Digital and Cloud Forensics



Similar documents
How To Manage Cloud Data Safely

Cloud Forensics: an Overview. Keyun Ruan Center for Cyber Crime Investigation University College Dublin

Regulating forensic science in the UK. Andrew Rennison M.Sc.

Overview of Computer Forensics

Cloud Computing Architecture and Forensic Investigation Challenges

KEY TERMS FOR SERVICE LEVEL AGREEMENTS TO SUPPORT CLOUD FORENSICS

Forensic Test 1 Review: Mathieu Orfila ( ) Father of Modern Toxicology 1814 wrote first treatise. (formal scientific work) Alphonse Bertillon

Cloud Computing. What is Cloud Computing?

EXIN Cloud Computing Foundation

Technologies based on Cloud Computing Technology

Introduction. IMF Conference September 2008

Forensic Science. Distance Learning Presentation For King Drew Magnet High School of Medicine and Science March 14, 2007

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Somers Public Schools Somers, Connecticut Science Curriculum

Top 10 Cloud Risks That Will Keep You Awake at Night

Research on Digital Forensics Based on Private Cloud Computing

Cloud Computing Governance & Security. Security Risks in the Cloud

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

Secure Cloud Computing through IT Auditing

LEGAL ISSUES IN CLOUD COMPUTING

Calm before the Storm: The Emerging Challenges of Cloud Computing in. Digital Forensics

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Cloud Risk Management: How to Consolidate your CSP and Corporate Risk Profile

Introduction to Forensic Science. So what is Forensic Science? Major Contributors. Chapter 1: Intro to FS

Technische Herausforderungen der Cloud-Forensik

Data In The Cloud: Who Owns It, and How Do You Get it Back?

INTEGRITY FORENSICS. Where the Evidence Tells the Truth. Charles M. Pruitt 2545 Bellwood Road Richmond, Virginia

Secure Enterprise Mobility Management. Cloud-Based Enterprise Mobility Management. White Paper: soti.net

CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS

Delivering Managed Services Using Next Generation Branch Architectures

Security Considerations for Public Mobile Cloud Computing

Time to Value: Successful Cloud Software Implementation

Regulated Applications in the Cloud

Page 1 of 5 Position Code #P Forensic Identification - Technological Crimes Unit ASSOCIATION: Civilian LOCATION: Headquarters

Cloud Security Introduction and Overview

What is Digital Forensics?

Connecting Your Business to the Cloud. Jeff Coomans Sr. Manager New Product Development Hawaiian Telcom

Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements

EC-Council Ethical Hacking and Countermeasures

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

EAaaS Cloud Security Best Practices

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By:

Cloud Computing Security: Public vs. Private Cloud Computing

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Digital Forensics. General Terms Cyber Crime, forensics models, Investigation, Analysis, digital devices.

Computer Forensics US-CERT

AskAvanade: Answering the Burning Questions around Cloud Computing

Data Protection Act Guidance on the use of cloud computing

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Piecing Digital Evidence Together. Service Information

POLICE SCENE TECHNICIAN I POLICE SCENE TECHNICIAN II

ILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES CLASS SPECIFICATION STATE POLICE EVIDENCE TECHNICIAN SERIES

Cloud Computing Secured. Thomas Mitchell CISSP. A Technical Communication

Hitachi Content Platform (HCP)

Cloud Computing in the Czech Republic

IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE

Keyun Ruan, Joe Carthy, Tahar Kechadi and Mark Crosbie

Office of the Chief Information Officer

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

Computer Hacking Forensic Investigator v8

Cyber Security through Education & Awareness. KSU Police Converged Security: A holistic approach to cyber safety and security. Community Policing

Refresher on cloud computing

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Digital Forensics for IaaS Cloud Computing

Remarks. 7th International DNA Users' Conference For Investigative Officers. Ronald K. Noble. INTERPOL Secretary General.

Utilizing Cloud Storage for Mainframes

Meeting the Challenges of Remote Data Protection: Requirements and Best Practices

Security, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32

Implications for Cloud Computing & Data Privacy

Cloud Computing TODAY S TOPICS WHAT IS CLOUD COMPUTING? ICAC Webinar Cloud Computing September 4, What Cloud Computing is and How it Works

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

Phoenix backs up servers using Windows and Linux operating systems. Here is a list of Windows servers that Phoenix supports:

Cloud Computing in the Enterprise An Overview. For INF 5890 IT & Management Ben Eaton 24/04/2013

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Guidelines on Digital Forensic Procedures for OLAF Staff

Cloud Computing and Records Management

Nancy W. Peterson Forensic Biology Consultants, LLC July 7, 2011

Cloud Computing. Cloud Computing An insight in the Governance & Security aspects

Module 1: Facilitated e-learning

Cloud Computing: Legal Risks and Best Practices

How To Understand Cloud Computing

UNIVERSITY OF MANITOBA PROCEDURE

Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.

Investigation of Cloud Computing: Applications and Challenges

Archival Approach to IaaS Cloud Services

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Video Storage Solutions for Police Departments in Large Cities: What Works, What It Costs

Security Issues in Cloud Computing

Enterprise Cloud-to-Cloud Backup and Recovery:

plantemoran.com What School Personnel Administrators Need to know

ILLINOIS DEPARTMENT OF CENTRAL MANAGEMENT SERVICES CLASS SPECIFICATION FORENSIC SCIENTIST SERIES

A CommVault Business-Value White Paper Understanding and Mitigating the Legal Risks of Cloud Computing

Digital Forensics G-Cloud Service Definition

What Cloud computing means in real life

Enterprise Cloud Backup of Cloud-Based Applications/Platforms

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Transcription:

Digital and Cloud Forensics Stavros Simou Cultural Informatics Laboratory, Department of Cultural Technology and Communication, University of the Aegean, University Hill, GR 81100 Mytilene, Greece ssimou@aegean.gr

Forensics Is the scientific method of gathering and examining information about the past. Finding evidence to establish facts that can be presented in a legal proceeding. Those that collect forensic evidence must follow strict procedures to protect evidence from contamination and destruction and to preserve the chain of custody. Forensics "tells the same story" no matter how many times it is tested, or how many years have passed.

Early methods of forensics In the late 18th century, writings on changes that occurred in the structure of the body as the result of disease began to appear by the French physician Francois Immanuele Fodéré. French police officer Alphonse Bertillon was the first to apply the anthropological technique of anthropometry to law enforcement, in the 1870s. Sir William Herschel was one of the first to advocate the use of fingerprinting in the identification of criminal suspects, in 1877. The first United Kingdom Fingerprint Bureau was founded in Scotland Yard, the Metropolitan Police headquarters, London, in 1901. By 1906, New York City Police Department Deputy Commissioner Joseph A. Faurot, introduced the fingerprinting of criminals to the United States. Scientific and surgical investigation was widely employed by the Metropolitan Police during their pursuit of the mysterious Jack the Ripper, in the 1880s. In the 20th century several British pathologists, pioneered new forensic science methods. Alec Jeffreys pioneered the use of DNA profiling in forensic science in 1984. He realized the scope of DNA fingerprinting, which uses variations in the genetic code to identify individuals.

Forensics

Digital forensics Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. The first computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized modification or deletion of data on a computer system. Canada was the first country to pass legislation in 1983. The growth in computer crime during the 1980s and 1990s caused law enforcement agencies to begin establishing specialized groups, usually at the national level, to handle the technical aspects of investigations. Since 2000, in response to the need for standardization, various bodies and agencies have published guidelines for digital forensics.

Laws dealing with digital evidence are concerned with two issues: Integrity - is ensuring that the act of seizing and acquiring digital media does not modify the evidence (either the original or the copy). Authenticity - refers to the ability to confirm the integrity of information; for example that the imaged media matches the original evidence. The ease with which digital media can be modified means that documenting the chain of custody from the crime scene, through analysis and, ultimately, to the court, is important to establish the authenticity of evidence. Guidelines such as those issued by ACPO are followed to help document the authenticity and integrity of evidence. Digital Evidence

Types of Digital Evidence Address books and contact lists Audio files and voice recordings Backups to various programs, including backups to mobile devices Bookmarks and favorites Browser history Calendars Compressed archives (ZIP, RAR, etc.) including encrypted archives Configuration and.ini files (may contain account information, last access dates etc.) Cookies Databases Documents Email messages, attachments and email databases Events Hidden and system files Log files Organizer items Page files, hibernation files and printer spooler files Pictures, images, digital photos Videos Virtual machines System files Temporary files

Cloud Adoption - Forecast 3rd Annual Future of Cloud Computing Survey (2013) 75 percent of those surveyed reporting the use of some sort of cloud platform. The growth in the worldwide market for cloud computing it is expected to reach $158.8 billion by 2014. International Data Corporation (IDC) IT cloud services will reach $47.4 billion in 2013 and is expected to be more than $107 billion in 2017. Over the 2013 2017 forecast period, public IT cloud services will have a compound annual growth rate (CAGR) of 23.5%.

Cloud Computing What is it? Outsourcing (services and equipment) Providers give the ability to customers to use configurable computing resources that can be rapidly provisioned and released with minimal management effort. Reduction of cost on infrastructure and support. Increase systems scalability. Use of virtualization techniques for providing equipment, software and platform support as remote services. Five essential characteristics. Three service models. Four deployment models.

Digital and Cloud Forensics Digital forensics is the field where the investigators use forensic processes to search for digital evidence in order to use them in a court of law. Digital forensics deals with the digital evidence found in the area where the crime committed. Cloud forensic is a subset of digital forensics, to designate the need for digital investigation in cloud environments, based on forensic principles and procedures. Main difference: data is stored on data centers at different geographical areas with different jurisdictions.

Cloud Forensic Process Based on digital forensics (DFRW model was used with a slight differentiation) Stages Identification stage - Identifying all possible sources of evidence. Preservation and Collection stage Collecting evidence from virtualized environments and preserve the chain of custody and the integrity. Examination and Analysis stage Inspection of data with tools to reveal useful information. Presentation stage Presenting evidence in a way that the jury will understand all the technical details.

Challenges Identification Stage Access to evidence in logs Physical inaccessibility Volatile data Distribution collaboration Client side identification Dependence on CSP Trust Service Level Agreement (SLA) Preservation Collection Stage Integrity and stability Privacy and multi-tenancy Time synchronization Internal Staffing Chain of custody Imaging Bandwidth limitation Multi-jurisdiction Examination - Analysis Stage Lack of forensic tools Volume of data Encryption Reconstruction Unification of log formats Identity Presentation Stage Complexity of testimony Documentation Uncategorised Compliance issues

Challenges identified in the three service models Cloud Forensic Challenges / Stage Applicable to IaaS PaaS SaaS Identification Access to evidence in logs partly Physical inaccessibility Volatile data X X Client side identification X Dependence on CSP - Trust Service Level Agreement (SLA) Preservation - Collection Integrity and stability Privacy X Time synchronization Internal Staffing Chain of custody Imaging X Bandwidth limitation X X Multi-jurisdiction - collaboration Multi-tenancy Examination Analysis Lack of forensic tools Volume of data X Encryption Reconstruction Unification of log formats Identity Presentation Complexity of testimony Documentation Uncategorised Compliance issues

Major open issues Introduction of new methodologies and frameworks. Development of new forensic tools. Trusted relations between CSPs and consumers should be built. International collaborations between law enforcement and CSPs.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information