Acquiring Forensic Evidence from Infrastructure-as-a-Service Cloud Computing: Exploring and Evaluating Tools, Trust, and Techniques

dc.contributor.authorDykstra, Josiah
dc.contributor.authorSherman, Alan T.
dc.date.accessioned2019-02-19T17:10:01Z
dc.date.available2019-02-19T17:10:01Z
dc.date.issued2012-08-06
dc.descriptionThe Digital Forensic Research Conferenceen_US
dc.description.abstractWe expose and explore technical and trust issues that arise in acquiring forensic evidence from infrastructure-as-aservice cloud computing and analyze some strategies for addressing these challenges. First, we create a model to show the layers of trust required in the cloud. Second, we present the overarching context for a cloud forensic exam and analyze choices available to an examiner. Third, we provide for the first time an evaluation of popular forensic acquisition tools including Guidance EnCase and AccesData Forensic Toolkit, and show that they can successfully return volatile and non-volatile data from the cloud. We explain, however, that with those techniques judge and jury must accept a great deal of trust in the authenticity and integrity of the data from many layers of the cloud model. In addition, we explore four other solutions for acquisition—Trusted Platform Modules, the management plane, forensics as a service, and legal solutions, which assume less trust but require more cooperation from the cloud service provider. Our work lays a foundation for future development of new acquisition methods for the cloud that will be trustworthy and forensically sound. Our work also helps forensic examiners, law enforcement, and the court evaluate confidence in evidence from the cloud.en_US
dc.description.sponsorshipSherman was supported in part by the Department of Defense under IASP grant H98230-11-1-0473. Dykstra was supported in part by an AWS in Education grant award.en_US
dc.description.urihttps://www.dfrws.org/sites/default/files/session-files/paper-acquiring_forensic_evidence_from_infrastructure-as-a-service_cloud_computing.pdfen_US
dc.format.extent10 pagesen_US
dc.genreconference papers and proceedings preprintsen_US
dc.identifierdoi:10.13016/m2i3pv-wogc
dc.identifier.urihttp://hdl.handle.net/11603/12823
dc.language.isoen_USen_US
dc.relation.isAvailableAtThe University of Maryland, Baltimore County (UMBC)
dc.relation.ispartofUMBC Center for Research and Exploration in Space Sciences & Technology II (CRSST II)
dc.relation.ispartofUMBC Faculty Collection
dc.relation.ispartofUMBC Computer Science and Electrical Engineering Department
dc.rightsThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
dc.subjectcomputer securityen_US
dc.subjectcloud computingen_US
dc.subjectdigital forensicsen_US
dc.subjectcloud forensicsen_US
dc.subjectEnCaseen_US
dc.subjectFTKen_US
dc.subjectAmazon EC2en_US
dc.titleAcquiring Forensic Evidence from Infrastructure-as-a-Service Cloud Computing: Exploring and Evaluating Tools, Trust, and Techniquesen_US
dc.typeTexten_US

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
DFRWS2012_Dykstra.pdf
Size:
195.29 KB
Format:
Adobe Portable Document Format
Description:

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
2.56 KB
Format:
Item-specific license agreed upon to submission
Description: