Forensicloud: An Architecture for Digital Forensic Analysis in the Cloud
DOI:
https://doi.org/10.13052/jcsm2245-1439.331Keywords:
digital forensics, parallelization, cloud computing, cloud foren-sics, virtualization, virtual desktop infrastructure, HPC, cluster, infrastructure as a service, software as a serviceAbstract
The amount of data that must be processed in current digital forensic examinations continues to rise. Both the volume and diversity of data are obstacles to the timely completion of forensic investigations. Additionally, some law enforcement agencies do not have the resources to handle cases of even moderate size. To address these issues we have developed an architecture for a cloud-based distributed processing platform we have named Forensicloud. This architecture is designed to reduce the time taken to process digital evidence by leveraging the power of a high performance computing platform and by adapting existing tools to operate within this environment. Forensicloud’s Software and Infrastructure as a Service service models allow investigators to use remote virtual environments for investigating digital evidence. These environments allow investigators the ability to use licensed and unlicensed tools that they may not have had access to before and allows some of these tools to be run on computing clusters.
Downloads
References
Vdi: A new desktop strategy. Technical report, VMware Inc., Palo Alto, CA, 2006.
vsphere security esxi 5.1. Technical report, VMware Inc., Palo Alto, CA, 2012.
Citrix xenserver. http:www.citrix.comproductsxenserveroverview.html, 2014. Accessed: 2014-07-20.
Encase forensic. https:www.guidancesoftware.comproductsPagesencase-forensicoverview.aspx, 2014. Accessed: 2014-07-20.
Forensic tookkit. http:www.accessdata.comsolutionsdigitalforensicsftk, 2014. Accessed: 2014-07-20.
Household upload index - united states. http:www.netindex.comupload2, 1United-States, 2014. Accessed: 2014-07-21.
Kvm. http:www.linux-kvm.orgpageMain Page, 2014. Accessed: 2014-07-20.
Microsoft hyper-v. http:www.microsoft.comen-usserver-cloudsolutions virtualization.aspx, 2014. Accessed: 2014-07-20.
Mississippi optical network. http:mission.mississippi.edu, 2014. Accessed: 2014-07-25.
Openstack. http:www.openstack.org, 2014. Accessed: 2014-07-20.
Openvz. http:openvz.orgMain Page, 2014. Accessed: 2014-07-20.
Sleuth kit hadoop. http://www.sleuthkit.org/tsk hadoop/, 2014. Accessed: 2014-07-20.
Standards and guidelines tested under the cavp.http:csrc.nist.govgroups STMcavpstandards.html, 2014. Accessed: 2014-07-27.
Vmware esxi. http:www.vmware.comproductsvspherehypervisor, 2014. Accessed: 2014-07-20.
The volatility framework 2.31. https:code.google.compvolatility, 2014. Accessed: 2014-07-27.
Xen project. http:www.xenproject.org, 2014. Accessed: 2014-07-20.
Welcome to apache hadoop. http:www.hadoop.apache.org, (Accessed July 20 2014).
Simson Garfinkel, Paul Farrell, Vassil Roussev, and George Dinolt. Bringing science to digital forensics with standardized forensic corpora. digital investigation, 6:S2–S11, 2009.
Simson L Garfinkel. Digital forensics research: The next 10 years. Digital Investigation, 7:S64–S73, 2010.
Simson L Garfinkel. Digital media triage with bulk data analysis and bulk_extractor. Computers & Security, 32:56–72, 2013.
George Grispos, Tim Storer, and W Glisson. Calm before the storm: The challenges of cloud computing in digital forensics. International Journal of Digital Crime and Forensics, 4(2):28–48, 2012.
Phil Harvey. Exiftool 9.69. http:www.sno.phy.queensu.cap˜
hilexiftool, 2014. Accessed: 2014-07-27.
Hanan Hibshi, Timothy Vidas, and Lorrie Faith Cranor. Usability of forensics tools: a user study. In IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on, pages 81–91. IEEE, 2011.
Peter Mell and Tim Grance. The nist definition of cloud computing. 2011.
Scientific Working Group on Digital Evidence. Swgde model quality assurance manual for digital evidence laboratories, 2012.
Marc Parisi, David A Dampier, Rayford Vaughn, and Yoginder Dandass. Improving foremost execution speed by data and task level parallelization. 2009.
Nicole Perlroth. Tally of cyber extortion attacks on tech companies grows. http:bits.blogs.nytimes.com20140619tallyofcyberextortionattack sontechcompanies-grows?php=true& type=blogs&r=0,Accessed: 2014-07-20.
Openwall Project. John the ripper 1.7.9 jumbo 7. http:www.openwall.com john, 2014. Accessed: 2014-07-27.
Vassil Roussev. Scalable data correlation. In Eighth annual IFIP WG, volume 11, 2012.
Vassil Roussev. sdhash 3.4. http:roussev.netsdhashsdhash.html, 2014. Accessed: 2014-07-27.
Vassil Roussev, Candice Quates, and Robert Martell. Real-time digital forensics and triage. Digital Investigation, 10(2):158–167, 2013.
Vassil Roussev and Golden G Richard III. Breaking the performance wall: The case for distributed digital forensics. In Proceedings of the 2004 Digital Forensics Research Workshop, volume 94, 2004.
Vassil Roussev, Liqiang Wang, Golden Richard, and Lodovico Marziale. A cloud computing platform for large-scale forensic computing. In Advances in Digital Forensics V, pages 201–214. Springer, 2009.
Naval Postgraduate School. bulk extractor 1.5 alpha 6. https:github.comsi msongbulk_extractor, 2014. Accessed: 2014-07-27.