Title: CEAT: a cloud evidence acquisition tool for aiding forensic investigations in cloud systems

Authors: Geetha Meera; BKSP Kumar Raju Alluri; G. Geethakumari

Addresses: BITS Pilani Hyderabad Campus, Hyderabad, India ' BITS Pilani Hyderabad Campus, Hyderabad, India ' BITS Pilani Hyderabad Campus, Hyderabad, India

Abstract: Owing to the rise in cyber crime in cloud computing systems, cloud forensics has gained a lot of interest in the research community. Cloud forensic investigations differ from traditional forensic investigations due to the variability in architecture, lack of standardisation, distributed nature of cloud artefacts, scattered evidences and so on. The existing digital forensic tools cannot address these issues directly. The major challenge in cloud forensics is the identification and acquisition of artefacts. We propose a tool for forensic acquisition of artefacts on cloud systems. Our tool considers various artefacts such as cloud infrastructure logs, snapshots and volumes in addition to virtual disk and memory images. In this paper, we discuss the functional and non-functional requirements considered by our cloud forensic acquisition tool. We have implemented our solution on Openstack private IaaS cloud test bed.

Keywords: cloud computing; digital forensics; acquisition; preservation.

DOI: 10.1504/IJTMCC.2016.084562

International Journal of Trust Management in Computing and Communications, 2016 Vol.3 No.4, pp.360 - 372

Received: 16 Apr 2016
Accepted: 27 Jun 2016

Published online: 08 Jun 2017 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article