In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
» Openaccess proceedings » 6th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2011)
6th International Workshop on Digital Forensics and Incident Analysis (WDFIA 2011) |
Title: A Signature Detection Scheme for Distributed Storage
Author(s): Robert Hegarty, Madjid Merabti, Qi Shi, Robert Askwith
Reference: pp122-132
Keywords: Signature detection, Cloud Computing, Digital Forensics
Abstract: Cloud computing is an emerging model of computing that offers elastic scalable computing resources to many concurrent users worldwide. It provides resources that are paid for as they are consumed, dynamically scaled to suit the demands of the user, which makes it attractive to organisations that wish to consolidate resources by creating their own elastic resource platforms or outsource to obtain more flexible cost effective computing resources. The scale and dynamic nature of cloud computing creates significant challenges for their management, including investigating malicious activity and/or policy failure. Digital forensics is the practice of analysing computers for evidence of crime or breach of policy. Among the various techniques employed to forensically analyse computer systems, file signatures are commonly used. This paper identifies the barriers to applying existing signature detection techniques to the large scale distributed storage platforms provided by cloud computing. The focus of this paper is the development of a model to determine a suitable signature length for use in the forensic analysis of a large distributed set of files. By reducing the signature length we show that we can reduce the amount of data required to carry out signature detection as this is one of the constraints preventing exiting techniques from being applied to cloud platforms. Through experimentation we validate our model and show that it is possible to use shorter length signatures to accurately carry out forensic analysis if factors such as the scale of the data undergoing analysis and the scale of the signature set used for the analysis are taken into account.
Download count: 1810
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.