Presentation is loading. Please wait.

Presentation is loading. Please wait.

University of Colorado at Colorado Springs

Published byElla Stanley Modified over 6 years ago

Similar presentations

Presentation on theme: "University of Colorado at Colorado Springs"— Presentation transcript:

1 University of Colorado at Colorado Springs
College of Engineering and Applied Science Department of Computer Science PhD Oral Exam Presentation Topic: Cloud Forensics By:Haitham Ennajah Fall 2013

2 Outline of the Talk Overview of Digital Forensics
Challenges in Digital Forensics Procedures in Digital Forensics Security Issues in Cloud Computing Challenges in Cloud Forensics Procedures in Cloud Forensics

3 Introduction Cloud computing has become one of the hottest topics which has changed the way of providing IT infrastructure to organizations, promising simplicity and delivering utilities based on virtualization technologies. Cloud Forensics is different than the traditional computer/digital forensics. “Digital Forensics is the application of science to the identification, examination, collection, and analysis of data while preserving the information and maintaining a strict chain of custody for the data” NIST The NIST Definition of Cloud Computing. Cloud forensics is a cross discipline of cloud computing and digital forensics. The quote is not in NIST 2011

4

5 Digital Forensics Digital forensics is a process of analyzing digital data while preserving its integrity to be admissible in the court of law which includes: collection and preservation of seized media at the crime scene, validation, analysis, interpretation, documentation and courtroom presentation of the examination results. Digital evidence is any information of probative value which is stored or transmitted in a digital form, (SWGDE)*. *Scientific Working Group on Digital Evidence (SWGDE), Digital Evidence standards and principles (1999), < > Challenges and difficulties with digital evidence: 1. The quantity of potential evidence 2. Easy contamination

6 Digital Forensics 3. The number of suspects
4. Authenticity and integrity 5. Reliability 6. Completeness 7. Convincement (to Juries) 8. Admissibility Digital Forensics Procedure: Identification. Preservation. Collection.

7 Digital Forensics Digital Forensics Procedure, continue: Examination.
Presentation.

8 Cloud Computing Cloud computing has five essential characteristics as follows: 1. On-demand self-service 2. Broad network access 3. Resource pooling 4. Rapid elasticity 5. Measured service Four deployment models are defined in cloud computing as follows: 1. Public 2. Private 3. Community 4. Hybrid

9 Cloud Computing Security Issues in Cloud Computing:
-The loss of governance -Lock-in -Data Protection -Insecure or incomplete data deletion Security is one of the main issues and in a case of security breach, the major concern is the safety of the stored data. This particular concern can be addressed in the following: 1. Service Level Agreement (SLA) 2. Multi-Location Issues

10 Cloud Forensics Cloud forensics can be defined as the application of digital forensics in cloud computing. The cloud computing benefits are the reasons that are making forensic community concerned. The scalability of the cloud means at one point, data from different sources can occupy the same sectors within the storage media which creates a dilemma during e-discovery, while a company is being investigated; the investigator unknowingly acquires residual data from another company. In some cases, cloud computing could be able to assist network forensics investigators in their online investigations for cybercrimes. Criminals may abuse professional anonymous communication systems such as (Tor and Anonymizer) which were originally designed for protecting network users form identity theft and profiling. Thisis re

11 Cloud Forensics Technical Challenges and Impact of Cloud Forensics:
- Potential loss of data during an image process for different reasons, such as shut down virtualized server, can cause parallel or unrelated services to be interrupted. - Lack of access to network routers, load balancers and other networking components - Challenges in accessibility of logs and in log analysis of cloud applications - Consolidation and consistency of logs - Malicious insider - Data deletion

12 Cloud Forensics Cloud forensics can be expanded in three dimension: Technical, Organizational, and Legal. Technical Dimension: The technical dimension encompasses the procedures and tools that are needed to perform the forensic process in a cloud computing environment. Some of these processes are: - Forensic data collection. - Elastic, static and live forensics. - Evidence segregation. - Investigations in virtualized environments. - Pro-active preparations.

13 Cloud Forensics The technical dimension encompasses some challenges one might face during an investigation: - Discovery of Computational Structure. - Attribution of Data. - Semantic Integrity. - Stability of Evidence. - Presentation and Visualization of Evidence. - Cross-Jurisdictional Aspects.

14 Cloud Forensics Cloud Forensics Tools: - E-Discovery by Access Data.
- E-Discovery by Encase. - Another useful tool is OWADE, (Offline Windows Analysis and Data Extraction). It is an open source cloud forensics tool developed by a Stanford University team, provided and launched at the BlackHat security conference. ( windows-analysis-and-data.html)

15 Cloud Forensics Organizational Dimension: Forensic investigation in the cloud computing environment involves the consumer, the cloud provider, and sometimes the third party. An organizational structure is needed in order to carry out cloud forensics activities efficiently and effectively. Cloud Organizational Structure; Each cloud organization is required to define a structure of internal staffing, provider-consumer collaboration, and external assistance satisfying the following roles: - Investigators. - IT Professionals. - Incident Handlers. - Legal Advisors. - External Assistance. De-emphasize this. We are engineering.

16 Cloud Forensics Chain of Dependencies:
Cloud providers and most cloud applications often have dependencies on other cloud providers therefore, an investigation may depend on one of the links in the chain, and level of complexity of the dependencies. Essential communications and collaborations through this chain need to be facilitated by organizational policies and SLAs.

17 Cloud Forensics Opportunities and Challenges in Forensics for Different Models: - Infrastructure as a Service (IaaS). - Platform as a Service (PaaS). - Service as a Service (SaaS). Mobile Cloud Forensics: A research (2011, Zhu) showed that current forensic tools and methodologies when used on some smartphones, could not extract data from cloud storage based applications such as Dropbox, and also have difficulties extracting cloud based s such as G-mail. Cloud based s can only be extracted if the phone is jail-broken or has a root access right. However, the cloud service provider would be able to collect the s, but the integrity of the data would not be 100%

18 Cloud Forensics Legal Dimension: Traditional digital forensic professionals identify multi- jurisdictional and multi-tenancy challenges as the top legal concerns. SLAs define the terms of use between a CSP and its customers. The following terms regarding forensic investigations should be included in SLAs: - The services provided, techniques supported and access granted by the CSP to customers during forensic investigations. - Trust boundaries, roles and responsibilities between the CSP and customers regarding forensic investigations. - The process for conducting investigations in multi-jurisdictional environments without violating the applicable laws, regulations, and customer confidentiality and privacy policies.

19 Cloud Forensics Opportunities: Despite the many challenges facing cloud forensics, there are several opportunities that can be leveraged to advance forensic investigations: - Cost Effectiveness. - Data Abundance. - Overall Robustness. - Scalability and Flexibility. - Policies and Standards. - Forensics as a Service.

20 Conclusion Opportunities and Challenges of cloud forensics were discussed in order to overcome the difficulties in the forensics investigation procedures in cloud computing, the following steps are recommended by this report: 1. Reconstructing the guidelines for cloud forensics as well as revising regulations and laws regarding the digital forensics in cloud computing 2. The development of Forensics as a Service in cloud computing (by cloud developers) in order to employ fast and reliable procedures for investigations. 3. Revising the Service Level Agreement in a committee including a representative of consumers, cloud providers, digital forensics experts, and legal advisers. SLA should be provided in a way that assists digital forensic investigators while there is no breach of privacy or regulation 4. Attempts should be made to regulate internationally the use of cloud computing services therefore; the forensic investigators have no limitation in different jurisdictions (towards harmonization). Further more, research must be conducted in order to develop new cloud-based forensic tools to effectively and efficiently facilitate the forensic investigations.

Download ppt "University of Colorado at Colorado Springs"

Similar presentations

Prepared for [xxxx] – Commercial in Confidence connect transform protect A Cloudy Cyberspace? Tony Roadknight – Technical Architect.

Prepared for [xxxx] – Commercial in Confidence connect transform protect A Cloudy Cyberspace? Tony Roadknight – Technical Architect.
TechFire Conference Cloud Made Simple - Dispelling the Hype. Brian Larkin Operations Director Digital Planet Brian Larkin Operations Director Digital Planet.

TechFire Conference Cloud Made Simple - Dispelling the Hype. Brian Larkin Operations Director Digital Planet Brian Larkin Operations Director Digital Planet.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Presented by: Rajdeep Biswas Roll No.: 0104IT071082; Branch: IT (VII Sem.) R.K.D.F. Institute of Science & Technology Cloud Computing When Outsourcing.

Presented by: Rajdeep Biswas Roll No.: 0104IT071082; Branch: IT (VII Sem.) R.K.D.F. Institute of Science & Technology Cloud Computing When Outsourcing.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.

Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Discussion on LI for Mobile Clouds

Discussion on LI for Mobile Clouds
Plan Introduction What is Cloud Computing?

Plan Introduction What is Cloud Computing?
PLUG IT IN 4 Cloud Computing. 1.Introduction 2.What Is Cloud Computing? 3.Different Types of Clouds 4.Cloud Computing Services 5.The Benefits of Cloud.

PLUG IT IN 4 Cloud Computing. 1.Introduction 2.What Is Cloud Computing? 3.Different Types of Clouds 4.Cloud Computing Services 5.The Benefits of Cloud.
CLOUD COMPUTING & COST MANAGEMENT S. Gurubalasubramaniyan, MSc IT, MTech Presented by.

CLOUD COMPUTING & COST MANAGEMENT S. Gurubalasubramaniyan, MSc IT, MTech Presented by.
Introduction to Cloud Computing

Introduction to Cloud Computing
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
3 Cloud Computing.

3 Cloud Computing.
Technology Guide Three Cloud Computing. Plug IT In OUTLINE TG 3.1 Introduction TG 3.2 What Is Cloud Computing? TG 3.3 Different Types of Clouds TG 3.4.

Technology Guide Three Cloud Computing. Plug IT In OUTLINE TG 3.1 Introduction TG 3.2 What Is Cloud Computing? TG 3.3 Different Types of Clouds TG 3.4.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

Similar presentations

Ads by Google