Digital Forensics Lab 10: Cloud Computing & the Future of Digital Forensics
Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics Lab 10 Assignment
Cloud Computing Overview Definition (NIST) Cloud Computing A model for enabling convenient, ondemand network access to a shared pool of configurable resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Cloud Computing Overview (Cont) Typically split into three service types SaaS (Software as a Service) A complete application is offered as a service on demand. Examples include Google, Salesforce, Microsoft, etc. PaaS (Platform as a Service) A layer of software, or development environment is encapsulated & offered as a service, and higher levels of service then build on-top. Examples include Google's App Engine, Force.com, etc. IaaS (Infrastructure as a Service) Provides basic storage and computing capabilities as standardized services over the network. Servers, storage systems, networking equipment, etc. are pooled and made available to handle workloads. Examples include Amazon, Microsoft Azure, GoGrid, etc.
Cloud Computing Overview Public Cloud (Cont) Owned and operated by third parties Deliver economies of scale as costs are spread out for a large number Private Cloud Built exclusively for a single enterprise Split into types Hybrid Cloud On-premise Private Cloud (hosted within a companies data center) Externally hosted Private Cloud (provider facilitates external resources with a guarantee of privacy) Private and Public cloud models blended to increase on-demand, externally provisioned scale. Augments private cloud with the resources of a public cloud that can better manage unexpected surges in workload.
Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics Lab 10 Assignment
Applications of Cloud Computing Access data from anywhere, online backup solutions with local synchronization (e.g. Dropbox) Offload specific applications support and management to the vendor, allowing simpler IT configurations in corporate environments (e.g. Microsoft Office 365) Computation intensive analytic applications (e.g. WolframAlpha) Research Modeling complex systems, weather patterns, nuclear testing, space exploration, etc.
Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics Lab 10 Assignment
Impact of CC to Digital Forensics Multi-tenancy and resource sharing Cloud services may reuse common resources to allow simpler configurations/scaleability Multiple jurisdictions Cloud servers may be geographically diverse and cross state/national/international boundaries (different laws apply) Electronic Discovery Cannot acquire image of device, nor restrict investigation to one system or server Third Party Dependency Cloud structure/architecture may require unique, proprietary tools to understand the data retrieved
Impact of CC to Digital Forensics (Cont) Challenges Velocity of Attack Factor Malicious Insider Data Deletion Hypervisor-level Investigation Proliferation of Endpoints Etc.
Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics Lab 10 Assignment
Future of Digital Forensics Cost-effectiveness of new non-local tools Robustness using Cloud Services Scalability and Flexibility Forensics as a Cloud Service Standards and Policies Etc.
Today's Topics Cloud Computing Overview Applications of Cloud Computing Impact of CC to Digital Forensics Future of Digital Forensics Lab 10 Assignment
Introduction Whereas the PC freed users from the central resources provided and restricted by a mainframe environment, the cloud offers a scaleable architecture that individual PCs cannot provide. The use of cloud computing comes with a drawback in that the users data and applications become dependent on the accessibility of cloud resources, many times only existing within the cloud itself. Traditional digital forensics has focused on the untampered analysis of local PC activity and logs. WIth cloud computing, the split architecture may cross several state, national, as well as international boundaries, leading to a complex method for requesting access.
Lab Assignment 10. Objectives Become familiar with cloud computing services, and their implementation across service types Develop an understanding of the functionality, characteristics, and implementation of basic cloud computing services Understand potential pitfalls to the expanded use of cloud services, and how digital forensics techniques may evolve to meet new challenges
Lab Assignment 10 (Cont) Read this paper http://goo.gl/p5df4 View the video segment in this link (the segment is about 20 mins, while the whole video is over an hour in length; if you have time, the whole video is interesting, and is by the coauthor of the Digital Forensics with Open Source Tools book used in class) http://goo.gl/6uee1 And write a 4-5 page paper (double spaced, Times New Roman 12pt font, 1 inch margins), based on the paper and video above, keeping the following in mind: Discuss how cloud computing challenges affect 'traditional' digital forensics techniques discussed in previous labs Discuss future skills that will become necessary with the proliferation of cloud computing/services, and the evolution of cloud forensics