CEAT: a cloud evidence acquisition tool for aiding forensic investigations in cloud systems

Abstract

Owing to the rise in cyber crime in cloud computing systems, cloud forensics has gained a lot of interest in the research community. Cloud forensic investigations differ from traditional forensic investigations due to the variability in architecture, lack of standardisation, distributed nature of cloud artefacts, scattered evidences and so on. The existing digital forensic tools cannot address these issues directly. The major challenge in cloud forensics is the identification and acquisition of artefacts. We propose a tool for forensic acquisition of artefacts on cloud systems. Our tool considers various artefacts such as cloud infrastructure logs, snapshots and volumes in addition to virtual disk and memory images. In this paper, we discuss the functional and non-functional requirements considered by our cloud forensic acquisition tool. We have implemented our solution on Openstack private IaaS cloud test bed.