Cloud forensics and incident response platform
Abstract
A system, method, and device for cloud forensics and incident response is provided. In an embodiment, a computer-implemented method for performing cloud forensics and incident response includes intercepting, by a cloud incident response module (CIRM), communication between a virtual machine (VM) and a hypervisor. The method also includes extracting, by the CIRM, data from the communication between the VM and the hypervisor according to a forensic policy. Intercepting and extracting the data are transparent to the VM and to the hypervisor. Intercepting and extracting the data are independent of the VM and the hypervisor.
- Inventors:
- Issue Date:
- Research Org.:
- Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)
- Sponsoring Org.:
- USDOE National Nuclear Security Administration (NNSA)
- OSTI Identifier:
- 1840421
- Patent Number(s):
- 11113388
- Application Number:
- 16/051,005
- Assignee:
- National Technology & Engineering Solutions of Sandia, LLC (Albuquerque, NM)
- Patent Classifications (CPCs):
-
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
- DOE Contract Number:
- NA0003525
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 07/31/2018
- Country of Publication:
- United States
- Language:
- English
Citation Formats
Urias, Vincent, Loverro, Caleb, and Stout, William M.S. Cloud forensics and incident response platform. United States: N. p., 2021.
Web.
Urias, Vincent, Loverro, Caleb, & Stout, William M.S. Cloud forensics and incident response platform. United States.
Urias, Vincent, Loverro, Caleb, and Stout, William M.S. Tue .
"Cloud forensics and incident response platform". United States. https://www.osti.gov/servlets/purl/1840421.
@article{osti_1840421,
title = {Cloud forensics and incident response platform},
author = {Urias, Vincent and Loverro, Caleb and Stout, William M.S.},
abstractNote = {A system, method, and device for cloud forensics and incident response is provided. In an embodiment, a computer-implemented method for performing cloud forensics and incident response includes intercepting, by a cloud incident response module (CIRM), communication between a virtual machine (VM) and a hypervisor. The method also includes extracting, by the CIRM, data from the communication between the VM and the hypervisor according to a forensic policy. Intercepting and extracting the data are transparent to the VM and to the hypervisor. Intercepting and extracting the data are independent of the VM and the hypervisor.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2021},
month = {9}
}
Save to My Library
You must Sign In or Create an Account in order to save documents to your library.
Works referenced in this record:
Cloud Forensics: A Review of Challenges, Solutions and Open Problems
conference, April 2015
- Alqahtany, Saad; Clarke, Nathan; Furnell, Steven
- 2015 International Conference on Cloud Computing (ICCC)
Overview of the Forensic Investigation of Cloud Services
conference, August 2015
- Farina, Jason; Scanlon, Mark; Le-Khac, Nhien-An
- 2015 10th International Conference on Availability, Reliability and Security
Challenges of Data Provenance for Cloud Forensic Investigations
conference, August 2015
- Katilu, Victoria M.; Franqueira, Virginia N. L.; Angelopoulou, Olga
- 2015 10th International Conference on Availability, Reliability and Security
A survey of information security incident handling in the cloud
journal, March 2015
- Ab Rahman, Nurul Hidayah; Choo, Kim-Kwang Raymond
- Computers & Security, Vol. 49
Hypervisor-Hosted Virtual Machine Forensics
patent-application, February 2016
- Cochran, Jerry
- US Patent Application 14/806605; 20160034295
Logging framework for cloud computing forensic environments
conference, May 2014
- Patrascu, Alecsandru; Patriciu, Victor-Valeriu
- 2014 10th International Conference on Communications (COMM)
Health Monitoring of Applications in a Guest Partition
patent-application, July 2014
- Eck, Christopher; Reuther, Lars; Dave, Rajesh
- US Patent Application 14/223196; 20140208166
Virtual Machines
patent-application, September 2014
- Harrison, Keith
- US Patent Application 13/850991; 20140259169
Beyond digital forensics. A cloud computing perspective over incident response and reporting
conference, May 2013
- Patrascu, Alecsandru; Patriciu, Victor-Valeriu
- 2013 IEEE 8th International Symposium on Applied Computational Intelligence and Informatics (SACI)
Cloud Forensics-A Framework for Investigating Cyber Attacks in Cloud Environment
journal, January 2016
- Manoj, Sheik Khadar Ahmad; Bhaskari, D. Lalitha
- Procedia Computer Science, Vol. 85
Virtual Machine Supervision
patent-application, December 2013
- Rasmusson, Lars
- US Patent Application 13/981646; 20130346977
Cloud forensics: Technical challenges, solutions and comparative analysis
journal, June 2015
- Pichan, Ameer; Lazarescu, Mihai; Soh, Sie Teng
- Digital Investigation, Vol. 13
Virtual Machine Trigger
patent-application, October 2012
- Fahrig, Thomas
- US Patent Application 13/090739; 20120272015
Cloud forensics–Tool development studies & future outlook
journal, September 2016
- Roussev, Vassil; Ahmed, Irfan; Barreto, Andres
- Digital Investigation, Vol. 18
Host-based firewall for distributed computer systems
patent, November 2018
- Brandwine, Eric Jason; Fitzgerald, Robert Eric; Lucas, Alexander Robin Gordon
- US Patent Document 10,142,290
Digital Forensic Acquisition Kit and Methods of Use Thereof
patent-application, August 2011
- Coulter, Chris
- US Patent Application 13/019796; 20110191533