Managing Forensic Recovery in the Cloud
George R. S. Weir, Andreas A{\ss}muth, Nicholas J\"ager
TL;DR
This paper discusses methods for maintaining forensic integrity in cloud environments by enhancing multi-level monitoring to detect and review changes, addressing legal and operational concerns.
Contribution
It introduces an improved multi-level monitoring approach for cloud forensic recovery, building on existing intrusion detection techniques.
Findings
Enhanced monitoring enables better detection of hostile actions.
Multi-level analysis facilitates review of historical system changes.
Supports legal and operational forensic requirements.
Abstract
As organisations move away from locally hosted computer services toward Cloud platforms, there is a corresponding need to ensure the forensic integrity of such instances. The primary reasons for concern are (i) the locus of responsibility, and (ii) the associated risk of legal sanction and financial penalty. Building upon previously proposed techniques for intrusion monitoring, we highlight the multi-level interpretation problem, propose enhanced monitoring of Cloud-based systems at diverse operational and data storage level as a basis for review of historical change across the hosted system and afford scope to identify any data impact from hostile action or 'friendly fire'.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsDigital and Cyber Forensics · Advanced Malware Detection Techniques · Anomaly Detection Techniques and Applications