Remote Programmatic vCloud Forensics
Proceedings of 13th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2014), September 2014, Forthcoming
8 Pages Posted: 22 Jul 2014
Date Written: July 21, 2014
Abstract
With the increasing popularity of cloud services and their potential to either be the target or the tool in a cybercrime activity, organizational cloud services users need to ensure that they are able to collect evidential data should they be involved in litigation or a criminal investigation. In this paper, we seek to contribute to a better understanding of the technical issues and processes regarding collection of evidential data in the cloud computing environment. Using VMware vCloud as a case study in this paper, we describe the various artefacts available in the cloud environment and identify several forensic preservation considerations for forensics practitioners. We then propose a six-step process for the remote programmatic collection of evidential data to ensure as few changes as possible are made as part of evidence collection and that no potential evidence is missed. The six-step process is implemented in a proof of concept application to demonstrate utility of the process.
Keywords: Cloud forensics, Remote cloud forensic process, Remote evidence preservation, Remote evidence collection, vCloud
JEL Classification: C88, C89, K42, K49
Suggested Citation: Suggested Citation