Show simple item record

dc.contributor.advisorCusack, Brian
dc.contributor.authorPiwari, Mark Tangiwai Mathew
dc.date.accessioned2016-08-05T01:44:55Z
dc.date.available2016-08-05T01:44:55Z
dc.date.copyright2016
dc.date.created2016
dc.identifier.urihttp://hdl.handle.net/10292/9984
dc.description.abstractIdentifying and acquiring data stored in a cloud environment is a complicated and challenging process. Much of the current academic forensic literature focuses on conventional digital forensic principles and meticulous chain of custody processes. Conventional computer forensics focuses upon having physical access to the media that stores the data of potential interest. However, in a cloud computing environment it is often not possible or feasible to access the physical media. The client's data may be stored on virtual servers on physical devices located in numerous data farms across various geographical locations making jurisdictional access also problematic. This research paper identifies the key aspects of cloud computing and analyses the reliability and integrity of the evidence gathering process during a digital investigation in a cloud environment. Case studies are presented in support of the research designed to assess whether existing digital forensics techniques are applicable to cloud investigations. The research examines technical and trust concerns that practitioners and law enforcement agencies (LEA) encounter in acquiring forensic evidence from a cloud. Research testing involved creating a simulated 'Infrastructure as a Service' (IaaS) cloud environment to evaluate the evidence gathering process between the cloud client and the Cloud Service Provider (CSP). The IaaS cloud environment was created in Microsoft Server 2012 Datacentre, Hyper-V. A Domain Controller was created in Active Directory and populated with user accounts and virtual machines (VMs); client VMs have Microsoft Windows 7 operating system installed. The primary aim of the research is to test the integrity and reliability of evidential data acquired during a digital forensic investigation in a cloud using existing forensic tools, methods and techniques. Research testing was conducted in a controlled home laboratory environment based on an exploratory approach. Microsoft Network Monitor 3.4, Hyper-V SnapShot and Forensic Tool Kit (FTK) were used to capture forensic data along with client and server side log files. Internet Explorer and Firefox were installed on a client-side VM and were used to extract user activity. The research findings demonstrate that although it may be technically possible to extract forensic evidence from the 'cloud' the investigative process presents significant jurisdictional and chain of custody challenges in the identification and seizure of evidential data by practitioners and law enforcement agencies (LEA) in criminal investigations and by businesses in civil litigation cases. It is also important that the evidential data collected can withstand rigorous scrutiny in a court of law.en_NZ
dc.language.isoenen_NZ
dc.publisherAuckland University of Technology
dc.subjectDigital forensicsen_NZ
dc.subjectClouden_NZ
dc.subjectCloud technologyen_NZ
dc.subjectIaaSen_NZ
dc.subjectDigital forensics in the clouden_NZ
dc.subjectDigital evidenceen_NZ
dc.subjectCloud investigatoren_NZ
dc.subjectHyper-Ven_NZ
dc.subjectVirtualizationen_NZ
dc.subjectMulti-tenancyen_NZ
dc.subjectCloud securityen_NZ
dc.subjectCross boarder jurisdictionen_NZ
dc.subjectCloud standardsen_NZ
dc.subjectPrivacyen_NZ
dc.subjectConfidentialityen_NZ
dc.subjectCloud service providersen_NZ
dc.subjectCSPsen_NZ
dc.subjectData validation toolsen_NZ
dc.subjectCloud servicesen_NZ
dc.subjectCloud modelsen_NZ
dc.titleDigital forensics in the cloud: the reliability and integrity of the evidence gathering processen_NZ
dc.typeThesis
thesis.degree.grantorAuckland University of Technology
thesis.degree.levelMasters Theses
thesis.degree.nameMaster of Forensic Information Technologyen_NZ
dc.rights.accessrightsOpenAccess
dc.date.updated2016-08-05T01:35:38Z


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record