Home | Issues | Profile | History | Submission | Review
Vol: 58(72) No: 2 / June 2013        

Incident Response and Reporting in the Context of Cloud Computing Forensics
Alecsandru Pătrașcu
Department of Computer Science, Military Technical Academy, Bucharest, Romania, e-mail: alecsandru.patrascu@gmail.com
Victor-Valeriu Patriciu
Department of Computer Science, Military Technical Academy, Bucharest, Romania, e-mail: victorpatriciu@yahoo.com


Keywords: cloud computing, secure data forensics, cloud computing incident response, cloud computing forensics, Linux kernel virtualization, KVM, XEN

Abstract
Digital forensics and cloud computing represents a new research field that combines both the technical and the legal aspects. Combined with the constant need to know where and when a certain piece of data is stored and processed we have the entire picture for a large scale issue existing in today’s datacenters. Furthermore, cloud forensics poses new challenges due to its distributed and virtualized nature. In this paper we will talk about the context in which forensics can help investigators on a regular computer network and in cloud environments. We will present also a new and novel way in which suspect user activity can be monitored using a secure cloud forensic framework together with its detailed architecture.

References
[1] D. Birk, “Technical issues for forensic investigations in cloud computing environments”, in IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), pp 1-10, 2011.
[2] G. Chen, “Suggestions to digital forensics in Cloud computing ERA”, in Third IEEE International Conference on Network Infrastructure and Digital Content (IC-NIDC), 2012.
[3] B. Grobauer and T. Schreck, “Towards incident handling in the cloud: challenges and approaches”, in Proceedings of the 2010 ACM workshop on Cloud computing security workshop, New York, 2010.
[4] B. Martini and K. R. Choo, “An integrated conceptual digital forensic framework for cloud computing”, in Digital Investigation, vol. 9, pp 71-80, November 2012.
[5] A. Patrascu, C. Leordeanu, C. Dobre and V. Cristea, “ReC2S: Reliable Cloud Computing System”, in European Concurrent Engineering Conference, Bucharest, 2012.
[6] T.Sang, Y. Du, P. Qin, J. Du, “A Log Based Approach to Make Digital Forensics Easier on Cloud Computing”, in Third conference on Intelligent System Design and Engineering Applications (ISDEA), 2013.
[7] M. Simmons and H. Chi, “Designing and implementing cloud-based digital forensics”, in Proceedings of the 2012 Information Security Curriculum Development Conference, pages 69-74, 2012.
[8] T. Takahashi, Y. Kadobayashi and H. Fujiwara, “Ontological Approach toward Cybersecurity in Cloud Computing”, 2010.
[9] K. Ruan, J. James, J. Carthy, and T. Kachadi, “Key Terms for Service Level Agreement to Support Cloud Forensics”, in Advances in Digital Forensics VIII, Springer, 2012.
[10] A. Amarilli, D. Naccache, P. Rauzy and E. Simion, “Can a program reverse-engineer itself?”, Proceedings of the Thirteenth IMA International Conference on Cryptography and Coding, 12-15 dec. 2011, Springer Verlag, Liqun Chen Ed., vol. 7089, DOI: 10.1007/978-3-642-25516-8, ISBN 978-3-642-25515-1, pp. 1-9.
[11] S. Thorpe, I. Ray, T. Grandison and A. Barbir, “Cloud Digital Investigations Based on a Virtual Machine Computer History Model”, in Future Information Technology, Application, and Service, 2012.
[12] B. Wilder, “Cloud architecture patterns”, O\'Reilly Media, 2012.
[13] NIST SP800-86 Notes, “Guide to Integrating Forensic Techniques into Incident Response”, http://cybersd.com/sec2/800-86Summary.pdf.
[14] http://cee.mitre.org/language/1.0-beta1/cls.html.
[15] http://www.cftt.nist.gov/NISTIR\\_7490.pdf.
[16] http://www.gartner.com/technology/consulting/.
[17] http://uw714doc.sco.com/en/UDI\\_spec/m\\_mgmt.html.
[18] http://www.nist.gov/itl/cloud/index.cfm.