Forensic Recovery and Intrusion Monitoring in the Cloud

Monday, 01 Jan 2018·
George Weir
,
Andreas Aßmuth
,
Nicholas Jäger
· 0 min read
Abstract
As organisations move away from locally hosted computer services toward Cloud platforms, there is a corresponding need to ensure the digital forensic integrity of such instances. This need is largely motivated by the locus of responsibility and also by the associated risk of legal sanction and financial penalty. Effective monitoring of activity and events is an essential aspect of such forensic readiness. A major concern is the risk that monitoring systems may themselves be targeted and affected by intruders, thereby nullifying the prospective benefits of such internal software surveillance facilities. In this paper, we outline an approach to intrusion monitoring that aims to ensure the credibility of log data and provide a means of data sharing that supports log reconstruction in the event that one or more logging systems is maliciously impaired. In addition, we identify and describe the multi-level interpretation problem as an inherent challenge to managing forensic recovery in the Cloud.
Type
Publication
International Journal On Advances in Security