Our recent work on a forensics-enabled cloud architecture was accepted in 11th Annual IFIP WG 11.9 International Conference on Digital Forensics
Shams Zawoad and Ragib Hasan, “FECloud: A Trustworthy Forensics-Enabled Cloud Architecture”, 11th Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida, Janurary 2015.
Abstract
The rapid migration from traditional computing and storage model to the cloud model creates the necessity of supporting reliable forensics in the cloud. However, today’s cloud computing architectures often lack support for forensic investigations because many of the assumptions that are taken for granted in traditional digital forensics do not apply to clouds. Hence, the existing digital forensics tools cannot handle the dynamic and black-box natures of clouds. Moreover, trustworthiness of evidence can be questionable because of the possibility of collusion between dishonest cloud providers, malicious users, and investigators. Since reliability and accuracy of evidence are very important factors while evaluating evidence during a criminal investigation and prosecution, we need to preserve the integrity of evidence before and after collecting from clouds. In this paper, we first identify the required properties to support trustworthy forensics in clouds. Based on the requirements, we propose a forensics-enabled cloud architecture (FECloud) to preserve and provide required evidence while protecting the privacy and integrity of the evidence. FECloud is designed on top of Openstack – a popular open source cloud computing platform. Incorporating architectures like FECloud may impose significant business impacts on Cloud Service Providers (CSP) as well as customers. CSPs can attract more customers with the assurance of providing proper forensics support. Likewise, customers do not require extreme investment on establishing their own forensics friendly infrastructures.