Cloud Network Data Acquisition Challenges

Abstract

The challenge and problem for network investigators is that many of the data repositories are now virtualized and Cloud distributed. This paper reviews the extraction of evidence from virtualized RAM in the Cloud context on two virtual machines. Such evidence informs network system fault correction, and attack diagnosis. The contribution of this research is to promote an awareness of valuable evidence held in Cloud virtual machines, where it is located, and the extraction tools kits required. A challenge for network investigators is the variation in distributed network architecture and protocols. There is little consistency in the Cloud environment beyond proprietary dominance of Cloud services, and vendor virtualization provisions. This exploratory research takes up this challenge and demonstrates a working solution to the extraction of data in Cloud distributed networks.