A Novel Methodology to Acquire Live Big Data Evidence from the Cloud

Autor: Giancarlo De Maio, Giuseppe Cattaneo, Gianluca Roscigno, Alfredo De Santis, Aniello Castiglione
Rok vydání: 2019
Předmět:
Zdroj: IEEE Transactions on Big Data. 5:425-438
ISSN: 2372-2096
DOI: 10.1109/tbdata.2017.2683521
Popis: In the last decade Digital Forensics has experienced several issues when dealing with network evidence. Collecting network evidence is difficult due to its volatility. In fact, such information may change over time, may be stored on a server out jurisdiction or geographically far from the crime scene. On the other hand, the explosion of the Cloud Computing as the implementation of the Software as a Service (SaaS) paradigm is pushing users toward remote data repositories such as Dropbox, Amazon Cloud Drive, Apple iCloud, Google Drive, Microsoft OneDrive. In this paper is proposed a novel methodology for the collection of network evidence. In particular, it is focused on the collection of information from online services, such as web pages, chats, documents, photos and videos. The methodology is suitable for both expert and non-expert analysts as it “drives” the user through the whole acquisition process. During the acquisition, the information received from the remote source is automatically collected. It includes not only network packets, but also any information produced by the client upon its interpretation (such as video and audio output). A trusted-third-party, acting as a digital notary , is introduced in order to certify both the acquired evidence (i.e., the information obtained from the remote service) and the acquisition process (i.e., all the activities performed by the analysts to retrieve it). A proof-of-concept prototype, called LINEA , has been implemented to perform an experimental evaluation of the methodology.
Databáze: OpenAIRE
Externí odkaz: