Challenges in Cloud Forensics
•Download as PPTX, PDF•
0 likes•241 views
Challenges in Cloud Forensics. In this presentation we take a look at the following topics; What is Cloud Computing ? Types of Cloud & Cloud Services What is Cloud Forensics? Common Cloud Forensics Challenges? Impact of the ChallengesExisting Methods & Tools Limitations of Existing Methods Future Developments
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Challenges in Cloud Forensics
Similar to Challenges in Cloud Forensics (20)
Recently uploaded
Recently uploaded (20)
Challenges in Cloud Forensics
- 2. Hello! I am Gayan Gothama 2
- 3. Content 3 2 4 6 7 5 3 What is Cloud Computing ? What is Cloud Forensics? Impact of the Challenges Types of Cloud & Cloud Services Common Cloud Forensics Challenges? Limitations of Existing Methods 1 Existing Methods & Tools Future Developments 8
- 4. What is Cloud Computing ? Cloud computing is a means of providing computing services (including databases, servers, software, and networking) via the internet, allowing the user to bypass direct management of those systems. [1] 1
- 5. “ 5 Types of Cloud Private Cloud Public Cloud Hybrid Cloud Main Types of Cloud Services IaaS – Microsoft Azure | Cisco Metacloud PaaS – OpenShift | AWS SaaS - Cisco WebEx | GSuite
- 6. 2 What is Cloud Forensics? “Cloud forensics is the application of digital forensics in cloud computing as a subset of network forensics to gather and preserve evidence in a way that is suitable for presentation in a court of law.”[2] Cloud Forensics Steps
- 7. 3 Common Cloud Forensics Challenges?[3]
- 8. “ 8 Impact of the Challenges in Identification Stage 1) Access to the Evidence in Logs 2) Unknown or Not Accessible Physical Location
- 9. “ 9 Impact of the Challenges in Collection & Preservation Stage 1) Multi-tenancy & Resource Sharing 2) Chain of Custody 3) Dependence on CSP [4]
- 10. “ 10 Impact of the Jurisdictional Challenges 1) Jurisdiction Challenges Involvement of international & local law enforcement parties Bulletproof hosting Right to access data
- 11. 5 Existing Methods for Mitigating the Challenges 1) Resource Tagging 2) Isolating cloud instance & Sandboxing 3) RSA Signature [5] 4) SLA specifying the specific forensic Services
- 12. 7 Tools Using for Challenge Mitigation 1) UFED Cloud Analyzer 2) FROST •Google My Activity and Facebook •iCloud and Google backup •Uber, Lyft •DJI drones •API logs •Guest firewall logs •Virtual disks •API logs •Guest firewall logs •Virtual disks
- 13. 6 Existing Methods Limitations Related to Jurisdiction 1) International Commiunication and Cooperation Limitation – Only effective for non urent invetigations 2) Foreign Jurisdiction Remote Examination Limitation – Risk of damaging the target system
- 14. 8 Future Developments 1) Method of Evidence Collection and Provenance Preservation for Cloud Using SDN and Blockchain Technology [6]. 2) Permission Block Chain Based Data Logging and Integrity Management System for Cloud Forensics [7].
- 15. “ References [1] https://www.talend.com/resources/what-is-cloud-computing/ [2] https://kumarshivam-66534.medium.com/cloud-forensics-be18e14230de [3] A Systematic Survey on Cloud Forensics Challenges, Solutions, and Future Directions | ACM Computing Surveys. (2022). ACM Computing Surveys (CSUR). Retrieved from https://dl.acm.org/doi/fullHtml/10.1145/3361216 [4] Ruan, K., et al. Key Terms for Service Level Agreements to Support Cloud Forensics. in IFIP Int. Conf. Digital Forensics. 2012. Springer. [5] Lin, C.-H., C.Y. Lee, and T.-W. Wu, A cloud-aided RSA signature scheme for sealing and storing the digital evidences in computer forensics. International journal of security and its Applications, 2012. 6(2): p. 241-244. [6] M. Pourvahab and G. Ekbatanifard, "Digital Forensics Architecture for Evidence Collection and Provenance Preservation in IaaS Cloud Environment Using SDN and Blockchain Technology," in IEEE Access, vol. 7, pp. 153349-153364, 2019, doi: 10.1109/ACCESS.2019.2946978. [7] Park, Jun & Park, Jun & Huh, Eui. (2017). Block Chain Based Data Logging and Integrity Management System for Cloud Forensics. 149-159. 10.5121/csit.2017.71112. 15
Editor's Notes
- In simple terms - Cloud computing is a way to remotely store and access data and programming that utilizes the internet rather than hosting information on your computer’s hard drive. ************************************
- Private Cloud: exclusively created and owned by a business. managed on a private network. private cloud could be on-site data centre, or even ask a third-party to host Public Cloud: Service is solely offered by a third-party like Microsoft Azure manages all your hardware, software and other supporting infrastructure. U can manage your services through your web browser. Hybrid Cloud: a perfect combination of public and private clouds provides your business with more flexibility and will help optimise your current infrastructure, security and compliance. ************************************************************************************************** Infrastructure as a Service (IaaS) Provide IT infrastructure from a third-party cloud provider. rent servers, network, storage, virtual machines and more. Platform as a Service (PaaS) offers an environment for you to develop, test, deliver and manage your software applications with ease. provide storage, network and databases needed for ur developments. Software as a Service (SaaS) is a method for delivering your software applications over the internet. cloud provider will host and manage the software application and infrastructure. Most of the time it’s a subscription basis on–demand service ***************************************
- cloud forensics is also just like any other forensics. Put into simple words, it means to collect and preserve the evidences that they are suitable to present in a court of law. ****************************
- Identifying cloud forensics evidences is more complicated than the normal computer forensics evidence identification because of the Decentralized property of cloud. If we take logs for an instance it provide the creation, storage, processing, and distribution of data across multiple data centres. The availability of cloud system logs are depending on the cloud service model. Therefore accessing the logs of a cloud is smtimes a challenge. Unlike normal cyber forensics incidents, when it comes to cloud forensics, most of the time the data is not physically accessible. So, in evidence identification, it is a challenge for FI ppl. ******************************************************
- Multitenancy means shared hosting, in which server resources are divided among different customers. Multitenancy is the opposite of single tenancy, where a software instance or computer system has 1 end user or group of users. So the challenge here is : since evidence could be located across several locations it makes evidence collection difficult. The distribution of evidence can be across multiple virtual hosts, physical machines, data centres and geographical and legal jurisdictions. Chain of custody implies how the evidence was collected, analysed and preserved at the aim of presenting the evidence in admissible way at the court of law. Challenge is : the distributed and multi-layered nature of cloud make it harder to verify the chain of custody. Also the verification of how the logs were collected, generated and stores along with who had the access to the logs is also challenging to be verified. Most CSPs r not motivated to aid FI cuz that could damage their reputation. In case of an incident, the cloud provider will focus upon restoring the service rather than preserving the evidence and handling it in a forensically sound manner. Moreover the integrity of evidence is also depending on the CSP. ************************************************************
- Involvement of international & local law enforcement parties : Sometimes FI ppl may hv to work with both international & local law enforcement parties to carry out the investigation which is very time and resource consuming. Bulletproof hosting : means storing illegal data in countries where it’s difficult for law enforcement agencies to take legal actions. Often located in corrupted countries where the country itself will provide lesser or no support in forensic investigation. Ukraine and Netherlands are two countries where law enforcement agencies can’t easily takedown. Right to access data : in different jurisdictions which can be varied from place to place. ********************************************************
- Unknown or not accessible physical location - The cloud resource consumers do the resource tagging to mark the information assets locations easily. Which can also be used by CSPs for their benefits. In other words when an incident occurs in a server that is in the other side of the world, it can be easier to handle all the laws, jurisdiction, chain of custody related challenges if that resource is been previously tagged. So it makes the investigation much easier. Multi-tenancy and resource sharing - One technique is to place isolating evidence in a Sandbox. **Instance Relocation, where an incident can be moved inside the cloud. Server Farming, which can be used to re-route the request between user and node. ** Chain of custody - Can be used to verify the chain of custody and data integrity Dependence on CSP + Jurisdiction Challenges - Good SLA guarantees benefit like accessibility and consistence.
- UFED Cloud Analyzer is a windows-based extraction and analysis tool. It allows you to extract, preserve and analyze public and private domain, social-media data, instant messaging, file storage, web pages and other cloud-based content using a forensically sound process. FROST is an OpenStack cloud computing platform forensics tool. It also requires no interaction with the operating system of guest virtual machines. And also the system is user-drive.
- That means its not good for investigations against DOS or DDOS attack cuz in that case we need the answers fast in real time to mitigate the ongoing attack. Rason is there are lot of agencies and even time zones to be consider. Damaging a system in a foreign jurisdiction is not good at all right.
- What they did was actually, encrypt all the data based on the sensitivity level and stored in the cloud server. For encryption they hv used, Sensitivity Aware Deep Elliptic Curve Cryptography algorithm. The proposed system is able to guarantee the integrity of data while processing more transactions than existing permission-less based blockchains.