Cloud data online evidence obtaining system and method

Abstract

The invention discloses a cloud data online evidence obtaining system and method. According to the scheme, the system is composed of a cloud evidence obtaining analysis system, an evidence storage data cloud, an evidence calling interface and an evidence storage interface in a matched mode. The cloud forensic analysis system is used for acquiring a dynamic evidence obtaining analysis demand and calling cloud data required by evidence obtaining analysis from a corresponding cloud service provider through the evidence calling interface according to the evidence obtaining analysis demand; the evidence storage data cloud receives and stores the cloud data returned by the cloud service provider through the evidence storage interface; and the cloud evidence obtaining analysis system obtains thecloud data returned by the cloud service provider from the evidence storage data cloud and carries out evidence obtaining analysis on the cloud data to form data evidence. According to the scheme, byconstructing the cloud platform capable of carrying out online evidence obtaining, whole-course online evidence obtaining of the cloud data is achieved, the difficulty of cloud data evidence obtainingis greatly reduced, and the problems that data fixing is difficult, evidence extraction is difficult and event reappearing is difficult in the whole conventional cloud evidence obtaining process areeffectively solved.

Description

technical field [0001] The invention relates to data forensics technology, in particular to cloud data forensics technology. Background technique [0002] With the popularity of cloud computing, more and more websites and APP backends are set up on public clouds. Database and log data are also stored in the cloud, and cloud data has become a very important source of clues and evidence, which is of great significance in the process of case investigation. Compared with traditional forensics, the forensics of data on the cloud is more difficult. The public cloud platform has a large server scale, a large amount of data to be forensic, a complex network environment, and a wide range of data distribution. There are many machines involved, and it is difficult to seize. Both the data and the difficulty of analyzing the data are enormous. [0003] The traditional method of obtaining evidence for computers, mobile phones and other equipment is relatively straightforward. The equipm...

AI Technical Summary

Problems solved by technology

[0009] (1) Long investigation time: Large-scale case incidents may involve hundreds of servers, and the way of offline investigation to cloud service providers requires copying a large amount of data , it takes a long time

[0010](2) High cost of simulation: It is necessary to purchase servers in advance and build a cloud environment for simulation, and cannot apply for and use resources on demand. The simulation here is mainly to load virtual machine image, and restore the operating system, applications, websites, etc.

[0011](3) The simulation operation is complicated: loading and configuring a large number of virtual machine images involved in the case, and analyzing and configuring the network connection relationship, the operation is complicated and difficult

[0012](4) Poor analysis collaboration: the cloud environment built in one location and simulated analysis is difficult to support remote analysis, and a secure access environment needs to be built, which is relatively complicated

Images