Abstract
This paper presents the LogDrive framework for mitigating the following problems of storage forensics in Infrastructure-as-a-Service (IaaS) cloud environments: volatility, increasing volume of forensic data, and anti-forensic attacks that hide traces of incidents in virtual machines. The proposed proactive data collection function of virtual block devices mitigates the problem of volatility within the cloud environments and enables a time-traveling investigation to reveal overwritten or deleted evidence files. We employ a sector-hash-based file detection method with random sampling to search for an evidence file in the record of the write logs of the virtual storage. The problem formulation, the investigation context, and the design with five algorithms are presented. We explore the performance of LogDrive through a detailed evaluation. Finally, security analysis of LogDrive is presented based on the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege) threats model and related work. We posted the source code of LogDrive on GitHub.
Highlights
Our everyday lives depend on reliable and trusted cloud services located at distant data centers
We extend the previous work by introducing the formal notation, the problem formulation, the investigative context, the detailed design with five new algorithms, and security analysis based on the STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege) threats model [4]
We discuss how LogDrive can be adapted to larger cloud environments in the Discussion section
Summary
Our everyday lives depend on reliable and trusted cloud services located at distant data centers. Many products can be purchased from Internetbased marketplaces, and cloud-based office software and teleconferencing applications enable users to collaborate with colleagues in remote places. The systems of many Internet-based marketplaces and recent cloudbased applications are deployed in Infrastructure-as-aService (IaaS) cloud data centers [1]. This paper first describes three problems of cloud forensics: volatility, increasing volume of forensic data, and anti-forensic attacks. Reliable and efficient forensic investigation of the current cloud environments is essential as the volume of activity within them increases. We present two key technologies for mitigating the three problems: a wayback machine for a time-traveling
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
