1 / 20

Cloud Forensics Haitham Ennajah PhD Oral Exam Presentation

Cloud Forensics Haitham Ennajah PhD Oral Exam Presentation. Outline of the Talk. Overview of Digital Forensics Challenges and Procedures in Digital Forensics Challenges and Difficulties in Cloud Forensics Techniques and Tools for Cloud Forensics

tamekag
Download Presentation

Cloud Forensics Haitham Ennajah PhD Oral Exam Presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cloud Forensics HaithamEnnajah PhD Oral Exam Presentation

  2. Outline of the Talk • Overview of Digital Forensics • Challenges and Procedures in Digital Forensics • Challenges and Difficulties in Cloud Forensics • Techniques and Tools for Cloud Forensics • Potential Research Topics in Cloud Forensics Cloud Forensics/Haitham Ennajah

  3. Motivation • Cloud computing changes IT infrastructure and promises simplicity, scalability, and cost reduction. • Wide spread use of SaaS, PaaS, and IaaS Crimes and abuses increase in cloud. • To prosecute crimes in cloud, requires preserving the evidences properly. Cloud Forensics/Haitham Ennajah

  4. Digital Forensics • Forensic science: the application of science to the law • Digital forensics, also known as computer and network forensics • “Digital Forensics is the application of science to the identification, examination, collection, and analysis of data while preserving the information and maintaining a strict chain of custody for the data.”NIST 2006 –Guide to Integrating Forensic Techniques into Incident Response, Special Publication 800-86 Cloud Forensics/Haitham Ennajah

  5. Traditional Computer Forensics • Deal with acquiring evidences from a PC, laptop, handheld device. • A process of analyzing digital data while preserving its integrity to be admissible in the court of law. • Collection and preservation of seized media at the crime scene • Validation, analysis, interpretation, documentation and courtroom presentation of the examination results. Cloud Forensics/Haitham Ennajah

  6. Challenges with Digital Evidences • Digital evidence is any information of probative value which is stored or transmitted in a digital form, [SWGDE99] • Its challenges: • The quantity of potential evidence • Easy contamination • The number of suspects • Authenticity and integrity • Reliability • Completeness • Convincement (to Juries) • Admissibility Cloud Forensics/Haitham Ennajah

  7. Digital Forensics Procedure Citation Cloud Forensics/Haitham Ennajah

  8. Cloud Forensics (CF) • Across discipline of cloud computing and digital forensics Cloud Forensics/Haitham Ennajah

  9. Security Issues in Cloud Computing • The loss of governance • Lock-in • Data Protection • Insecure or incomplete data deletion Cloud Forensics/Haitham Ennajah

  10. Ensure Cloud Security • Service Level Agreement (SLA) • Multi-Location Issues? <expand this> Cloud Forensics/Haitham Ennajah

  11. Cloud Forensics Challenges • E-discovery dilemma: How to protect co-located data? • Data from different sources can occupy the same sections within the storage media • Criminals use anonymous communication system such as Tor and Anonymizer • Which are originally designed for protecting network users from identity theft and profiling. Cloud Forensics/Haitham Ennajah

  12. Hacking Tor/Anonymizer • <Include diagram of these two systems and provide brief discussion how to hack Tor/Anonymizer to discover the real identity of the criminals> Cloud Forensics/Haitham Ennajah

  13. Technical Challenges in CF • Potential loss of data during an image process for different reasons • such as shut down virtualized server, • cause parallel or unrelated services to be interrupted. • Lack of access to network routers, load balancers and other networking components • Challenges in accessibility of logs and in log analysis of cloud applications • Consolidation and consistency of logs • Malicious insider • Data deletion Cloud Forensics/Haitham Ennajah

  14. Technical Dimension of CF • Encompasses the procedures and tools that are needed to perform the forensic process in cloud • Forensic data collection. • Elastic, static and live forensics. • Evidence segregation. • Investigations in virtualized environments. • Pro-active preparations. Cloud Forensics/Haitham Ennajah

  15. Challenges during Investigation • Discovery of Computational Structure. • Attribution of Data. • Semantic Integrity. • Stability of Evidence. • Presentation and Visualization of Evidence. • Cross-Jurisdictional Aspects. Cloud Forensics/Haitham Ennajah

  16. Tools for Cloud Forensics • E-Discovery by Access Data. • E-Discovery by Encase. • OWADE - Offline Windows Analysis and Data Extraction from Stanford • <Compare/Evaluate their features in table form> Cloud Forensics/Haitham Ennajah

  17. Chain of Dependencies • Cloud providers and most cloud applications often have dependencies on other cloud providers • Investigation may depend on one of the links in the chain, and level of complexity of the dependencies • Facilitate communication/collaboration by organization policies and SLAs Cloud Forensics/Haitham Ennajah

  18. Mobile Cloud Forensics [Zhu 2011] • Current forensic tools and methodologies when used on some smartphones, • could not extract data from cloud storage based applications such as Dropbox • have difficulties extracting cloud based emails such as G-mail. • Cloud based emails can only be extracted if the phone is jail-broken or has a root access right. • Cloud service provider can collect the emails, but the integrity of the data would not be 100% Cloud Forensics/Haitham Ennajah

  19. CF Opportunities • Cost Effectiveness. • Data Abundance. • Overall Robustness. • Scalability and Flexibility. • Policies and Standards. • Forensics as a Service Cloud Forensics/Haitham Ennajah

  20. Proposed Research Directions • List things you propose to do. Ask for feedbacks. Cloud Forensics/Haitham Ennajah

More Related