Top

Published in:

2019 | OriginalPaper | Chapter

Distributed Filesystem Forensics: Ceph as a Case Study

Authors : Krzysztof Nagrabski, Michael Hopkins, Milda Petraityte, Ali Dehghantanha, Reza M. Parizi, Gregory Epiphaniou, Mohammad Hammoudeh

Published in: Handbook of Big Data and IoT Security

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Cloud computing is becoming increasingly popular mainly because it offers more affordable technology and software solutions to start-ups and small and medium enterprises (SMEs). Depending on the business requirements there are various Cloud solution providers and services, yet because of this it becomes increasingly difficult for a digital investigator to collect and analyse all the relevant data when there is a need. Due to the complexity and increasing amounts of data, forensic investigation of Cloud is turning into a very complex and laborious endeavour. Ceph is a filesystem that provides a very high availability and data self-healing features, which ensure that data is always accessible without getting damaged or lost. Because of such features, Ceph is becoming a favourite file system for many cloud service providers. Hence, understanding the remnants of malicious users activities is become a priority in Ceph file system. In this paper, we are presenting residual evidences of users’ activities on Ceph file system on Linux Ubuntu 12.4 operating system and discuss the forensics relevance and importance of detected evidences. This research follows a well-known cloud forensics framework in collection, preservation and analysis of CephFS remnants on both client and server sides.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Private Cloud Storage Forensics: Seafile as a Case Study

next chapter Forensic Investigation of Cross Platform Massively Multiplayer Online Games: Minecraft as a Case Study

J. Baldwin, O. M. K. Alhawi, S. Shaughnessy, A. Akinbi, and A. Dehghantanha, Emerging from the cloud: A bibliometric analysis of cloud forensics studies, vol. 70. 2018.

B. Martini and K.-K. R. Choo, “Distributed filesystem forensics: XtreemFS as a case study,” Digit. Investig., vol. 11, no. 4, pp. 295–313, Dec. 2014.

K. Ruan, J. Carthy, T. Kechadi, and I. Baggili, “Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results,” Digit. Investig., vol. 10, no. 1, pp. 34–43, Jun. 2013.

E. Casey, “Cloud computing and digital forensics,” Digit. Investig., vol. 9, no. 2, pp. 69–70, 2012.

F. Daryabar, A. Dehghantanha, N. I. Udzir, N. Fazlida, S. Shamsuddin, and F. Norouzizadeh, “A Survey on Cloud Computing and Digital Forensics,” J. Next Gener. Inf. Technol., vol. 4, no. 6, pp. 62–74, 2013.

J. Dykstra and A. T. Sherman, “Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques,” Digit. Investig., vol. 9, pp. S90–S98, Aug. 2012.

A. Aminnezhad, A. Dehghantanha, M. T. Abdullah, and M. Damshenas, “Cloud Forensics Issues and Opportunities,” Int. J. Inf. Process. Manag, vol. 4, no. 4, 2013.

Y.-Y. Teing, A. Dehghantanha, and K.-K. R. Choo, “CloudMe forensics: A case of big data forensic investigation,” Concurr. Comput., 2017.

Y.-Y. Teing, D. Ali, K. Choo, M. T. Abdullah, and Z. Muda, “Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study,” IEEE Trans. Sustain. Comput., pp. 1–1, 2017.

10.

O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, “Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing,” EURASIP J. Wirel. Commun. Netw., vol. 2016, no. 1, p. 130, May 2016.

11.

Y.-Y. Teing, D. Ali, K.-K. R. Choo, M. Conti, and T. Dargahi, “Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study,” J. Forensics Sci., vol. [In Press], 2016.

12.

“Ceph Homepage - Ceph.” [Online]. Available: https://ceph.com/. [Accessed: 14-Feb-2018].

13.

F. Daryabar, A. Dehghantanha, and K.-K. R. Choo, “Cloud storage forensics: MEGA as a case study,” Aust. J. Forensic Sci., pp. 1–14, Apr. 2016.

14.

F. Daryabar, A. Dehghantanha, B. Eterovic-Soric, and K.-K. R. Choo, “Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices,” Aust. J. Forensic Sci., pp. 1–28, Mar. 2016.

15.

H. Haddadpajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “A Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting,” Futur. Gener. Comput. Syst., 2018.

16.

E. Oriwoh, D. Jazani, G. Epiphaniou, and P. Sant, “Internet of Things Forensics: Challenges and Approaches,” in Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2013, pp. 608–615.

17.

S. Watson and A. Dehghantanha, “Digital forensics: the missing piece of the Internet of Things promise,” Comput. Fraud Secur., vol. 2016, no. 6, pp. 5–8, Jun. 2016.

18.

M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things Security and Forensics: Challenges and Opportunities,” Futur. Gener. Comput. Syst., Jul. 2017.

19.

D. Quick and K.-K. R. Choo, “Impacts of increasing volume of digital forensic data: {A} survey and future research challenges,” Digit. Investig., vol. 11, no. 4, pp. 273–294, Dec. 2014.

20.

S. H. Mohtasebi, A. Dehghantanha, and K.-K. R. Choo, Cloud Storage Forensics: Analysis of Data Remnants on SpiderOak, JustCloud, and pCloud. 2016.

21.

S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, and R. Khayami, “Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence,” IEEE Trans. Emerg. Top. Comput., 2017.

22.

A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning,” IEEE Trans. Sustain. Comput., pp. 1–1, 2018.

23.

H. H. Pajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “Intelligent OS X malware threat detection with code inspection,” J. Comput. Virol. Hacking Tech., 2017.

24.

D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,” J. Comput. Sci., Nov. 2017.

25.

D. Birk and C. Wegener, “Technical Issues of Forensic Investigations in Cloud Computing Environments,” in 2011 IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), 2011, pp. 1–10.

26.

Y.-Y. Teing, A. Dehghantanha, K.-K. R. Choo, T. Dargahi, and M. Conti, “Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study,” J. Forensic Sci., vol. 62, no. 3, 2017.

27.

Y.-Y. Teing, A. Dehghantanha, K.-K. R. Choo, and L. T. Yang, “Forensic investigation of P2P cloud storage services and backbone for IoT networks: BitTorrent Sync as a case study,” Comput. Electr. Eng., vol. 22, no. 6, pp. 1–14, 2016.

28.

A. Dehghantanha and T. Dargahi, Residual Cloud Forensics: CloudMe and 360Yunpan as Case Studies. 2016.

29.

M. Shariati, A. Dehghantanha, B. Martini, and K.-K. R. Choo, “Chapter 19 - Ubuntu One investigation: Detecting evidences on client machines,” in The Cloud Security Ecosystem, R. K.-K. R. Choo, Ed. Boston: Syngress, 2015, pp. 429–446.CrossRef

30.

Y.-Y. Teing, D. Ali, K.-K. R. Choo, M. Zaiton, M. T. Abdullah, and W.-C. Chai, “A Closer Look at Syncany Windows and Ubuntu Clients’ Residual Artefacts,” in Proceedings of 9th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (SpaCCS 2016).

31.

M. Shariati, A. Dehghantanha, and K.-K. R. Choo, “SugarSync forensic analysis,” Aust. J. Forensic Sci., vol. 48, no. 1, pp. 95–117, Apr. 2015.

32.

B. Blakeley, C. Cooney, A. Dehghantanha, and R. Aspin, “Cloud Storage Forensic: hubiC as a Case-Study,” in 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), 2015, pp. 536–541.

33.

R. B. van Baar, H. M. a van Beek, and E. J. van Eijk, “Digital Forensics as a Service: A game changer,” Digit. Investig., vol. 11, pp. S54–S62, 2014.

34.

T. Dargahi, A. Dehghantanha, and M. Conti, Investigating Storage as a Service Cloud Platform: PCloud as a Case Study. 2016.

35.

M. Petraityte, A. Dehghantanha, and G. Epiphaniou, “A Model for Android and iOS Applications Risk Calculation: CVSS Analysis and Enhancement Using Case-Control Studies,” Springer, Cham, 2018, pp. 219–237.

36.

H. Haughey, G. Epiphaniou, H. Al-Khateeb, and A. Dehghantanha, Adaptive traffic fingerprinting for darknet threat intelligence, vol. 70. 2018.

37.

“NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response.”

38.

B. Martini and K.-K. R. Choo, “An integrated conceptual digital forensic framework for cloud computing,” Digit. Investig., vol. 9, no. 2, pp. 71–80, Nov. 2012.

39.

R. McKemmish, What is forensic computing? Canberra: Australian Institute of Criminology, 1999.

40.

“Intro to Ceph — Ceph Documentation.” [Online]. Available: http://docs.ceph.com/docs/master/start/intro/. [Accessed: 14-Feb-2018].

41.

N. Milosevic, A. Dehghantanha, and K.-K. R. Choo, “Machine learning aided Android malware classification,” Comput. Electr. Eng., vol. 61, 2017.

42.

S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, and R. Khayami, “BoTShark: A Deep Learning Approach for Botnet Traffic Detection,” Springer, Cham, 2018, pp. 137–153.

43.

M. Hopkins and A. Dehghantanha, “Exploit Kits: The production line of the Cybercrime economy?,” in 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), 2015, pp. 23–27.

44.

J. Baldwin and A. Dehghantanha, Leveraging support vector machine for opcode density based detection of crypto-ransomware, vol. 70. 2018.

45.

M. K. Pandya, S. Homayoun, and A. Dehghantanha, Forensics investigation of openflow-based SDN platforms, vol. 70. 2018.

Title: Distributed Filesystem Forensics: Ceph as a Case Study
Authors: Krzysztof Nagrabski
Michael Hopkins
Milda Petraityte
Ali Dehghantanha
Reza M. Parizi
Gregory Epiphaniou
Mohammad Hammoudeh
Publisher: Springer International Publishing
Book: Handbook of Big Data and IoT Security
Print ISBN: 978-3-030-10542-6

Electronic ISBN: 978-3-030-10543-3

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-10543-3_6

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner