Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers

Research Article

Formal Parameterization of Log Synchronization Events within a Distributed Forensic Compute Cloud Database Environment

Download
359 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-35515-8_13,
        author={Sean Thorpe and Indrakshi Ray and Indrajit Ray and Tyrone Grandison and Abbie Barbir and Robert France},
        title={Formal Parameterization of Log Synchronization Events within a Distributed Forensic Compute Cloud Database Environment},
        proceedings={Digital Forensics and Cyber Crime. Third International ICST Conference, ICDF2C 2011, Dublin, Ireland, October 26-28, 2011, Revised Selected Papers},
        proceedings_a={ICDF2C},
        year={2012},
        month={12},
        keywords={Cloud Forensic log parameterized event},
        doi={10.1007/978-3-642-35515-8_13}
    }
    
  • Sean Thorpe
    Indrakshi Ray
    Indrajit Ray
    Tyrone Grandison
    Abbie Barbir
    Robert France
    Year: 2012
    Formal Parameterization of Log Synchronization Events within a Distributed Forensic Compute Cloud Database Environment
    ICDF2C
    Springer
    DOI: 10.1007/978-3-642-35515-8_13
Sean Thorpe1,*, Indrakshi Ray2,*, Indrajit Ray2,*, Tyrone Grandison3,*, Abbie Barbir4,*, Robert France2,*
  • 1: University of Technology
  • 2: Colorado State University
  • 3: IBM Research
  • 4: Bank of America
*Contact email: thorpe.sean@gmail.com, iray@cs.colostate.edu, indrajit@cs.colostate.edu, tyroneg@us.ibm.com, abbie.barbir@bankofamerica.com, france@cs.colostate.edu

Abstract

Advances in virtual server internetworking and the Internet have been accompanied by increased incidences of computer related crimes for such domains. At the same time, the number of sources of potential evidence in any particular cloud computing forensic investigation has grown considerably, as evidence of the occurrence of relevant events can potentially be drawn not only from multiple computers, networks, and electronic systems but also from disparate personal, organizational, and governmental contexts. Potentially, this leads to significant improvements in forensic outcomes but is accompanied by an increase in complexity and scale of the event information, particularly since such information is treated as composite events. In order for digital investigators to effectively administer the virtual machine(VM) environments they need to have automated methods for correlating and synchronizing such event data as a critical concern. The contribution of the paper is the provision of a University case study of our ongoing work that integrates an automated detection of a computer forensic scenario for virtual network server clouds. This is work based upon facts derived from digital events synchronized within the VM environment. We use our preliminary case evaluations to present the formal parameterized context for which such VM log events are likely to occur based on the event condition action (ECA) paradigm adopted from work done in [16][19].