Abstract
Cloud computing is becoming increasingly popular mainly because it offers more affordable technology and software solutions to start-ups and small and medium enterprises (SMEs). Depending on the business requirements there are various Cloud solution providers and services, yet because of this it becomes increasingly difficult for a digital investigator to collect and analyse all the relevant data when there is a need. Due to the complexity and increasing amounts of data, forensic investigation of Cloud is turning into a very complex and laborious endeavour. Ceph is a filesystem that provides a very high availability and data self-healing features, which ensure that data is always accessible without getting damaged or lost. Because of such features, Ceph is becoming a favourite file system for many cloud service providers. Hence, understanding the remnants of malicious users activities is become a priority in Ceph file system. In this paper, we are presenting residual evidences of users’ activities on Ceph file system on Linux Ubuntu 12.4 operating system and discuss the forensics relevance and importance of detected evidences. This research follows a well-known cloud forensics framework in collection, preservation and analysis of CephFS remnants on both client and server sides.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
J. Baldwin, O. M. K. Alhawi, S. Shaughnessy, A. Akinbi, and A. Dehghantanha, Emerging from the cloud: A bibliometric analysis of cloud forensics studies, vol. 70. 2018.
B. Martini and K.-K. R. Choo, “Distributed filesystem forensics: XtreemFS as a case study,” Digit. Investig., vol. 11, no. 4, pp. 295–313, Dec. 2014.
K. Ruan, J. Carthy, T. Kechadi, and I. Baggili, “Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results,” Digit. Investig., vol. 10, no. 1, pp. 34–43, Jun. 2013.
E. Casey, “Cloud computing and digital forensics,” Digit. Investig., vol. 9, no. 2, pp. 69–70, 2012.
F. Daryabar, A. Dehghantanha, N. I. Udzir, N. Fazlida, S. Shamsuddin, and F. Norouzizadeh, “A Survey on Cloud Computing and Digital Forensics,” J. Next Gener. Inf. Technol., vol. 4, no. 6, pp. 62–74, 2013.
J. Dykstra and A. T. Sherman, “Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques,” Digit. Investig., vol. 9, pp. S90–S98, Aug. 2012.
A. Aminnezhad, A. Dehghantanha, M. T. Abdullah, and M. Damshenas, “Cloud Forensics Issues and Opportunities,” Int. J. Inf. Process. Manag, vol. 4, no. 4, 2013.
Y.-Y. Teing, A. Dehghantanha, and K.-K. R. Choo, “CloudMe forensics: A case of big data forensic investigation,” Concurr. Comput., 2017.
Y.-Y. Teing, D. Ali, K. Choo, M. T. Abdullah, and Z. Muda, “Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study,” IEEE Trans. Sustain. Comput., pp. 1–1, 2017.
O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, “Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing,” EURASIP J. Wirel. Commun. Netw., vol. 2016, no. 1, p. 130, May 2016.
Y.-Y. Teing, D. Ali, K.-K. R. Choo, M. Conti, and T. Dargahi, “Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study,” J. Forensics Sci., vol. [In Press], 2016.
“Ceph Homepage - Ceph.” [Online]. Available: https://ceph.com/. [Accessed: 14-Feb-2018].
F. Daryabar, A. Dehghantanha, and K.-K. R. Choo, “Cloud storage forensics: MEGA as a case study,” Aust. J. Forensic Sci., pp. 1–14, Apr. 2016.
F. Daryabar, A. Dehghantanha, B. Eterovic-Soric, and K.-K. R. Choo, “Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices,” Aust. J. Forensic Sci., pp. 1–28, Mar. 2016.
H. Haddadpajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “A Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting,” Futur. Gener. Comput. Syst., 2018.
E. Oriwoh, D. Jazani, G. Epiphaniou, and P. Sant, “Internet of Things Forensics: Challenges and Approaches,” in Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2013, pp. 608–615.
S. Watson and A. Dehghantanha, “Digital forensics: the missing piece of the Internet of Things promise,” Comput. Fraud Secur., vol. 2016, no. 6, pp. 5–8, Jun. 2016.
M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things Security and Forensics: Challenges and Opportunities,” Futur. Gener. Comput. Syst., Jul. 2017.
D. Quick and K.-K. R. Choo, “Impacts of increasing volume of digital forensic data: {A} survey and future research challenges,” Digit. Investig., vol. 11, no. 4, pp. 273–294, Dec. 2014.
S. H. Mohtasebi, A. Dehghantanha, and K.-K. R. Choo, Cloud Storage Forensics: Analysis of Data Remnants on SpiderOak, JustCloud, and pCloud. 2016.
S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, and R. Khayami, “Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence,” IEEE Trans. Emerg. Top. Comput., 2017.
A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning,” IEEE Trans. Sustain. Comput., pp. 1–1, 2018.
H. H. Pajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “Intelligent OS X malware threat detection with code inspection,” J. Comput. Virol. Hacking Tech., 2017.
D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,” J. Comput. Sci., Nov. 2017.
D. Birk and C. Wegener, “Technical Issues of Forensic Investigations in Cloud Computing Environments,” in 2011 IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), 2011, pp. 1–10.
Y.-Y. Teing, A. Dehghantanha, K.-K. R. Choo, T. Dargahi, and M. Conti, “Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study,” J. Forensic Sci., vol. 62, no. 3, 2017.
Y.-Y. Teing, A. Dehghantanha, K.-K. R. Choo, and L. T. Yang, “Forensic investigation of P2P cloud storage services and backbone for IoT networks: BitTorrent Sync as a case study,” Comput. Electr. Eng., vol. 22, no. 6, pp. 1–14, 2016.
A. Dehghantanha and T. Dargahi, Residual Cloud Forensics: CloudMe and 360Yunpan as Case Studies. 2016.
M. Shariati, A. Dehghantanha, B. Martini, and K.-K. R. Choo, “Chapter 19 - Ubuntu One investigation: Detecting evidences on client machines,” in The Cloud Security Ecosystem, R. K.-K. R. Choo, Ed. Boston: Syngress, 2015, pp. 429–446.
Y.-Y. Teing, D. Ali, K.-K. R. Choo, M. Zaiton, M. T. Abdullah, and W.-C. Chai, “A Closer Look at Syncany Windows and Ubuntu Clients’ Residual Artefacts,” in Proceedings of 9th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (SpaCCS 2016).
M. Shariati, A. Dehghantanha, and K.-K. R. Choo, “SugarSync forensic analysis,” Aust. J. Forensic Sci., vol. 48, no. 1, pp. 95–117, Apr. 2015.
B. Blakeley, C. Cooney, A. Dehghantanha, and R. Aspin, “Cloud Storage Forensic: hubiC as a Case-Study,” in 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), 2015, pp. 536–541.
R. B. van Baar, H. M. a van Beek, and E. J. van Eijk, “Digital Forensics as a Service: A game changer,” Digit. Investig., vol. 11, pp. S54–S62, 2014.
T. Dargahi, A. Dehghantanha, and M. Conti, Investigating Storage as a Service Cloud Platform: PCloud as a Case Study. 2016.
M. Petraityte, A. Dehghantanha, and G. Epiphaniou, “A Model for Android and iOS Applications Risk Calculation: CVSS Analysis and Enhancement Using Case-Control Studies,” Springer, Cham, 2018, pp. 219–237.
H. Haughey, G. Epiphaniou, H. Al-Khateeb, and A. Dehghantanha, Adaptive traffic fingerprinting for darknet threat intelligence, vol. 70. 2018.
“NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response.”
B. Martini and K.-K. R. Choo, “An integrated conceptual digital forensic framework for cloud computing,” Digit. Investig., vol. 9, no. 2, pp. 71–80, Nov. 2012.
R. McKemmish, What is forensic computing? Canberra: Australian Institute of Criminology, 1999.
“Intro to Ceph — Ceph Documentation.” [Online]. Available: http://docs.ceph.com/docs/master/start/intro/. [Accessed: 14-Feb-2018].
N. Milosevic, A. Dehghantanha, and K.-K. R. Choo, “Machine learning aided Android malware classification,” Comput. Electr. Eng., vol. 61, 2017.
S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, and R. Khayami, “BoTShark: A Deep Learning Approach for Botnet Traffic Detection,” Springer, Cham, 2018, pp. 137–153.
M. Hopkins and A. Dehghantanha, “Exploit Kits: The production line of the Cybercrime economy?,” in 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), 2015, pp. 23–27.
J. Baldwin and A. Dehghantanha, Leveraging support vector machine for opcode density based detection of crypto-ransomware, vol. 70. 2018.
M. K. Pandya, S. Homayoun, and A. Dehghantanha, Forensics investigation of openflow-based SDN platforms, vol. 70. 2018.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Nagrabski, K. et al. (2019). Distributed Filesystem Forensics: Ceph as a Case Study. In: Dehghantanha, A., Choo, KK. (eds) Handbook of Big Data and IoT Security. Springer, Cham. https://doi.org/10.1007/978-3-030-10543-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-10543-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-10542-6
Online ISBN: 978-3-030-10543-3
eBook Packages: Computer ScienceComputer Science (R0)