cloud that will be trustworthy and forensically sound. Our work also helps forensic examiners, law enforcement, and the court evaluate confidence in evidence from the cloud. | en_US |
| dc.description.sponsorship | Sherman was supported in part by the Department of Defense under IASP grant H98230-11-1-0473. Dykstra was supported in part by an AWS in Education grant award. | en_US |
| dc.description.uri | https://www.dfrws.org/sites/default/files/session-files/paper-acquiring_forensic_evidence_from_infrastructure-as-a-service_cloud_computing.pdf | en_US |
| dc.format.extent | 10 pages | en_US |
| dc.genre | conference papers and proceedings preprints | en_US |
| dc.identifier | doi:10.13016/m2i3pv-wogc | |
| dc.identifier.uri | http://hdl.handle.net/11603/12823 | |
| dc.language.iso | en_US | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Center for Research and Exploration in Space Sciences & Technology II (CRSST II) | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.subject | computer security | en_US |
| dc.subject | cloud computing | en_US |
| dc.subject | digital forensics | en_US |
| dc.subject | cloud forensics | en_US |
| dc.subject | EnCase | en_US |
| dc.subject | FTK | en_US |
| dc.subject | Amazon EC2 | en_US |
| dc.title | Acquiring Forensic Evidence from Infrastructure-as-a-Service Cloud Computing: Exploring and Evaluating Tools, Trust, and Techniques | en_US |
| dc.type | Text | en_US |