Presentation is loading. Please wait.

Presentation is loading. Please wait.

PhD Oral Exam Presentation

Published byEthan Henderson Modified over 6 years ago

Similar presentations

Presentation on theme: "PhD Oral Exam Presentation"— Presentation transcript:

1 PhD Oral Exam Presentation
4/17/2018 5:18 PM Cloud Forensics Haitham Ennajah PhD Oral Exam Presentation

2 Cloud Forensics/Haitham Ennajah
Outline of the Talk Overview of Digital Forensics Challenges and Procedures in Digital Forensics Challenges and Difficulties in Cloud Forensics Techniques and Tools for Cloud Forensics Potential Research Topics in Cloud Forensics 12/19/2013 Cloud Forensics/Haitham Ennajah

3 Cloud Forensics/Haitham Ennajah
4/17/2018 5:18 PM Motivation Cloud computing changes IT infrastructure and promises simplicity, scalability, and cost reduction. Wide spread use of SaaS, PaaS, and IaaS  Crimes and abuses increase in cloud. To prosecute crimes in cloud, requires preserving the evidences properly. 12/19/2013 Cloud Forensics/Haitham Ennajah

4 Cloud Forensics/Haitham Ennajah
Digital Forensics Forensic science: the application of science to the law Digital forensics, also known as computer and network forensics “Digital Forensics is the application of science to the identification, examination, collection, and analysis of data while preserving the information and maintaining a strict chain of custody for the data.” NIST 2006 –Guide to Integrating Forensic Techniques into Incident Response, Special Publication   12/19/2013 Cloud Forensics/Haitham Ennajah

5 Traditional Computer Forensics
Deal with acquiring evidences from a PC, laptop, handheld device. A process of analyzing digital data while preserving its integrity to be admissible in the court of law. Collection and preservation of seized media at the crime scene Validation, analysis, interpretation, documentation and courtroom presentation of the examination results. 12/19/2013 Cloud Forensics/Haitham Ennajah

6 Challenges with Digital Evidences
Digital evidence is any information of probative value which is stored or transmitted in a digital form, [SWGDE99] Its challenges: The quantity of potential evidence Easy contamination The number of suspects Authenticity and integrity Reliability Completeness Convincement (to Juries) Admissibility 12/19/2013 Cloud Forensics/Haitham Ennajah

7 Digital Forensics Procedure
Citation 12/19/2013 Cloud Forensics/Haitham Ennajah

8 Cloud Forensics/Haitham Ennajah
Cloud Forensics (CF) A cross discipline of cloud computing and digital forensics 12/19/2013 Cloud Forensics/Haitham Ennajah

9 Security Issues in Cloud Computing
The loss of governance Lock-in Data Protection Insecure or incomplete data deletion 12/19/2013 Cloud Forensics/Haitham Ennajah

10 Cloud Forensics/Haitham Ennajah
4/17/2018 5:18 PM Ensure Cloud Security Service Level Agreement (SLA) Multi-Location Issues? <expand this> 12/19/2013 Cloud Forensics/Haitham Ennajah

11 Cloud Forensics Challenges
E-discovery dilemma: How to protect co-located data? Data from different sources can occupy the same sections within the storage media Criminals use anonymous communication system such as Tor and Anonymizer Which are originally designed for protecting network users from identity theft and profiling. 12/19/2013 Cloud Forensics/Haitham Ennajah

12 Hacking Tor/Anonymizer
<Include diagram of these two systems and provide brief discussion how to hack Tor/Anonymizer to discover the real identity of the criminals> 12/19/2013 Cloud Forensics/Haitham Ennajah

13 Technical Challenges in CF
Potential loss of data during an image process for different reasons such as shut down virtualized server, cause parallel or unrelated services to be interrupted. Lack of access to network routers, load balancers and other networking components Challenges in accessibility of logs and in log analysis of cloud applications Consolidation and consistency of logs Malicious insider Data deletion 12/19/2013 Cloud Forensics/Haitham Ennajah

14 Technical Dimension of CF
Encompasses the procedures and tools that are needed to perform the forensic process in cloud Forensic data collection. Elastic, static and live forensics. Evidence segregation. Investigations in virtualized environments. Pro-active preparations. 12/19/2013 Cloud Forensics/Haitham Ennajah

15 Challenges during Investigation
4/17/2018 5:18 PM Challenges during Investigation Discovery of Computational Structure. Attribution of Data. Semantic Integrity. Stability of Evidence. Presentation and Visualization of Evidence. Cross-Jurisdictional Aspects. There are so many challenges in these presentation. Can they be classified more clearly? 12/19/2013 Cloud Forensics/Haitham Ennajah

16 Tools for Cloud Forensics
4/17/2018 5:18 PM Tools for Cloud Forensics E-Discovery by Access Data. E-Discovery by Encase. OWADE - Offline Windows Analysis and Data Extraction from Stanford <Compare/Evaluate their features in table form> 12/19/2013 Cloud Forensics/Haitham Ennajah

17 Cloud Forensics/Haitham Ennajah
Chain of Dependencies Cloud providers and most cloud applications often have dependencies on other cloud providers Investigation may depend on one of the links in the chain, and level of complexity of the dependencies Facilitate communication/collaboration by organization policies and SLAs 12/19/2013 Cloud Forensics/Haitham Ennajah

18 Mobile Cloud Forensics [Zhu 2011]
Current forensic tools and methodologies when used on some smartphones, could not extract data from cloud storage based applications such as Dropbox have difficulties extracting cloud based s such as G-mail. Cloud based s can only be extracted if the phone is jail-broken or has a root access right. Cloud service provider can collect the s, but the integrity of the data would not be 100% 12/19/2013 Cloud Forensics/Haitham Ennajah

19 Cloud Forensics/Haitham Ennajah
CF Opportunities Cost Effectiveness. Data Abundance. Overall Robustness. Scalability and Flexibility. Policies and Standards. Forensics as a Service 12/19/2013 Cloud Forensics/Haitham Ennajah

20 Proposed Research Directions
List things you propose to do. Ask for feedbacks. 12/19/2013 Cloud Forensics/Haitham Ennajah

Download ppt "PhD Oral Exam Presentation"

Similar presentations

Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.

Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.

Supervisor : Mr. Hadi Salimi Advanced Topics in Information Systems Mazandaran University of Science and Technology February 4, 2011 Survey on Cloud Computing.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Chapter 14: Computer and Network Forensics

Chapter 14: Computer and Network Forensics
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Data Acquisition Chao-Hsien Chu, Ph.D.

Data Acquisition Chao-Hsien Chu, Ph.D.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Prepared and presented by Group 5: 1. NGABOYERA Valens 2. TWAGIRAMUNGU Serge 3. KAYIRANGA Augustin 4. BAYINGANA Aimable 5. SAMVURA Jean de Dieu 6. RUKUNDO.

Prepared and presented by Group 5: 1. NGABOYERA Valens 2. TWAGIRAMUNGU Serge 3. KAYIRANGA Augustin 4. BAYINGANA Aimable 5. SAMVURA Jean de Dieu 6. RUKUNDO.
What is FORENSICS? Why do we need Network Forensics?

What is FORENSICS? Why do we need Network Forensics?
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.

Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.

Similar presentations

Ads by Google