| DHITAL NEETI | M, 2回目発表 | サイバーレジリエンス構成学 | 門林 雄基 | 林 優一 | 妙中 雄三 |
|
title: Forensic Evidence Loss in Ephemeral Cloud Workloads: A Vendor-Neutral Analysis and a Minimal Forensic Readiness Pattern
abstract: Ephemeral cloud workloads such as short-lived or preemptible virtual machines terminate abruptly and erase all volatile state, including processes, sockets, in-memory activity, and short-duration connections. Cloud-native logs and sampled flow metadata provide only partial visibility and cannot reconstruct these transient behaviours after termination. This study empirically evaluates which forensic artefacts remain available after abrupt shutdown and identifies the critical evidence that is permanently lost. Based on these findings, the work proposes a Minimal Forensic Readiness Pattern (MFRP), a lightweight, tenant-side volatile capture method that preserves process state, network connections, and kernel messages before termination. An Evidence Completeness Model (ECM) is introduced to compare logs, flows, and volatile capture. Results show that MFRP significantly improves evidence completeness and is applicable across AWS, Azure, and GCP due to shared ephemeral compute characteristics. language of the presentation: English | |||||