Home // International Journal On Advances in Security, volume 11, numbers 3 and 4, 2018 // View article

Forensic Recovery and Intrusion Monitoring in the Cloud

Authors:
George Weir
Andreas Aßmuth
Nicholas Jäger

Keywords: Cloud security; forensic readiness; intrusion monitoring; multi-level interpretation; secure data retention.

Abstract:
As organisations move away from locally hosted computer services toward Cloud platforms, there is a corresponding need to ensure the digital forensic integrity of such instances. This need is largely motivated by the locus of responsibility and also by the associated risk of legal sanction and financial penalty. Effective monitoring of activity and events is an essential aspect of such forensic readiness. A major concern is the risk that monitoring systems may themselves be targeted and affected by intruders, thereby nullifying the prospective benefits of such internal software surveillance facilities. In this paper, we outline an approach to intrusion monitoring that aims to ensure the credibility of log data and provide a means of data sharing that supports log reconstruction in the event that one or more logging systems is maliciously impaired. In addition, we identify and describe the multi-level interpretation problem as an inherent challenge to managing forensic recovery in the Cloud.

Pages: 264 to 273

Copyright: Copyright (c) to authors, 2018. Used with permission.

Publication date: December 30, 2018

Published in: journal

ISSN: 1942-2636