Forensicloud: An Architecture for Digital Forensic Analysis in the Cloud

Authors

  • Cody Miller Distributed Analytics and Security Institute, Mississippi State University, Mississippi State, MS, USA
  • Dae Glendowne Distributed Analytics and Security Institute, Mississippi State University, Mississippi State, MS, USA
  • Dave Dampier Distributed Analytics and Security Institute, Mississippi State University, Mississippi State, MS, USA
  • Kendall Blaylock Distributed Analytics and Security Institute, Mississippi State University, Mississippi State, MS, USA

DOI:

https://doi.org/10.13052/jcsm2245-1439.331

Keywords:

digital forensics, parallelization, cloud computing, cloud foren-sics, virtualization, virtual desktop infrastructure, HPC, cluster, infrastructure as a service, software as a service

Abstract

The amount of data that must be processed in current digital forensic examinations continues to rise. Both the volume and diversity of data are obstacles to the timely completion of forensic investigations. Additionally, some law enforcement agencies do not have the resources to handle cases of even moderate size. To address these issues we have developed an architecture for a cloud-based distributed processing platform we have named Forensicloud. This architecture is designed to reduce the time taken to process digital evidence by leveraging the power of a high performance computing platform and by adapting existing tools to operate within this environment. Forensicloud’s Software and Infrastructure as a Service service models allow investigators to use remote virtual environments for investigating digital evidence. These environments allow investigators the ability to use licensed and unlicensed tools that they may not have had access to before and allows some of these tools to be run on computing clusters.

Downloads

Download data is not yet available.

Author Biographies

Cody Miller, Distributed Analytics and Security Institute, Mississippi State University, Mississippi State, MS, USA

Cody Miller is a Research Associate for the Distributed Analytics and Security Institute at Mississippi State University. Cody’s research interests are in Cloud Computing, Computer Security, and Digital Forensics. He has a B.S. and M.S. Degree in Computer Science & Engineering from Mississippi State University. In his graduate studies he worked for the National Forensics Training Center at Mississippi State University where he taught law enforcement officers digital forensics.

Dae Glendowne, Distributed Analytics and Security Institute, Mississippi State University, Mississippi State, MS, USA

Dae Glendowne is an Assistant Research Professor at the Distributed Analytics Security Institute at Mississippi State University. He is currently pursuing his Ph.D. in Computer Science at Mississippi State University. He has a B.S. Degree in Computer Science from the University of Tennessee at Martin and an M.S. Degree in Computer Science from Mississippi State University. His research interests include malware analysis, memory forensics, and applying machine learning to computer security problems.

Dave Dampier, Distributed Analytics and Security Institute, Mississippi State University, Mississippi State, MS, USA

Dr. Dave Dampier is a Professor of Computer Science & Engineering at Mississippi State University specializing in Digital Forensics and Information Security. He currently serves as Director of the Distributed Analytics and Security Institute, the university level research center charged with Cyber Security Research. In his current capacity, Dr. Dampier is the university lead for education and research in cyber security. Prior to joining MSU, Dr. Dampier spent 20 years active duty as an Army Automation Officer. He has a B.S. Degree in Mathematics from the University of Texas at El Paso, and M.S. and Ph.D. degrees in Computer Science from the Naval Postgraduate School. His research interests are in Cyber Security, Digital Forensics and Software Engineering.

Kendall Blaylock, Distributed Analytics and Security Institute, Mississippi State University, Mississippi State, MS, USA

Kendall Blaylock received his M.S. and B.S. degrees from Mississippi State University. During that time he worked as a research assistant in the area of computer forensics. After graduating from MSU he then went on to work for the National Forensic Training Center at MSU. At the NFTC Kendall is currently serving as a Research Associate III. The research associate position at the NFTC requires Kendall to be an instructor as well as a researcher in the area of digital forensics. As an instructor for the NFTC, Kendall provides training for law enforcement officers and Military Veterans. In addition to being an instructor for the NFTC, he also oversees and conducts research projects at the NFTC. These projects are intended to benefit the digital forensics community and allow law enforcement to conduct investigations in a more effective and efficient manner. Kendall’s background in the College of Business at MSU enables him to research where digital forensics is involved with business operations, such as the area of e-discovery and internal corporate investigation.

References

Vdi: A new desktop strategy. Technical report, VMware Inc., Palo Alto, CA, 2006.

vsphere security esxi 5.1. Technical report, VMware Inc., Palo Alto, CA, 2012.

Citrix xenserver. http:www.citrix.comproductsxenserveroverview.html, 2014. Accessed: 2014-07-20.

Encase forensic. https:www.guidancesoftware.comproductsPagesencase-forensicoverview.aspx, 2014. Accessed: 2014-07-20.

Forensic tookkit. http:www.accessdata.comsolutionsdigitalforensicsftk, 2014. Accessed: 2014-07-20.

Household upload index - united states. http:www.netindex.comupload2, 1United-States, 2014. Accessed: 2014-07-21.

Kvm. http:www.linux-kvm.orgpageMain Page, 2014. Accessed: 2014-07-20.

Microsoft hyper-v. http:www.microsoft.comen-usserver-cloudsolutions virtualization.aspx, 2014. Accessed: 2014-07-20.

Mississippi optical network. http:mission.mississippi.edu, 2014. Accessed: 2014-07-25.

Openstack. http:www.openstack.org, 2014. Accessed: 2014-07-20.

Openvz. http:openvz.orgMain Page, 2014. Accessed: 2014-07-20.

Sleuth kit hadoop. http://www.sleuthkit.org/tsk hadoop/, 2014. Accessed: 2014-07-20.

Standards and guidelines tested under the cavp.http:csrc.nist.govgroups STMcavpstandards.html, 2014. Accessed: 2014-07-27.

Vmware esxi. http:www.vmware.comproductsvspherehypervisor, 2014. Accessed: 2014-07-20.

The volatility framework 2.31. https:code.google.compvolatility, 2014. Accessed: 2014-07-27.

Xen project. http:www.xenproject.org, 2014. Accessed: 2014-07-20.

Welcome to apache hadoop. http:www.hadoop.apache.org, (Accessed July 20 2014).

Simson Garfinkel, Paul Farrell, Vassil Roussev, and George Dinolt. Bringing science to digital forensics with standardized forensic corpora. digital investigation, 6:S2–S11, 2009.

Simson L Garfinkel. Digital forensics research: The next 10 years. Digital Investigation, 7:S64–S73, 2010.

Simson L Garfinkel. Digital media triage with bulk data analysis and bulk_extractor. Computers & Security, 32:56–72, 2013.

George Grispos, Tim Storer, and W Glisson. Calm before the storm: The challenges of cloud computing in digital forensics. International Journal of Digital Crime and Forensics, 4(2):28–48, 2012.

Phil Harvey. Exiftool 9.69. http:www.sno.phy.queensu.cap˜

hilexiftool, 2014. Accessed: 2014-07-27.

Hanan Hibshi, Timothy Vidas, and Lorrie Faith Cranor. Usability of forensics tools: a user study. In IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on, pages 81–91. IEEE, 2011.

Peter Mell and Tim Grance. The nist definition of cloud computing. 2011.

Scientific Working Group on Digital Evidence. Swgde model quality assurance manual for digital evidence laboratories, 2012.

Marc Parisi, David A Dampier, Rayford Vaughn, and Yoginder Dandass. Improving foremost execution speed by data and task level parallelization. 2009.

Nicole Perlroth. Tally of cyber extortion attacks on tech companies grows. http:bits.blogs.nytimes.com20140619tallyofcyberextortionattack sontechcompanies-grows?php=true& type=blogs&r=0,Accessed: 2014-07-20.

Openwall Project. John the ripper 1.7.9 jumbo 7. http:www.openwall.com john, 2014. Accessed: 2014-07-27.

Vassil Roussev. Scalable data correlation. In Eighth annual IFIP WG, volume 11, 2012.

Vassil Roussev. sdhash 3.4. http:roussev.netsdhashsdhash.html, 2014. Accessed: 2014-07-27.

Vassil Roussev, Candice Quates, and Robert Martell. Real-time digital forensics and triage. Digital Investigation, 10(2):158–167, 2013.

Vassil Roussev and Golden G Richard III. Breaking the performance wall: The case for distributed digital forensics. In Proceedings of the 2004 Digital Forensics Research Workshop, volume 94, 2004.

Vassil Roussev, Liqiang Wang, Golden Richard, and Lodovico Marziale. A cloud computing platform for large-scale forensic computing. In Advances in Digital Forensics V, pages 201–214. Springer, 2009.

Naval Postgraduate School. bulk extractor 1.5 alpha 6. https:github.comsi msongbulk_extractor, 2014. Accessed: 2014-07-27.

Downloads

Published

2014-10-15

How to Cite

1.
Miller C, Glendowne D, Dampier D, Blaylock K. Forensicloud: An Architecture for Digital Forensic Analysis in the Cloud. JCSANDM [Internet]. 2014 Oct. 15 [cited 2024 Apr. 20];3(3):231-62. Available from: https://journals.riverpublishers.com/index.php/JCSANDM/article/view/6187

Issue

2014: Vol 3 Iss 3

Section

Articles