Distributed Filesystem Forensics: Ceph as a Case Study

Krzysztof Nagrabski; Michael Hopkins; Milda Petraityte; Ali Dehghantanha; Reza M. Parizi; Gregory Epiphaniou; Mohammad Hammoudeh

doi:10.1007/978-3-030-10543-3_6

Distributed Filesystem Forensics: Ceph as a Case Study

Krzysztof Nagrabski
, Michael Hopkins
, Milda Petraityte
, Ali Dehghantanha^*
, Reza M. Parizi
, Gregory Epiphaniou
, Mohammad Hammoudeh

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

3 Scopus citations

Abstract

Cloud computing is becoming increasingly popular mainly because it offers more affordable technology and software solutions to start-ups and small and medium enterprises (SMEs). Depending on the business requirements there are various Cloud solution providers and services, yet because of this it becomes increasingly difficult for a digital investigator to collect and analyse all the relevant data when there is a need. Due to the complexity and increasing amounts of data, forensic investigation of Cloud is turning into a very complex and laborious endeavour. Ceph is a filesystem that provides a very high availability and data self-healing features, which ensure that data is always accessible without getting damaged or lost. Because of such features, Ceph is becoming a favourite file system for many cloud service providers. Hence, understanding the remnants of malicious users activities is become a priority in Ceph file system. In this paper, we are presenting residual evidences of users’ activities on Ceph file system on Linux Ubuntu 12.4 operating system and discuss the forensics relevance and importance of detected evidences. This research follows a well-known cloud forensics framework in collection, preservation and analysis of CephFS remnants on both client and server sides.

Original language	English
Title of host publication	Handbook of Big Data and IoT Security
Publisher	Springer International Publishing
Pages	129-151
Number of pages	23
ISBN (Electronic)	9783030105433
ISBN (Print)	9783030105426
DOIs	https://doi.org/10.1007/978-3-030-10543-3_6
State	Published - 1 Jan 2019
Externally published	Yes

Bibliographical note

Publisher Copyright:
© Springer Nature Switzerland AG 2019.

Keywords

Ceph
Cloud forensics
Cloud storage
Data analysis
Investigative framework
Metadata

ASJC Scopus subject areas

General Computer Science

Access to Document

10.1007/978-3-030-10543-3_6

Cite this

@inbook{c21da5e74353442797b531128f14f9c9,

title = "Distributed Filesystem Forensics: Ceph as a Case Study",

abstract = "Cloud computing is becoming increasingly popular mainly because it offers more affordable technology and software solutions to start-ups and small and medium enterprises (SMEs). Depending on the business requirements there are various Cloud solution providers and services, yet because of this it becomes increasingly difficult for a digital investigator to collect and analyse all the relevant data when there is a need. Due to the complexity and increasing amounts of data, forensic investigation of Cloud is turning into a very complex and laborious endeavour. Ceph is a filesystem that provides a very high availability and data self-healing features, which ensure that data is always accessible without getting damaged or lost. Because of such features, Ceph is becoming a favourite file system for many cloud service providers. Hence, understanding the remnants of malicious users activities is become a priority in Ceph file system. In this paper, we are presenting residual evidences of users{\textquoteright} activities on Ceph file system on Linux Ubuntu 12.4 operating system and discuss the forensics relevance and importance of detected evidences. This research follows a well-known cloud forensics framework in collection, preservation and analysis of CephFS remnants on both client and server sides.",

keywords = "Ceph, Cloud forensics, Cloud storage, Data analysis, Investigative framework, Metadata",

author = "Krzysztof Nagrabski and Michael Hopkins and Milda Petraityte and Ali Dehghantanha and Parizi, \{Reza M.\} and Gregory Epiphaniou and Mohammad Hammoudeh",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.",

year = "2019",

month = jan,

day = "1",

doi = "10.1007/978-3-030-10543-3\_6",

language = "English",

isbn = "9783030105426",

pages = "129--151",

booktitle = "Handbook of Big Data and IoT Security",

publisher = "Springer International Publishing",

}

TY - CHAP

T1 - Distributed Filesystem Forensics

T2 - Ceph as a Case Study

AU - Nagrabski, Krzysztof

AU - Hopkins, Michael

AU - Petraityte, Milda

AU - Dehghantanha, Ali

AU - Parizi, Reza M.

AU - Epiphaniou, Gregory

AU - Hammoudeh, Mohammad

N1 - Publisher Copyright: © Springer Nature Switzerland AG 2019.

PY - 2019/1/1

Y1 - 2019/1/1

N2 - Cloud computing is becoming increasingly popular mainly because it offers more affordable technology and software solutions to start-ups and small and medium enterprises (SMEs). Depending on the business requirements there are various Cloud solution providers and services, yet because of this it becomes increasingly difficult for a digital investigator to collect and analyse all the relevant data when there is a need. Due to the complexity and increasing amounts of data, forensic investigation of Cloud is turning into a very complex and laborious endeavour. Ceph is a filesystem that provides a very high availability and data self-healing features, which ensure that data is always accessible without getting damaged or lost. Because of such features, Ceph is becoming a favourite file system for many cloud service providers. Hence, understanding the remnants of malicious users activities is become a priority in Ceph file system. In this paper, we are presenting residual evidences of users’ activities on Ceph file system on Linux Ubuntu 12.4 operating system and discuss the forensics relevance and importance of detected evidences. This research follows a well-known cloud forensics framework in collection, preservation and analysis of CephFS remnants on both client and server sides.

AB - Cloud computing is becoming increasingly popular mainly because it offers more affordable technology and software solutions to start-ups and small and medium enterprises (SMEs). Depending on the business requirements there are various Cloud solution providers and services, yet because of this it becomes increasingly difficult for a digital investigator to collect and analyse all the relevant data when there is a need. Due to the complexity and increasing amounts of data, forensic investigation of Cloud is turning into a very complex and laborious endeavour. Ceph is a filesystem that provides a very high availability and data self-healing features, which ensure that data is always accessible without getting damaged or lost. Because of such features, Ceph is becoming a favourite file system for many cloud service providers. Hence, understanding the remnants of malicious users activities is become a priority in Ceph file system. In this paper, we are presenting residual evidences of users’ activities on Ceph file system on Linux Ubuntu 12.4 operating system and discuss the forensics relevance and importance of detected evidences. This research follows a well-known cloud forensics framework in collection, preservation and analysis of CephFS remnants on both client and server sides.

KW - Ceph

KW - Cloud forensics

KW - Cloud storage

KW - Data analysis

KW - Investigative framework

KW - Metadata

UR - https://www.scopus.com/pages/publications/105012052056

U2 - 10.1007/978-3-030-10543-3_6

DO - 10.1007/978-3-030-10543-3_6

M3 - Chapter

AN - SCOPUS:105012052056

SN - 9783030105426

SP - 129

EP - 151

BT - Handbook of Big Data and IoT Security

PB - Springer International Publishing

ER -

Distributed Filesystem Forensics: Ceph as a Case Study

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this