SlideShare a Scribd company logo

Memory forensics using VMI for cloud computing

Priyanka Aash
Priyanka Aash

The relocation of systems and services into cloud environments is on the rise. Because of this trend users lose direct control over their machines and depend on the offered services from cloud providers. These services are especially in the field of digital forensics very rudimentary. The possibilities for users to analyze their virtual machines with forensic methods are very limited. In the underlying research of this talk a practical approach has been developed that gives the user additional capabilities in the field of forensic investigations. The solution focuses on a memory forensic service offering. To reach this goal, a management solution for cloud environments has been extended with memory forensic services. Self-developed memory forensic services, which are installed on each cloud node and are managed through the cloud management component, are the basis for this solution. Forensic data is gained via virtual machine introspection techniques. Compared to other approaches it is possible to get trustworthy data without influencing the running system. Additionally, a general overview about the underlying technologies is provided and the pros and cons are discussed. The solution approach is discussed in a generic way and practically implemented in a prototype. In this prototype OpenNebula is used for managing the cloud infrastructure in combination with Xen as virtualization component, LibVMI as Virtual Machine Introspection library and Volatility as forensic tool. (Source: Black Hat USA 2016, Las Vegas)

Technology
1 of 39
Download to read offline
Memory Forensics using Virtual Machine Introspection for Cloud Computing Tobias Zillner, BSc MSc MSc
About Me Tobias Zillner, BSc MSc MSc • Vienna, Austria • Founder of Zillner IT-Security • Independent Security Consultant & Researcher • Consulting, Audit, Advisory, Training • Security Research • Internet of Things, Smart Homes • Wireless Security • www.zillner.tech SDR Enthusiast
What is it about? And why do we need it?
Outline Introduction & Background Virtual Machine Introspection (VMI) Use cases Prototype Summary
Motivation Relocation of systems and services into cloud environments is on the rise Users loose direct access / control over their systems Forensic methods are limited in the cloud Enable the user to perform their own forensic investigations Forensic as a Service
Memory forensics & Virtual machine Introspection
Forensic Process Collection Examination Analysis Reporting Media Data Information Evidence
Hardware virtualization One / Multiple guest OS on virtualized hardware Managed by Virtual Machine Monitor (VMM) – Hypervisor Provides interfaces and controls interactions with hardware • CPU, memory, network, storage,… Hypervisor on own OS – Host OS
Native vs. hosted virtualization Hardware Hypervisor Guest OS Application Application Application Guest OSApplication Application Application Hardware Hypervisor Guest OS Application Application Application Guest OS Application Application Application Host OS Application Application Native virtualization Hosted virtualization
Virtual machine Introspection “Virtual Introspection (VI) is the process by which the state of a virtual machine (VM) is observed from either the Virtual Machine Monitor (VMM), or from some virtual machine other than the one being examined. “ 1 1 : Brian Hay and Kara Nance. Forensics examination of volatile system data using virtual introspection. SIGOPS Oper. Syst. Rev., 42(3):74 82, April 2008
Semantic gap Difference between the presentation of data from volatile memory by the OS and the raw data format Requires VMI to perform the same translation of the the raw memory data as the OS At least some knowledge about the guest OS is necessary
http://libvmi.com/docs/gcode-intro.html How does it work?
Advantages No altering of the target system Very hard to detect the monitoring Live analysis of memory content Data size for analysis (storage much larger than memory) Detection of advanced memory only malware More reliable data • No data corruption through malware
Countermeasures Detection • Timing analysis - unusual patterns in the frequency at which it is scheduled for execution • Page fault analysis - the target VM may be able to detect unusual patterns in the distribution of page faults Direct Kernel Structure Manipulation (DKSM) • VMI assumes that OS implement certain kernel- and data structures • DKSM modifies this structures and prevents monitoring • Sytanx based: targeted deletion/addition/manipulation of data structures • Sematic: semantics of the data structures are changed • Combined: mix of syntax and semantics manipulation
Fields of application Rootkit detection • Manipulation of memory access • Interception of system calls Cryptographic key extraction • On the fly encrypted container • Network forensics IDS / IPS Examples
Prototype
Solution approach Combining existing tools for a novel approach Open Source Minimal overhead Transparent for the user
Architecture Cloud Solution • Open Nebula Cloud Management Server Cloud Node Host OS – Ubuntu Guest VM Memory Forensic Services VMI Library – LibVMI Forensic Tool – Volatility Hypervisor - Xen
Cloud Management Server Cloud Node VM1 VM2 Cloud Control Services Dom U Dom 0Dom U Hypervisor
Cloud Management Server Cloud Node VM1 VM2 VMI Library Forensic Tool Memory Forensic Service Cloud Control Services Memory Forensic Service Dom U Dom 0Dom U Hypervisor
Open nebula extensions www.opennebula.org
Memory forensic services Self developed management and control services Client – Server model Platform independent PKI for secure communication Command whitelisting
Forensic Process Collection Examination Analysis Reporting Media Data Information Evidence
Forensic Process Collection Examination Analysis Reporting Media Data Information Evidence • OS on Cloud Node • Data provided by LibVMI • Collected by Volatility
Forensic Process Collection Examination Analysis Reporting Media Data Information Evidence • OS on Cloud Node • Collected data checked by Volatility • Data extraction for forensic purpose
Forensic Process Collection Examination Analysis Reporting Media Data Information Evidence • Partially OS on Cloud Node • Collected data checked by Volatility • Partially on user system • Analysis with additional tools by user
Forensic Process Collection Examination Analysis Reporting Media Data Information Evidence • Completely on user system
Advantages User gets easy access to the data No changes on the target VM necessary Memory analysis not on the possibly compromised system No stop/pausing of the analyzed machine required Operation of the VM does not get influenced Analysis can be done either local or over the network • Reduction of local load / network load Usage of existing authentication and authorization system
Disadvantages Configuration necessary Knowledge about the guest OS required Installation overhead for cloud provider Additional attack surface Security is crucial for the added services User segregation is very important
LibVMI config example
Volatility / Libvmi usage
Use case Modifying of data structures, which display the processes currently running on the system System call interception Interrupt hooking Modifying the kernel memory image Intercepting calls handled by the VFS Virtual memory subversion Kernel level root kit detection
Use case Enduser VM in Iaas cloud
Demo
Summary
Summary Investigations in cloud environments get more and more common Hypervisor forensics VMI is a very interesting solution approach Fully Open Source based working prototype Enables fast responses to security incidents Lot of room for enhancements Different use cases for VMI in clouds possible
Black hat sound bytes Hypervisor forensics / VMI are very powerful and interesting technologies FaaS gives power to the end user Memory analysis is a huge benefit for forensic investigations
Q & A Please fill out the Black Hat Feedback Form
Contact Tobias Zillner tobias@zillner.tech www.zillner.tech +43 664 8829 8290

Recommended

Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
George Delikouras
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
Sam Bowne
 
Exploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedExploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removed
NCC Group
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
Vincent Giersch
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)
NCC Group
 
Cs seminar 20070426
Cs seminar 20070426Cs seminar 20070426
Cs seminar 20070426
Todd Deshane
 
The Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server ComputingThe Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server Computing
The Integral Worm
 
Zoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud ServicesZoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud Services
Winston Morton
 

Recommended

Is it an internal affair
Is it an internal affairIs it an internal affair
Is it an internal affair
George Delikouras
 
CNIT 50: 9. NSM Operations
CNIT 50: 9. NSM OperationsCNIT 50: 9. NSM Operations
CNIT 50: 9. NSM Operations
Sam Bowne
 
Exploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removedExploiting appliances presentation v1.1-vids-removed
Exploiting appliances presentation v1.1-vids-removed
NCC Group
 
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
UKC - Feb 2013 - Analyzing the security of Windows 7 and Linux for cloud comp...
Vincent Giersch
 
How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)How we breach small and medium enterprises (SMEs)
How we breach small and medium enterprises (SMEs)
NCC Group
 
Cs seminar 20070426
Cs seminar 20070426Cs seminar 20070426
Cs seminar 20070426
Todd Deshane
 
The Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server ComputingThe Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server Computing
The Integral Worm
 
Zoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud ServicesZoura Subscribed 2013 LinkBermuda Metered Cloud Services
Zoura Subscribed 2013 LinkBermuda Metered Cloud Services
Winston Morton
 
Firewall
FirewallFirewall
Firewall
Rameswar Mishra
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
Programmer
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
Sam Bowne
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
G Prachi
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
Sam Bowne
 
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgInformation Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Eric Vanderburg
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
G Prachi
 
CNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionCNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data Collection
Sam Bowne
 
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionCNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
Sam Bowne
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management Handbook
Sam Bowne
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
Sam Bowne
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
Sam Bowne
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)
Sam Bowne
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
Adetunji Adeoje
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the Cloud
Tjylen Veselyj
 
POTASSIUM: Penetration Testing as a Service
POTASSIUM: Penetration Testing as a ServicePOTASSIUM: Penetration Testing as a Service
POTASSIUM: Penetration Testing as a Service
Alexandria Farar (Lexi), CISSP, CEH
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and Testing
Sam Bowne
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
Sam Bowne
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network Evidence
Sam Bowne
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
Anurag Srivastava
 
11.cyber forensics in cloud computing
11.cyber forensics in cloud computing11.cyber forensics in cloud computing
11.cyber forensics in cloud computing
Alexander Decker
 
Cloud Application Logging for Forensics
Cloud Application Logging for ForensicsCloud Application Logging for Forensics
Cloud Application Logging for Forensics
Raffael Marty
 

More Related Content

What's hot

What's hot (20)

Firewall
FirewallFirewall
Firewall
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detection
 
CNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident PreparationCNIT 121: 3 Pre-Incident Preparation
CNIT 121: 3 Pre-Incident Preparation
 
Web application security part 01
Web application security part 01Web application security part 01
Web application security part 01
 
CNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic DuplicationCNIT 121: 8 Forensic Duplication
CNIT 121: 8 Forensic Duplication
 
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric VanderburgInformation Security Lesson 13 - Advanced Security - Eric Vanderburg
Information Security Lesson 13 - Advanced Security - Eric Vanderburg
 
Dealing with legacy code
Dealing with legacy codeDealing with legacy code
Dealing with legacy code
 
CNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data CollectionCNIT 152: 6 Scoping & 7 Live Data Collection
CNIT 152: 6 Scoping & 7 Live Data Collection
 
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data CollectionCNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
CNIT 121: 6 Discovering the Scope of the Incident & 7 Live Data Collection
 
CNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management HandbookCNIT 121: 2 IR Management Handbook
CNIT 121: 2 IR Management Handbook
 
CNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and TestingCNIT 125 7. Security Assessment and Testing
CNIT 125 7. Security Assessment and Testing
 
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
CNIT 121: 4 Getting the Investigation Started on the Right Foot & 5 Initial D...
 
CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)CNIT 121: 17 Remediation Introduction (Part 1)
CNIT 121: 17 Remediation Introduction (Part 1)
 
Latest presentation
Latest presentationLatest presentation
Latest presentation
 
Virtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the CloudVirtual Machine Introspection - Future of the Cloud
Virtual Machine Introspection - Future of the Cloud
 
POTASSIUM: Penetration Testing as a Service
POTASSIUM: Penetration Testing as a ServicePOTASSIUM: Penetration Testing as a Service
POTASSIUM: Penetration Testing as a Service
 
CISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and TestingCISSP Prep: Ch 7. Security Assessment and Testing
CISSP Prep: Ch 7. Security Assessment and Testing
 
7. Security Operations
7. Security Operations7. Security Operations
7. Security Operations
 
CNIT 121: 9 Network Evidence
CNIT 121: 9 Network EvidenceCNIT 121: 9 Network Evidence
CNIT 121: 9 Network Evidence
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 

Viewers also liked

11.cyber forensics in cloud computing
11.cyber forensics in cloud computing11.cyber forensics in cloud computing
11.cyber forensics in cloud computing
Alexander Decker
 
Cloud Application Logging for Forensics
Cloud Application Logging for ForensicsCloud Application Logging for Forensics
Cloud Application Logging for Forensics
Raffael Marty
 
Lupus érythémateux disséminé1
Lupus érythémateux disséminé1Lupus érythémateux disséminé1
Lupus érythémateux disséminé1
Med Achraf Hadj Ali
 
6 STEPS TO CREATE A SUCCESSFUL BUSINESS INTELLIGENCE STRATEGY
6 STEPS TO CREATE A SUCCESSFUL BUSINESS INTELLIGENCE STRATEGY6 STEPS TO CREATE A SUCCESSFUL BUSINESS INTELLIGENCE STRATEGY
6 STEPS TO CREATE A SUCCESSFUL BUSINESS INTELLIGENCE STRATEGY
George Beaton
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensics
sdavis532
 
Cloud Computing Security (Final Year Project) by Pavlos Stefanis
Cloud Computing Security (Final Year Project) by Pavlos StefanisCloud Computing Security (Final Year Project) by Pavlos Stefanis
Cloud Computing Security (Final Year Project) by Pavlos Stefanis
Pavlos Stefanis
 

Viewers also liked (20)

11.cyber forensics in cloud computing
11.cyber forensics in cloud computing11.cyber forensics in cloud computing
11.cyber forensics in cloud computing
 
Cloud Application Logging for Forensics
Cloud Application Logging for ForensicsCloud Application Logging for Forensics
Cloud Application Logging for Forensics
 
Cloud Forensics- An IS Approach
Cloud Forensics- An IS ApproachCloud Forensics- An IS Approach
Cloud Forensics- An IS Approach
 
Booting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual boxBooting an image as a forensically sound vm in virtual box
Booting an image as a forensically sound vm in virtual box
 
Adding event reconstruction to a cloud forensic readiness
Adding event reconstruction to a cloud forensic readinessAdding event reconstruction to a cloud forensic readiness
Adding event reconstruction to a cloud forensic readiness
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science
 
SAS Cloud Computing and MapReduce
SAS Cloud Computing and MapReduceSAS Cloud Computing and MapReduce
SAS Cloud Computing and MapReduce
 
Big Data Analysis and Business Intelligence
Big Data Analysis and Business IntelligenceBig Data Analysis and Business Intelligence
Big Data Analysis and Business Intelligence
 
Open / Free Cloud platforms and Open Hardware Systems
Open / Free Cloud platforms and Open Hardware SystemsOpen / Free Cloud platforms and Open Hardware Systems
Open / Free Cloud platforms and Open Hardware Systems
 
Virtualization & Cloud Computing Presentation
Virtualization & Cloud Computing PresentationVirtualization & Cloud Computing Presentation
Virtualization & Cloud Computing Presentation
 
Lupus érythémateux disséminé1
Lupus érythémateux disséminé1Lupus érythémateux disséminé1
Lupus érythémateux disséminé1
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security Metrics
 
Red hat cloud platforms
Red hat cloud platformsRed hat cloud platforms
Red hat cloud platforms
 
6 STEPS TO CREATE A SUCCESSFUL BUSINESS INTELLIGENCE STRATEGY
6 STEPS TO CREATE A SUCCESSFUL BUSINESS INTELLIGENCE STRATEGY6 STEPS TO CREATE A SUCCESSFUL BUSINESS INTELLIGENCE STRATEGY
6 STEPS TO CREATE A SUCCESSFUL BUSINESS INTELLIGENCE STRATEGY
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensics
 
CS298_presentation
CS298_presentationCS298_presentation
CS298_presentation
 
Transforming Application Delivery with PaaS and Linux Containers
Transforming Application Delivery with PaaS and Linux ContainersTransforming Application Delivery with PaaS and Linux Containers
Transforming Application Delivery with PaaS and Linux Containers
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox
 
Cloud Computing Security (Final Year Project) by Pavlos Stefanis
Cloud Computing Security (Final Year Project) by Pavlos StefanisCloud Computing Security (Final Year Project) by Pavlos Stefanis
Cloud Computing Security (Final Year Project) by Pavlos Stefanis
 

Similar to Memory forensics using VMI for cloud computing

CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
Alert Logic
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellAll about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
Hishan Shouketh
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
Atif Ghauri
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Schneider Electric
 

Similar to Memory forensics using VMI for cloud computing (20)

CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself CyberCrime in the Cloud and How to defend Yourself
CyberCrime in the Cloud and How to defend Yourself
 
VMI based malware detection in virtual environment
VMI based malware detection in virtual environmentVMI based malware detection in virtual environment
VMI based malware detection in virtual environment
 
Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1Plnog13 2014 security intelligence_pkedra_v1
Plnog13 2014 security intelligence_pkedra_v1
 
The Trouble with Cloud Forensics :Sharique M. Rizvi Head of IT Security & Fo...
The Trouble with Cloud Forensics :Sharique M. Rizvi Head of IT Security & Fo...The Trouble with Cloud Forensics :Sharique M. Rizvi Head of IT Security & Fo...
The Trouble with Cloud Forensics :Sharique M. Rizvi Head of IT Security & Fo...
 
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshellAll about Firewalls ,IPS IDS and the era of UTM in a nutshell
All about Firewalls ,IPS IDS and the era of UTM in a nutshell
 
The Trouble with Cloud Forensics
The Trouble with Cloud ForensicsThe Trouble with Cloud Forensics
The Trouble with Cloud Forensics
 
NextGen Endpoint Security for Dummies
NextGen Endpoint Security for DummiesNextGen Endpoint Security for Dummies
NextGen Endpoint Security for Dummies
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
How To Build A Stable And Robust Base For a “Cloud”
How To Build A Stable And Robust Base For a “Cloud”How To Build A Stable And Robust Base For a “Cloud”
How To Build A Stable And Robust Base For a “Cloud”
 
Introduction to Cloud Security.pptx
Introduction to Cloud Security.pptxIntroduction to Cloud Security.pptx
Introduction to Cloud Security.pptx
 
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
Cybersecurity for Industrial Plants: Threats and Defense Approach - Dave Hreha
 
Ccna sec 01
Ccna sec 01Ccna sec 01
Ccna sec 01
 
unit-2.pptx
unit-2.pptxunit-2.pptx
unit-2.pptx
 
intrusion detection system (IDS)
intrusion detection system (IDS)intrusion detection system (IDS)
intrusion detection system (IDS)
 
12-Dynamic Resource Provisioning, Security Aspects, Module-5-Cognitive comput...
12-Dynamic Resource Provisioning, Security Aspects, Module-5-Cognitive comput...12-Dynamic Resource Provisioning, Security Aspects, Module-5-Cognitive comput...
12-Dynamic Resource Provisioning, Security Aspects, Module-5-Cognitive comput...
 
Improving Resilience by Creating Storms in the Cloud
Improving Resilience by Creating Storms in the CloudImproving Resilience by Creating Storms in the Cloud
Improving Resilience by Creating Storms in the Cloud
 
RuSIEM overview (english version)
RuSIEM overview (english version)RuSIEM overview (english version)
RuSIEM overview (english version)
 
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
Cisco Connect 2018 Thailand - Secure data center building a secure zero trust...
 
Cloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform ServiceCloud monitoring - An essential Platform Service
Cloud monitoring - An essential Platform Service
 
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Finding the needle in the haystack: how Nestle is leveraging big data to defe...Finding the needle in the haystack: how Nestle is leveraging big data to defe...
Finding the needle in the haystack: how Nestle is leveraging big data to defe...
 

More from Priyanka Aash

Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
Priyanka Aash
 

More from Priyanka Aash (20)

Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
Verizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdfVerizon Breach Investigation Report (VBIR).pdf
Verizon Breach Investigation Report (VBIR).pdf
 
Top 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdfTop 10 Security Risks .pptx.pdf
Top 10 Security Risks .pptx.pdf
 
Simplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdfSimplifying data privacy and protection.pdf
Simplifying data privacy and protection.pdf
 
Generative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdfGenerative AI and Security (1).pptx.pdf
Generative AI and Security (1).pptx.pdf
 
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdfEVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
EVERY ATTACK INVOLVES EXPLOITATION OF A WEAKNESS.pdf
 
DPDP Act 2023.pdf
DPDP Act 2023.pdfDPDP Act 2023.pdf
DPDP Act 2023.pdf
 
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdfCyber Truths_Are you Prepared version 1.1.pptx.pdf
Cyber Truths_Are you Prepared version 1.1.pptx.pdf
 
Cyber Crisis Management.pdf
Cyber Crisis Management.pdfCyber Crisis Management.pdf
Cyber Crisis Management.pdf
 
CISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdfCISOPlatform journey.pptx.pdf
CISOPlatform journey.pptx.pdf
 
Chennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdfChennai Chapter.pptx.pdf
Chennai Chapter.pptx.pdf
 
Cloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdfCloud attack vectors_Moshe.pdf
Cloud attack vectors_Moshe.pdf
 
Stories From The Web 3 Battlefield
Stories From The Web 3 BattlefieldStories From The Web 3 Battlefield
Stories From The Web 3 Battlefield
 
Lessons Learned From Ransomware Attacks
Lessons Learned From Ransomware AttacksLessons Learned From Ransomware Attacks
Lessons Learned From Ransomware Attacks
 
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
Emerging New Threats And Top CISO Priorities In 2022 (Chennai)
 
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
Emerging New Threats And Top CISO Priorities In 2022 (Mumbai)
 
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)
 
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow LogsCloud Security: Limitations of Cloud Security Groups and Flow Logs
Cloud Security: Limitations of Cloud Security Groups and Flow Logs
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Recently uploaded (20)

Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Memory forensics using VMI for cloud computing