Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Automated file extraction in a cloud environment for forensic analysis
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
2017 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

The possibility to use the snapshot functionality of OpenStack as a method of securing evidence has been examined in this paper. In addition, the possibility of extracting evidence automatically using an existing operation tool has been investigated. The usability of snapshots in a forensic investigation was examined by conducting a series of tests on both snapshots and physical disk images. The results of the tests were then compared to evaluate the usefulness of the snapshot. Automatic extraction of evidence was investigated by implementing a solution using Ansible and evaluating the algorithm based on the existing standard ISO 27037. It was concluded that the snapshots created by OpenStack behaves similar enough to disks to be useful in a forensic investigation. The algorithm proposed to extract evidence automatically seems to not breach the standard.

Abstract [sv]

Möjligheten att använda OpenStacks ögonblicks funktion som metod för att säkra bevis har granskats i detta papper. Dessutom har möjligheten att extrahera bevis automatiskt med ett befintligt automatiseringsverktyg undersökts. Användbarheten av ögonblicksbilder i en rättslig utredning undersöktes genom att genomföra en serie tester påbåde ögonblicksbilder och fysiska disk avbilder. Resultaten av testerna jämfördes sedan för att utvärdera användbarheten av ögonblicksbilden. Automatisk utvinning av bevis undersöktes genom att implementera en lösning med Ansible och utvärdera algoritmen baserat påden befintliga standarden ISO 27037. Det drogs slutsatsen att de ögonblicksbilder som skapats av OpenStack beter sig tillräckligt lika en fysisk disk för att avbilderna ska vara användbara vid en råttslig utredning. Den algoritm som föreslås att extrahera bevis automatiskt tycks inte bryta mot standarden.

Place, publisher, year, edition, pages
2017. , 59 p.
Keyword [en]
Forensic, Qcow, OpenStack, Snapshot
Keyword [sv]
Forensik, Qcow, OpenStack, Ögonblicksbild
National Category
Other Engineering and Technologies not elsewhere specified
Identifiers
URN: urn:nbn:se:bth-14692OAI: oai:DiVA.org:bth-14692DiVA: diva2:1114367
External cooperation
City Network Hosting AB
Subject / course
Degree Project in Master of Science in Engineering 30.0
Educational program
DVACD Master of Science in Computer Security
Supervisors
Examiners
Available from: 2017-06-26 Created: 2017-06-22 Last updated: 2017-06-26Bibliographically approved

Open Access in DiVA

fulltext(2547 kB)52 downloads
File information
File name FULLTEXT02.pdfFile size 2547 kBChecksum SHA-512
380a2a13e47fe7377f041dfa9f8c859b38402dcade09f10cb3a21f1cc3a2f0a87b06e29c695b8b65634a99c06601d6af2cc9c582e0a45a9cb91681bb9bbf4c08
Type fulltextMimetype application/pdf

By organisation
Department of Computer Science and Engineering
Other Engineering and Technologies not elsewhere specified

Search outside of DiVA

GoogleGoogle Scholar
Total: 52 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 230 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf