Development of a Digital Forensic System for Preserving Digital Evidence by Using Virtual Machine Monitors and Distributed Parallel Processing Frameworks
| Project/Area Number |
26330168
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Multi-year Fund |
|---|
| Section | 一般 |
|---|
| Research Field |
Information security
|
|---|
| Research Institution | National Institute of Technology, Toyota College |
|---|
Principal Investigator |
Hirano Manabu 豊田工業高等専門学校, 情報工学科, 准教授 (50390464)
|
|---|
| Research Collaborator |
CHADWICK David
|
|---|
| Project Period (FY) |
2014-04-01 – 2017-03-31
|
| Project Status |
Completed (Fiscal Year 2016)
|
| Budget Amount *help |
¥4,030,000 (Direct Cost: ¥3,100,000、Indirect Cost: ¥930,000)
Fiscal Year 2016: ¥650,000 (Direct Cost: ¥500,000、Indirect Cost: ¥150,000)
Fiscal Year 2015: ¥2,600,000 (Direct Cost: ¥2,000,000、Indirect Cost: ¥600,000)
Fiscal Year 2014: ¥780,000 (Direct Cost: ¥600,000、Indirect Cost: ¥180,000)
|
|---|
| Keywords | ディジタル・フォレンジック / 証拠保全 / インシデント・レスポンス / 仮想計算機モニタ / 分散並列処理 / サイバー攻撃 / 監視 / フォレンジック / ブロックストレージ / コンピュータ犯罪捜査 / セキュリティ / クラウドコンピューティング / ディスク / 仮想化 / ハイパーバイザ / ブロックデバイス / インシデントレスポンス / サイバー犯罪 / デジタルフォレンジック / デバイスドライバ |
|---|
| Outline of Final Research Achievements |
Computer systems that process confidential information or control critical infrastructures are potentially vulnerable to cyber attacks. The project's goal is to develop a digital forensic system that achieves the following functions: (1) preserving all input and output on storage devices, (2) analyzing the preserved data by using distributed parallel processing, and (3) restoring the monitored storage device at an arbitrary point in time for providing law-enforcement agencies with evidence. The key outcomes are the follows: (1) surveillance and analysis system for Infrastructure-as-a-Service cloud environments by using Xen hypervisor and a Hadoop cluster and (2) surveillance and analysis system by using BitVisor and a Hadoop cluster. These systems achieves high-throughput on preserving input and output on storage devices. Furthermore, the system also accomplished high-throughput for finding known-good and known-bad files by using distributed sector-based hash algorithms.
|
Report
(4 results)
Research Products
(13 results)
