Towards the Forensic Identification and Investigation of Cloud Hosted Servers through Noninvasive Wiretaps
This addresses a domain-specific challenge for cybercrime investigators by offering a noninvasive tool to streamline server identification in uncooperative cloud environments, representing an incremental improvement over existing methods.
The paper tackles the problem of identifying specific servers in cloud data centers for cybercrime investigations when provider cooperation is lacking, presenting a handheld device with undetectable Ethernet interception that enables rapid and reliable identification, though no concrete performance numbers are provided.
When conducting modern cybercrime investigations, evidence has often to be gathered from computer systems located at cloud-based data centres of hosting providers. In cases where the investigation cannot rely on the cooperation of the hosting provider, or where documentation is not available, investigators can often find the identification of which distinct server among many is of interest difficult and extremely time consuming. To address the problem of identifying these servers, in this paper a new approach to rapidly and reliably identify these cloud hosting computer systems is presented. In the outlined approach, a handheld device composed of an embedded computer combined with a method of undetectable interception of Ethernet based communications is presented. This device is tested and evaluated, and a discussion is provided on its usefulness in identifying of server of interest to an investigation.