Skip to main content

Distributed Filesystem Forensics: Ceph as a Case Study

  • Chapter
  • First Online:
Handbook of Big Data and IoT Security

Abstract

Cloud computing is becoming increasingly popular mainly because it offers more affordable technology and software solutions to start-ups and small and medium enterprises (SMEs). Depending on the business requirements there are various Cloud solution providers and services, yet because of this it becomes increasingly difficult for a digital investigator to collect and analyse all the relevant data when there is a need. Due to the complexity and increasing amounts of data, forensic investigation of Cloud is turning into a very complex and laborious endeavour. Ceph is a filesystem that provides a very high availability and data self-healing features, which ensure that data is always accessible without getting damaged or lost. Because of such features, Ceph is becoming a favourite file system for many cloud service providers. Hence, understanding the remnants of malicious users activities is become a priority in Ceph file system. In this paper, we are presenting residual evidences of users’ activities on Ceph file system on Linux Ubuntu 12.4 operating system and discuss the forensics relevance and importance of detected evidences. This research follows a well-known cloud forensics framework in collection, preservation and analysis of CephFS remnants on both client and server sides.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. J. Baldwin, O. M. K. Alhawi, S. Shaughnessy, A. Akinbi, and A. Dehghantanha, Emerging from the cloud: A bibliometric analysis of cloud forensics studies, vol. 70. 2018.

    Google Scholar 

  2. B. Martini and K.-K. R. Choo, “Distributed filesystem forensics: XtreemFS as a case study,” Digit. Investig., vol. 11, no. 4, pp. 295–313, Dec. 2014.

    Google Scholar 

  3. K. Ruan, J. Carthy, T. Kechadi, and I. Baggili, “Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results,” Digit. Investig., vol. 10, no. 1, pp. 34–43, Jun. 2013.

    Google Scholar 

  4. E. Casey, “Cloud computing and digital forensics,” Digit. Investig., vol. 9, no. 2, pp. 69–70, 2012.

    Google Scholar 

  5. F. Daryabar, A. Dehghantanha, N. I. Udzir, N. Fazlida, S. Shamsuddin, and F. Norouzizadeh, “A Survey on Cloud Computing and Digital Forensics,” J. Next Gener. Inf. Technol., vol. 4, no. 6, pp. 62–74, 2013.

    Google Scholar 

  6. J. Dykstra and A. T. Sherman, “Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques,” Digit. Investig., vol. 9, pp. S90–S98, Aug. 2012.

    Google Scholar 

  7. A. Aminnezhad, A. Dehghantanha, M. T. Abdullah, and M. Damshenas, “Cloud Forensics Issues and Opportunities,” Int. J. Inf. Process. Manag, vol. 4, no. 4, 2013.

    Google Scholar 

  8. Y.-Y. Teing, A. Dehghantanha, and K.-K. R. Choo, “CloudMe forensics: A case of big data forensic investigation,” Concurr. Comput., 2017.

    Google Scholar 

  9. Y.-Y. Teing, D. Ali, K. Choo, M. T. Abdullah, and Z. Muda, “Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study,” IEEE Trans. Sustain. Comput., pp. 1–1, 2017.

    Google Scholar 

  10. O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, “Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing,” EURASIP J. Wirel. Commun. Netw., vol. 2016, no. 1, p. 130, May 2016.

    Google Scholar 

  11. Y.-Y. Teing, D. Ali, K.-K. R. Choo, M. Conti, and T. Dargahi, “Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study,” J. Forensics Sci., vol. [In Press], 2016.

    Google Scholar 

  12. “Ceph Homepage - Ceph.” [Online]. Available: https://ceph.com/. [Accessed: 14-Feb-2018].

  13. F. Daryabar, A. Dehghantanha, and K.-K. R. Choo, “Cloud storage forensics: MEGA as a case study,” Aust. J. Forensic Sci., pp. 1–14, Apr. 2016.

    Google Scholar 

  14. F. Daryabar, A. Dehghantanha, B. Eterovic-Soric, and K.-K. R. Choo, “Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices,” Aust. J. Forensic Sci., pp. 1–28, Mar. 2016.

    Google Scholar 

  15. H. Haddadpajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “A Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting,” Futur. Gener. Comput. Syst., 2018.

    Google Scholar 

  16. E. Oriwoh, D. Jazani, G. Epiphaniou, and P. Sant, “Internet of Things Forensics: Challenges and Approaches,” in Proceedings of the 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, 2013, pp. 608–615.

    Google Scholar 

  17. S. Watson and A. Dehghantanha, “Digital forensics: the missing piece of the Internet of Things promise,” Comput. Fraud Secur., vol. 2016, no. 6, pp. 5–8, Jun. 2016.

    Google Scholar 

  18. M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things Security and Forensics: Challenges and Opportunities,” Futur. Gener. Comput. Syst., Jul. 2017.

    Google Scholar 

  19. D. Quick and K.-K. R. Choo, “Impacts of increasing volume of digital forensic data: {A} survey and future research challenges,” Digit. Investig., vol. 11, no. 4, pp. 273–294, Dec. 2014.

    Google Scholar 

  20. S. H. Mohtasebi, A. Dehghantanha, and K.-K. R. Choo, Cloud Storage Forensics: Analysis of Data Remnants on SpiderOak, JustCloud, and pCloud. 2016.

    Google Scholar 

  21. S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, and R. Khayami, “Know Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence,” IEEE Trans. Emerg. Top. Comput., 2017.

    Google Scholar 

  22. A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, “Robust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning,” IEEE Trans. Sustain. Comput., pp. 1–1, 2018.

    Google Scholar 

  23. H. H. Pajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, “Intelligent OS X malware threat detection with code inspection,” J. Comput. Virol. Hacking Tech., 2017.

    Google Scholar 

  24. D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, “A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,” J. Comput. Sci., Nov. 2017.

    Google Scholar 

  25. D. Birk and C. Wegener, “Technical Issues of Forensic Investigations in Cloud Computing Environments,” in 2011 IEEE Sixth International Workshop on Systematic Approaches to Digital Forensic Engineering (SADFE), 2011, pp. 1–10.

    Google Scholar 

  26. Y.-Y. Teing, A. Dehghantanha, K.-K. R. Choo, T. Dargahi, and M. Conti, “Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study,” J. Forensic Sci., vol. 62, no. 3, 2017.

    Google Scholar 

  27. Y.-Y. Teing, A. Dehghantanha, K.-K. R. Choo, and L. T. Yang, “Forensic investigation of P2P cloud storage services and backbone for IoT networks: BitTorrent Sync as a case study,” Comput. Electr. Eng., vol. 22, no. 6, pp. 1–14, 2016.

    Google Scholar 

  28. A. Dehghantanha and T. Dargahi, Residual Cloud Forensics: CloudMe and 360Yunpan as Case Studies. 2016.

    Google Scholar 

  29. M. Shariati, A. Dehghantanha, B. Martini, and K.-K. R. Choo, “Chapter 19 - Ubuntu One investigation: Detecting evidences on client machines,” in The Cloud Security Ecosystem, R. K.-K. R. Choo, Ed. Boston: Syngress, 2015, pp. 429–446.

    Chapter  Google Scholar 

  30. Y.-Y. Teing, D. Ali, K.-K. R. Choo, M. Zaiton, M. T. Abdullah, and W.-C. Chai, “A Closer Look at Syncany Windows and Ubuntu Clients’ Residual Artefacts,” in Proceedings of 9th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage (SpaCCS 2016).

    Google Scholar 

  31. M. Shariati, A. Dehghantanha, and K.-K. R. Choo, “SugarSync forensic analysis,” Aust. J. Forensic Sci., vol. 48, no. 1, pp. 95–117, Apr. 2015.

    Google Scholar 

  32. B. Blakeley, C. Cooney, A. Dehghantanha, and R. Aspin, “Cloud Storage Forensic: hubiC as a Case-Study,” in 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom), 2015, pp. 536–541.

    Google Scholar 

  33. R. B. van Baar, H. M. a van Beek, and E. J. van Eijk, “Digital Forensics as a Service: A game changer,” Digit. Investig., vol. 11, pp. S54–S62, 2014.

    Google Scholar 

  34. T. Dargahi, A. Dehghantanha, and M. Conti, Investigating Storage as a Service Cloud Platform: PCloud as a Case Study. 2016.

    Google Scholar 

  35. M. Petraityte, A. Dehghantanha, and G. Epiphaniou, “A Model for Android and iOS Applications Risk Calculation: CVSS Analysis and Enhancement Using Case-Control Studies,” Springer, Cham, 2018, pp. 219–237.

    Google Scholar 

  36. H. Haughey, G. Epiphaniou, H. Al-Khateeb, and A. Dehghantanha, Adaptive traffic fingerprinting for darknet threat intelligence, vol. 70. 2018.

    Google Scholar 

  37. “NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response.”

    Google Scholar 

  38. B. Martini and K.-K. R. Choo, “An integrated conceptual digital forensic framework for cloud computing,” Digit. Investig., vol. 9, no. 2, pp. 71–80, Nov. 2012.

    Google Scholar 

  39. R. McKemmish, What is forensic computing? Canberra: Australian Institute of Criminology, 1999.

    Google Scholar 

  40. “Intro to Ceph — Ceph Documentation.” [Online]. Available: http://docs.ceph.com/docs/master/start/intro/. [Accessed: 14-Feb-2018].

  41. N. Milosevic, A. Dehghantanha, and K.-K. R. Choo, “Machine learning aided Android malware classification,” Comput. Electr. Eng., vol. 61, 2017.

    Google Scholar 

  42. S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, and R. Khayami, “BoTShark: A Deep Learning Approach for Botnet Traffic Detection,” Springer, Cham, 2018, pp. 137–153.

    Google Scholar 

  43. M. Hopkins and A. Dehghantanha, “Exploit Kits: The production line of the Cybercrime economy?,” in 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec), 2015, pp. 23–27.

    Google Scholar 

  44. J. Baldwin and A. Dehghantanha, Leveraging support vector machine for opcode density based detection of crypto-ransomware, vol. 70. 2018.

    Google Scholar 

  45. M. K. Pandya, S. Homayoun, and A. Dehghantanha, Forensics investigation of openflow-based SDN platforms, vol. 70. 2018.

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ali Dehghantanha .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Nagrabski, K. et al. (2019). Distributed Filesystem Forensics: Ceph as a Case Study. In: Dehghantanha, A., Choo, KK. (eds) Handbook of Big Data and IoT Security. Springer, Cham. https://doi.org/10.1007/978-3-030-10543-3_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-10543-3_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-10542-6

  • Online ISBN: 978-3-030-10543-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics