slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Topics PowerPoint Presentation
Download Presentation
Topics

Loading in 2 Seconds...

play fullscreen
1 / 14
tova

Topics - PowerPoint PPT Presentation

129 Views
Download Presentation
Topics
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Virtualising Computer ForensicsDr. JianmingCai(j.cai@londonmet.ac.uk)Mr. AyoolaAfonja (AYA0230@londonmet.ac.uk)Faculty of ComputingLondon Metropolitan University

  2. Topics • Problems with Teaching Computer Forensics • Introduction to Virtualisation Technology • Moving towards the Virtual Environment • A Case Study • Summary

  3. Problems with Teaching Computer Forensics • Digital evidence from different hard/software platforms • University labs normally equipped with PCs and Ms Windows O.S. • Specialised Computer Forensic Labs needed • What kind of labs we can afford?

  4. Introduction to Virtualisation Technology • Virtualisation - the current trend reshaping the software technology industry • Multiple Virtual Machines (VMs) run concurrently on a physical machine. • Supported by the powerful processors and very large storages • VMware –the leading software, 100% Fortune companies deployed its software

  5. The VM Layer Structure

  6. Moving towards the Virtual Environment • The desktop VMware installed on each PC • Both virtual Windows XP and virtual Linux then installed on top of this VMware layer • Students have admin access to each virtual machine. • Both Windows-based and Linux-based Computer Forensics toolkits are running concurrently.

  7. The Virtual Windows XP Running EnCase

  8. The Virtual Linux Running Autopsy

  9. A Case Study • A network incident investigation • Evidence collected from Linux O.S. • Not intended to show Network Forensics techniques • Rather to demonstrate the viability of Forensic Analysis based on VMs

  10. Snort HTTP Packet Inspection Results

  11. Nmap Attack Identification

  12. Inspecting Grouped Snort Log

  13. Summary • Teaching Computer Forensics is not only demanding but also expensive. • The Virtual Environment is one of the low cost and efficient solutions. • Its full benefit is being exploited as the Virtualisation Technology advances. • Are we prepared for the Virtualisation era?

  14. Reference [1] Virtualize Your Business Infrastructure, http://www.vmware.com/, viewed on 10/11/2009 [2] http://www.vmware.com/technology/virtualisation.html viewed on 27/10/09 [3] http://en.wikipedia.org/wiki/Computer_forensics , viewed on 05/05/2009 [4] http://www.guidancesoftware.com/, viewed on 10/11/2009 [5] http://www.sleuthkit.org/autopsy/, viewed on 10/11/2009 [6] Keith J. Jones et al (2006), Real Digital Forensics Computer Security and Incident response, Addison-Wesley, USA. [7] http://www.remote-exploit.org/backtrack.html, viewed on 10/11/2009 [8] Dan Farmer and Wietse Venema (2005) Forensic Discovery, Addison-Wesley, ISBN 0-201-63497-X [9] Intrusion Detection Level Analysis of Nmap and Queso, http://www.securityfocus.com/infocus/1225, viewed on 28-08-09 [10] http://en.wikipedia.org/wiki/Nikto_Web_Scanner, viewed on 10/11/2009