Cloud Evidence Tracing System: An integrated forensics investigation system for large-scale public cloud platform. (June 2022)
- Record Type:
- Journal Article
- Title:
- Cloud Evidence Tracing System: An integrated forensics investigation system for large-scale public cloud platform. (June 2022)
- Main Title:
- Cloud Evidence Tracing System: An integrated forensics investigation system for large-scale public cloud platform
- Authors:
- Wu, Songyang
Sun, Wenqi
Ding, Zhiguo
Liu, Shanjun - Abstract:
- Abstract: With the rise of cloud computing, many systems are migrating to public cloud platforms. Numerous crimes are committed in the cloud, including the establishment of illegal websites and the storage of illegal data. Using virtualization technology, data can be logically stored in the same virtual host, but also physically distributed across multiple hard drives, clusters, or even countries. In these circumstances, using the traditional forensic method of physical preservation will consume a great deal of resources, which will clog the forensic process. In order to develop an effective cloud investigation solution, two challenges must be overcome. First, the difficulty of collecting data consistently when the VMs (Virtual Machines) involved are deployed across multiple CSPs. Second, the difficulty of keeping track of all the files created during the forensic workflow. We developed CETS (Cloud Evidence Tracing System), which utilizes CSP's existing API to perform a variety of forensic operations including acquisition, preservation, and emulation, as well as data analysis and file management. To evaluate the system, we created three cloud environments in the laboratory, including a forensic target cloud, a preservation cloud, and an emulation cloud, and conducted a series of forensic experiments. CETS was shown to significantly increase the investigator's investigative efficiency and reduce the investigation workflow's resource consumption. Currently, CETS has collectedAbstract: With the rise of cloud computing, many systems are migrating to public cloud platforms. Numerous crimes are committed in the cloud, including the establishment of illegal websites and the storage of illegal data. Using virtualization technology, data can be logically stored in the same virtual host, but also physically distributed across multiple hard drives, clusters, or even countries. In these circumstances, using the traditional forensic method of physical preservation will consume a great deal of resources, which will clog the forensic process. In order to develop an effective cloud investigation solution, two challenges must be overcome. First, the difficulty of collecting data consistently when the VMs (Virtual Machines) involved are deployed across multiple CSPs. Second, the difficulty of keeping track of all the files created during the forensic workflow. We developed CETS (Cloud Evidence Tracing System), which utilizes CSP's existing API to perform a variety of forensic operations including acquisition, preservation, and emulation, as well as data analysis and file management. To evaluate the system, we created three cloud environments in the laboratory, including a forensic target cloud, a preservation cloud, and an emulation cloud, and conducted a series of forensic experiments. CETS was shown to significantly increase the investigator's investigative efficiency and reduce the investigation workflow's resource consumption. Currently, CETS has collected data exceeding 2 PB, rerun more than 2000 virtual hosts, including servers and databases, supported more than 300 investigation cases related to cloud platforms. CETS can be an example system for efficient forensic investigation in large-scale cloud environment. Highlights: CETS provides solutions to overcome the difficult of collecting and tracking data in cloud forensics investigation program, which will significantly reduce the workload of investigators. Until now, CETS has collected data exceeding 2 PB, rerun more than 2000 virtual hosts including servers and databases. It has supported more than 300 investigation cases related to cloud platforms which could provide reference for efficient investigation under large-scale cloud environment. … (more)
- Is Part Of:
- Forensic science international. Volume 41(2022)
- Journal:
- Forensic science international
- Issue:
- Volume 41(2022)
- Issue Display:
- Volume 41, Issue 2022 (2022)
- Year:
- 2022
- Volume:
- 41
- Issue:
- 2022
- Issue Sort Value:
- 2022-0041-2022-0000
- Page Start:
- Page End:
- Publication Date:
- 2022-06
- Subjects:
- Integrated forensics -- Large-scale cloud -- Virtual machine
- Journal URLs:
- http://www.sciencedirect.com/ ↗
- DOI:
- 10.1016/j.fsidi.2022.301391 ↗
- Languages:
- English
- ISSNs:
- 2666-2817
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 21959.xml