| Cloud computing has become the prevalent technical and business paradigm recently. Due to the characteristics of rapid elasticity, and simplicity of acquiring and releasing computing resources, an increasingly number of business companies and academic inst itutes have been using cloud services and investigating on them. However, current literature warns that cloud is not secure enough as expected and is becoming a new dreaming land for criminals. Taking SSH brute force attack and DoS attacks an example, they are easily performed in the cloud which would take damages to cloud services.Meanwhile, cloud forensics which is a technique to investigate crimes related to the clouds is facing new challenges, such as snapshot analysis, persistent storage, distributed environment, evidence identification, and lack of forensic tools.Targeting at solving the forensic challenges for brute force SSH attacks and DoS attacks which would produce a large amount of packages during attacks, this paper proposed a proactive forensic method. This method can provide live evidence from attack and reduced time for analyzing evidence. Moreover, this method combining the principles and practices of intrusion forensic and compute forensic for proactive evidence collection consists of three distinct stages, e.g., network traffic monitoring, OpenStack forensic, and computer forensic. In additions, this work defined a set of evidence for collection and designed a demo tool with four components based on the proposed method. These four components are alarming module, communication module, and OpenStack forensic module, and disk search moduleUnder the circumstance of brute force SSH attack and DoS attack happening in OpenStack IaaS cloud, the tests of four modules were carried out. In conclusions, it has proved that the proposed method can solve the forensic challenges for evidence acq uisition and it was available of acquiring evidence in the cloud. |
PDF Full Text Request