Proceedings of 10th International Conference on Availability, Reliability and Security (ARES 2015)

Authors: Schut, Hessel; Scanlon, Mark; Farina, Jason and Le-Khac, Nhien-An

Publication Date: August 2015

Publication Name: Proceedings of 10th International Conference on Availability, Reliability and Security (ARES 2015)

Abstract:

When conducting modern cybercrime investigations, evidence has often to be gathered from computer systems located at cloud-based data centres of hosting providers. In cases where the investigation cannot rely on the cooperation of the hosting provider, or where documentation is not available, investigators can often find the identification of which distinct server among many is of interest difficult and extremely time consuming. To address the problem of identifying these servers, in this paper a new approach to rapidly and reliably identify these cloud hosting computer systems is presented. In the outlined approach, a handheld device composed of an embedded computer combined with a method of undetectable interception of Ethernet based communications is presented. This device is tested and evaluated, and a discussion is provided on its usefulness in identifying of server of interest to an investigation.

Download:

Download Paper as PDF

BibTeX Entry:

@inproceedings{schut2015cloudwiretap,
author={Schut, Hessel and Scanlon, Mark and Farina, Jason and Le-Khac, Nhien-An},
booktitle="{Proceedings of 10th International Conference on Availability, Reliability and Security (ARES 2015)}",
title="{Towards the Forensic Identification and Investigation of Cloud Hosted Servers through Noninvasive Wiretaps}",
year="2015",
month="08",
address="Toulouse, France",
publisher={IEEE},
abstract="When conducting modern cybercrime investigations, evidence has often to be gathered from computer systems located at cloud-based data centres of hosting providers. In cases where the investigation cannot rely on the cooperation of the hosting provider, or where documentation is not available, investigators can often find the identification of which distinct server among many is of interest difficult and extremely time consuming. To address the problem of identifying these servers, in this paper a new approach to rapidly and reliably identify these cloud hosting computer systems is presented. In the outlined approach, a handheld device composed of an embedded computer combined with a method of undetectable interception of Ethernet based communications is presented. This device is tested and evaluated, and a discussion is provided on its usefulness in identifying of server of interest to an investigation."
}