Using network data to improve digital investigation in cloud computing environments

2015 International Conference on High Performance Computing & Simulation (HPCS) Pub Date : 2015-07-20 DOI:10.1109/HPCSim.2015.7237027

Daniel Spiekermann, Tobias Eggendorfer, J. Keller

{"title":"Using network data to improve digital investigation in cloud computing environments","authors":"Daniel Spiekermann, Tobias Eggendorfer, J. Keller","doi":"10.1109/HPCSim.2015.7237027","DOIUrl":null,"url":null,"abstract":"With the rise of cloud computing environments and the increasingly ubiquitous utilization of its opportunities, the amount of data analysed in a traditional digital forensic examination is increasing significantly, thus increasing the risk to miss evidence. Without adopting new methodology or different approaches investigators are unable to guarantee a valid digital forensic investigation. Due to the large amount of cloud platforms it is hardly feasible to identify them when investigating a computer. Knowing all different services of cloud computing platforms is impossible for a human. The paper therefore proposes to investigate raw network data in order to improve the complete digital investigation process by correlating network and computer forensic parts. We present a new method to analyse network traffic to find information about the usage of cloud specific data. With the possibility to automate this extraction and the comparison with a cloud service knowledge base, the error rate of a forensic investigation is reduced. It also reduces the risk of human errors.","PeriodicalId":134009,"journal":{"name":"2015 International Conference on High Performance Computing & Simulation (HPCS)","volume":"30 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-07-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 International Conference on High Performance Computing & Simulation (HPCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HPCSim.2015.7237027","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

Abstract

With the rise of cloud computing environments and the increasingly ubiquitous utilization of its opportunities, the amount of data analysed in a traditional digital forensic examination is increasing significantly, thus increasing the risk to miss evidence. Without adopting new methodology or different approaches investigators are unable to guarantee a valid digital forensic investigation. Due to the large amount of cloud platforms it is hardly feasible to identify them when investigating a computer. Knowing all different services of cloud computing platforms is impossible for a human. The paper therefore proposes to investigate raw network data in order to improve the complete digital investigation process by correlating network and computer forensic parts. We present a new method to analyse network traffic to find information about the usage of cloud specific data. With the possibility to automate this extraction and the comparison with a cloud service knowledge base, the error rate of a forensic investigation is reduced. It also reduces the risk of human errors.

查看原文本刊更多论文

利用网络数据改进云计算环境下的数字调查

随着云计算环境的兴起和对其机会的日益普遍的利用，在传统的数字法医检查中分析的数据量正在显著增加，从而增加了丢失证据的风险。如果不采用新的方法或不同的方法，调查人员无法保证有效的数字法医调查。由于大量的云平台，在调查一台计算机时很难识别它们。了解云计算平台的所有不同服务对人类来说是不可能的。因此，本文提出对原始网络数据进行调查，将网络和计算机取证部分相关联，以改进完整的数字调查过程。我们提出了一种新的方法来分析网络流量，以找到有关云特定数据使用的信息。由于可以自动进行提取并与云服务知识库进行比较，因此降低了取证调查的错误率。它还减少了人为错误的风险。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2015 International Conference on High Performance Computing & Simulation (HPCS)

自引率

0.00%

发文量