Abstract
Computer forensics involves the collection, analysis, and reporting of information about security incidents and computer-based criminal activity. Cloud computing causes new challenges for the forensics process. This paper addresses three challenges for network forensics in an Infrastructure-as-a-Service (IaaS) environment: First, network forensics needs a mechanism for analysing network traffic remotely in the cloud. This task is complicated by dynamic migration of virtual machines. Second, forensics needs to be targeted at the virtual resources of a specific cloud user. In a multi-tenancy environment, in which multiple cloud clients share physical resources, forensics must not infringe the privacy and security of other users. Third, forensic data should be processed directly in the cloud to avoid a costly transfer of huge amounts of data to external investigators. This paper presents a generic model for network forensics in the cloud and defines an architecture that addresses above challenges. We validate this architecture with a prototype implementation based on the OpenNebula platform and the Xplico analysis tool.
Chapter PDF
Similar content being viewed by others
References
Almulhem, A., Traore, I.: Experience with engineering a network forensics system. In: Proc. of the 2005 Int. Conf. on Information Networking, Jeju (2005)
Beebe, N.: Digital forensic research: The good, the bad and the unaddressed. In: Peterson, G., Shenoi, S. (eds.) Advances in Digital Forensics V. IFIP AICT, vol. 306, pp. 17–36. Springer, Boston (2009)
Biggs, S.: Cloud computing: The impact on digital forensic investigations. In: Proc. of the 4th Int. Conf. for Internet Technology and Secured Transactions, ICITST (2009)
Birk, D.: Technical Challenges of Forensic Investigations in Cloud Computing Environments. In: Workshop on Cryptography and Security in Clouds, pp. 1–6 (2011)
Catteddu, D., Hogben, G.: Cloud Computing – Benefits, risks and recommendations for information security. ENISA Technical Report (2009)
Cohen, M.I.: PyFlag – an advanced network forensic framework. Digit. Investig. 5, 112–120 (2008)
Doelitzscher, F., Reich, C., Knahl, M., Clarke, N.: Incident Detection for Cloud Environments. In: EMERGING 2011, The Third International Conference on Emerging Network Intelligence, pp. 100–105 (2011)
Garfinkel, T., Pfaff, B., Chow, J., Rosenblum, M., Boneh, D.: Terra: a virtual machine-based platform for trusted computing. SIGOPS Oper. Syst. Rev. 37(5), 193–206 (2003)
Glavach, S., Zimmerman, D.: Cyber Forensics in the Cloud. IAnewsletter 14(1), 1–36 (2011)
Grobauer, B., Schreck, T.: Towards incident handling in the cloud. In: Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop, CCSW 2010, pp. 77–85. ACM Press, New York (2010)
Grobauer, B., Walloschek, T., Stocker, E.: Understanding Cloud Computing Vulnerabilities. IEEE Security & Privacy Magazine 9(2), 50–57 (2011)
Haggerty, J., Llewellyn-Jones, D., Taylor, M.: FORWEB: file fingerprinting for automated network forensics investigations. In: Proceedings of the First International Conference on Forensic Applications and Techniques in Telecommunications Information and Multimedia eForensics (2008)
Hoopes, J., Bawcom, A., Kenealy, P., Noonan, W., Schiller, C., Shore, F., Willems, C., Williams, D.: Virtualization for Security. Syngress Publishing, Burlington (2009)
Kent, K., Chevalier, S., Grance, T., Dang, H.: SP800-86: Guide to Integrating Forensic Techniques into Incident Response. National Institute of Standards and Technology, Gaithersburg (2006)
Mather, T., Kumaraswamy, S., Latif, S.: Cloud Security and Privacy – An Enterprise Perspecive on Risks and Compliance. O’Reilly Media, Sebastopol (2009)
Noblett, M.G., Pollitt, M.M., Presley, L.A.: Recovering and examining computer forensic evidence. Forensic Science Communications 2(4) (2000)
Pilli, E.S., Joshi, R.C., Niyogi, R.: Data reduction by identification and correlation of TCP/IP attack attributes for network forensics. In: Proceedings of the International Conference & Workshop on Emerging Trends in Technology, ICWET 2011, pp. 276–283. ACM Press, New York (2011)
Ranum, M.J.: Network forensics and traffic monitoring. Computer Security Journal, 35–39 (1997)
Ruan, K., Carthy, J., Kechadi, T., Crosbie, M.: Cloud Forensics. In: Advances in Digital Forensics VII, vol. 361, pp. 35–46 (2011)
Santos, N., Gummadi, K.P., Rodrigues, R.: Towards trusted cloud computing. In: Proceedings of the 2009 Conference on Hot Topics in Cloud Computing, HotCloud 2009, USENIX Association, Berkeley (2009)
Scarfone, K., Mell, P.: Guide to intrusion detection and prevention systems. NIST Special Publication 800-94 (2007)
Sempolinski, P., Thain, D.: A Comparison and Critique of Eucalyptus, OpenNebula and Nimbus. In: 2010 IEEE Second International Conference on Cloud Computing Technology and Science, 417–426. IEEE (November 2010)
Shanmugasundaram, K., Memon, N., Savant, A.: ForNet: A distributed forensics network. In: Second International Workshop on Mathematical Methods. Models and Architectures for Computer Networks Security (2003)
Somorovsky, J., Heiderich, M., Jensen, M.: All your clouds are belong to us: security analysis of cloud management interfaces. In: Proceedings of the ACM Cloud Computing Security Workshop, CCSW (2011)
Wang, H.-M., Yang, C.-H.: Design and implementation of a network forensics system for Linux. In: 2010 International Computer Symposium (ICS 2010), pp. 390–395. IEEE (December 2010)
Zafarullah, A.F., Anwar, Z.: Digital forensics for Eucalyptus. In: Proceedings of the, Frontiers of Information Technology, FIT 2011, pp. 110–116. IEEE Computer Society, Washington, DC (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 IFIP International Federation for Information Processing
About this paper
Cite this paper
Gebhardt, T., Reiser, H.P. (2013). Network Forensics for Cloud Computing. In: Dowling, J., Taïani, F. (eds) Distributed Applications and Interoperable Systems. DAIS 2013. Lecture Notes in Computer Science, vol 7891. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38541-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-38541-4_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38540-7
Online ISBN: 978-3-642-38541-4
eBook Packages: Computer ScienceComputer Science (R0)