Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
Transcript of Cloud Forensics
Where to use Cloud Forensics
Internet Evidence Finder(IEF) Cloud Computing Digital Forensics Cloud Forensics Definition of Cloud Forensics The application of digital forensics in cloud computing as a subset of network forensics. The Three Dimensions of Cloud Forensics The technical dimension
Forensic data collection
Elastic, static and live forensics
Evidence segregation The organizational dimension
involves at least two parties: the CSP, and the cloud customer. The legal dimension
Multi-jurisdiction and multi-tenancy
Service Level Agreement Usage of Cloud Forensics Investigation
Investigation on cloud crime and policy violation Troubleshooting
Security incidents handling in the Cloud Data and System Recovery
Recovering data in the Cloud, that has been accidentally or intentionally deleted or
modified Challenges Forensic data collection & Evidence segregation Internal staffing Multi-Jurisdiction and multi-tenancy Internet Evidence Finder Recovery of cloud-based evidence from computer hard drives and live memory. Internet Evidence Finder(cont.) IEF Recovers: •Social Networking Artifacts •Instant Messenger Chat History •Cloud-based applications IEF Search& Reports(cont.) •Search, filter, sort, and export results •Search and filter data with multiple key words simultaneously •View search results in real-time, including estimated time to completion •File sharing applications & Webmail IEF Search & Reports(cont.) All artifact locations map to a physical sector or file offset Rebuild webpages as they were originally viewed by the suspect Recover potential evidence from iOS backups •Searchs entire Logical or Physical Drives. Looks in Unallocated space/deleted space. •Searches entire user-selected folders and sub-folders. Searches multiple drives, images, files & folders in a single search. Browser Forensics Tools Comparison Chart Conclusion The rise of cloud computing is pushing digital forensics into a new horizon.
Cloud forensics is a new area that needs lots of research.
Many challenges current and in the future. References The First Forensic Software Solution to Provide Recovery of Cloud-Based Evidence retrieved from hp://finance.yahoo.com/news/first-forensic-software-solution-recovery-145729594.html Internet Evidence Finder description retrieved from
://www.softpedia.com/get/Internet/Chat/Other-Chat-Tools/Internet-Evidence-Finder.shtml Why Customers Choose INTERNET EVIDENCE FINDER retrieved from
://www.magnetforensics.com/products/internet-evidence-finder/ Browser Forensics Tools Comparison Chart retrieved from
://docs.google.com/viewer?a=v&pid=sites&srcid=ZGVmYXVsdGRvbWFpbnxkaWdpdGFsZm9yZW5zaWNzb3VyY2V8Z3g6NjMwM2YwZWQxMTdlZDZlYg Keyun Ruan, Prof. Joe Carthy, Prof. Tahar Kechadi, Mark Crosbie, Cloud Forensics: An Overview The cloud customer has no control or knowledge over the physical location of their data.
Many CSPs do not provide services or interfaces for the customers to gather forensic data. The major challenge in establishing a cloud
forensic organizational structure is the lack of forensic expertise and relevant legal experience What kind of data can be accessed and retrieved in
Where the physical machine(s) from which data is accessed and retrieved
How to conduct evidence retrieval without breaching privacy or privilege rights of tenants according to the
privacy policies Cloud Forensics
Digital Forensic Technology
Fall 2012_CSC 620