CLOUD FORENSICS : AN OVERVIEW. Kumiko Ogawa

Similar documents
Cloud forensics: An overview

Cloud Forensics. Keyun Ruan, Joe Carthy, Tahar Kechadi, Mark Crosbie. To cite this version: HAL Id: hal

Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results

An Integrated Research Analysis of Cloud Forensics for Secured Computing Environment

DIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING

An Efficient Approach to Forensic Investigation in Cloud using VM Snapshots

Exploring Cloud Incidents

Certified Cyber Security Analyst VS-1160

Security and Digital Forensics in Cloud Computing

Survey on Cloud Forensics and Critical Criteria for Cloud Forensic Capability: A Preliminary Analysis

Computer Engineering and Intelligent Systems ISSN (Paper) ISSN (Online) Vol 3, No.2, 2012 Cyber Forensics in Cloud Computing

Cloud forensics: A research perspective

Mitigating Risks with Cloud Computing Dan Reis

Data Security and Privacy Principles IBM Cloud Services

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

Moving to computing are auditors ready for the security challenges? Albert Otete CPA CISA ISACA Uganda Workshop

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

CHAPTER 5 DISCUSSION AND ANALYSIS

Cloud Computing Lectures. Cloud Security

BEYOND CJIS: ENHANCED SECURITY, NOT JUST COMPLIANCE

Available online at ScienceDirect. Procedia Computer Science 85 (2016 )

Information Security Incident Response Plan

Leveraging the Cloud for Law Enforcement. Richard A. Falkenrath, PhD Principal, The Chertoff Group

Caribbean Cyber Security: Not Only Government s Responsibility

Version 1/2018. GDPR Processor Security Controls

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Protecting Against Modern Attacks. Protection Against Modern Attack Vectors

Data Security: Public Contracts and the Cloud

Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Professional Training Course - Cybercrime Investigation Body of Knowledge -

INTERPOL For official use only. Fighting with friends

Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:

Cybersecurity Auditing in an Unsecure World

INFORMATION SECURITY-SECURITY INCIDENT RESPONSE

Information Security Incident Response Plan

Responding to Cybercrime:

716 West Ave Austin, TX USA

THINGS YOU NEED TO KNOW BEFORE DELVING INTO THE WORLD OF DIGITAL EVIDENCE. Roland Bastin Partner Risk Advisory Deloitte

Cloud Technology and the Challenges for Forensics Investigators Alex Roney MATHEW and Jamal Abdullah AL-ZAHLI

Cloud-Security: Show-Stopper or Enabling Technology?

Security+ SY0-501 Study Guide Table of Contents

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

NLETS & CLOUD SECURITY. Bill Phillips, Information Security Officer

Credit Card Data Compromise: Incident Response Plan

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

New Model for Cyber Crime Investigation Procedure

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Startup Genome LLC and its affiliates ( Startup Genome, we or us ) are committed to protecting the privacy of all individuals who ( you ):

White Paper BC/DR in the Cloud Era

Microsoft Azure Integration and Security. Course Code: AZ-101; Duration: 4 days; Instructorled

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Unit code: D/601/1939 QCF Level 5: BTEC Higher National Credit value: 15

SPECIAL ISSUE, PAPER ID: IJDCST-09 ISSN

Computer Forensics US-CERT

Why the cloud matters?

DuncanPowell RESTRUCTURING TURNAROUND FORENSIC

Cellular Site Simulator Usage and Privacy

International Journal of Scientific & Engineering Research, Volume 7, Issue 2, February-2016 ISSN

Reference Architecture for a Cloud Forensic Readiness System. De Marco, Lucia; Ferrucci, Filomena; Kechadi, Tahar.

An Integrated Framework of Multi Software Agent and Cloud Forensics

Cloud Computing. Faculty of Information Systems. Duc.NHM. nhmduc.wordpress.com

GUIDE. Navigating the General Data Protection Regulation Mini Guide

When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.

The Challenge of Cloud Security

How to avoid storms in the cloud. The Australian experience and global trends

SOARING THROUGH THE CLOUDS IT S A BREEZE

Business Technology Briefing: Fear of Flying, And How You Can Overcome It

Computer forensics Aiman Al-Refaei

Study concluded that success rate for penetration from outside threats higher in corporate data centers

Abstract. and infiltrating systems in ways that have not been seen before. Digital forensic

Privacy hacking & Data Theft

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

Towards the design of secure and privacy-oriented Information Systems in the Cloud: Identifying the major concepts

Oracle Data Cloud ( ODC ) Inbound Security Policies

E-guide Getting your CISSP Certification

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control

Cloud Customer Architecture for Securing Workloads on Cloud Services

Financial CISM. Certified Information Security Manager (CISM) Download Full Version :

Managing SaaS risks for cloud customers

ISC2. Exam Questions CISSP. Certified Information Systems Security Professional (CISSP) Version:Demo

Legal Foundation and Enforcement: Promoting Cybersecurity

Cyber Security Technologies

SDR Guide to Complete the SDR

A Framework for Cloud Forensic Readiness in Organizations

Evidence for Accountable Cloud Computing Services

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

CCISO Blueprint v1. EC-Council

Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

SANS Top 20 CIS. Critical Security Control Solution Brief Version 6. SANS Top 20 CIS. EventTracker 8815 Centre Park Drive, Columbia MD 21045

NETWORK FORENSIC ANALYSIS IN THE AGE OF CLOUD COMPUTING.

COMPTIA CLO-001 EXAM QUESTIONS & ANSWERS

Elements of a Swift (and Effective) Response to a HIPAA Security Breach

DATA BREACH NUTS AND BOLTS

Securing Cloud Computing

Protecting your Data in the Cloud. Cyber Security Awareness Month Seminar Series

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

Transcription:

CLOUD FORENSICS : AN OVERVIEW Kumiko Ogawa

What is Cloud Forensics Forensic Science - Application of science to the criminal and civil laws that are enforced by police agencies in a criminal justice system. The application of digital forensic science in cloud computing models

Cloud Crime Target - DoS attack Subject - Unauthorized modification - Deletion of data - identity theft of users Tool - Botnet - Proxy server

Case example Amazon EC2 - Amazon EC2 was compromised and password-stealing trojan had infected client computers. (Dec 2009) (http://news.cnet.com/8301-1009_3-10413951-83.html) Investigation to CSP, Crydon Technology - March 2009 - FBI seized computer servers belonging to a cloud computing service provider for an investigation into VoIP fraud - 50 companies were put out of business Web mail - Search warrant to CSP

Cloud Forensics Traditional approaches to evidence collection and recovery are no longer practical We need to establish the procedure

Ref : Cloud forensics : An overview (Jan 2011) bykeyun Ruan, Prof. Joe Carthy, Prof.Tahar Kechadi, mark Crosbie

Three dimensions of cloud forensics Technical Dimension Organizational Dimension Legal dimension

Technical Dimension Private cloud / Public cloud - Cloud infrastructure is owned by CSP in Public cloud IaaS / PaaS / SaaS - In the SaaS model, the customer does not obtain any control - The customers do not have any chance to analyze potential incidences Technical Challenges of Forensic Investigations in Cloud Computing Environments (Jan 2011) by Dominik Birk

Technical Challenges in Forensic data collection SaaS customers may have little to no access to data required for a forensic investigation. Many CSPs do not provide services or interfaces for the customers to gather forensic data, e.g. IP logs.

Technical Challenges in Elastic, static and live forensics The proliferation of endpoints - e.g. mobile Unification of log - Timestanps - log formats Recovered deleted data - some deleted data might be still present in the snapshot after deletion

Technical Challenge in Evidence segregation Audit logs of shared resources and other forensic data are shared Some resources e.g.cpu are not designed for strong compartmentalization in a multi-tenant architecture Investigation without breaching the confidentiality of other tenants

Technical Challenges in virtualized environments Tools and procedures are yet to be developed for investigations in virtualized environment Lack of policies, procedures and techniques on hypervisor level to facilitate investigation How to analyze the image?

Organizational Dimension Organizational structure for each cloud organization - IT Professionals, Incident Handlers, Legal Advisor Chain of Dependencies - CSPs and most cloud applications often have dependencies on other CSP(s).

Organizational Challenges regarding SLA Important terms regarding forensic investigations are not included in the SLA Most cloud customers are still not aware of the potential issues

Legal dimension Multi-jurisdiction - Data centers are deployed around the world Multi-tenancy - Service Level Agreement

Legal Challenges regarding Multi-Jurisdiction and multi-tenancy What kind of data can be accessed and retrieved How to retrieve evidence without breaching privacy or privilege rights of tenants What kind of chain of custody is needed

Opportunities Data abundance - when a request to delete a cloud resource is made it actually technically can never result in true wiping of the data Overall Robustness - Automatically generated hash - on-demand cloning of virtual machines - snapshot

Ref : Cloud forensics : An overview (Jan 2011) bykeyun Ruan, Prof. Joe Carthy, Prof.Tahar Kechadi, mark Crosbie

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback