Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
NIST Cloud Computing
Forum and Workshop VIII
Dr. Martin Herman
ITL Senior Advisor for Forensics and IT
Information Technol...
NIST Cloud Computing Forum and Workshop VIII
July 2015
Cloud Computing Forensic Science
•  Application of science and tech...
NIST Cloud Computing Forum and Workshop VIII
July 2015
NIST Activities
•  Chair of the Cloud Computing Forensic Science
Wo...
NIST Cloud Computing
Forum and Workshop VIII
5. Lack of Transparency
4. Deletion in the Cloud
7. Use of Metadata
1. Confid...
NIST Cloud Computing Forum and Workshop VIII
Cloud Computing Forensic Science
Challenges
•  Challenges related to:
Archite...
NIST Cloud Computing Forum and Workshop VIII
July 2015
Mindmap (PRIMARY)
NIST Cloud Computing Forum and Workshop VIII
July 2015
Assessment	
  of	
  Importance	
  
NIST Cloud Computing Forum and Workshop VIII
Highest Priority Challenges & Scores
10 Confidentiality and PII
9 Root of tru...
NIST Cloud Computing Forum and Workshop VIII
Use Case Template
Cloud forensic challenge highlighted by this use case:
Titl...
NIST Cloud Computing Forum and Workshop VIII
July 2015
Today’s Agenda
•  Will focus on several of the top challenges
–  Cl...
Upcoming SlideShare
Loading in …5
×

Cloud Computing Forensic Science

1,072 views

Published on

NIST Cloud Computing Forum and Workshop VIII
July 2015
Cloud Computing Forensic Science

Posted as a courtesy by:

Dave Sweigert

CISA CISSP HCISPP PMP SEC+

Published in: Healthcare
  • Very nice tips on this. In case you need help on any kind of academic writing visit website ⇒ www.WritePaper.info ⇐ and place your order
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • If you’re looking for a great essay service then you should check out ⇒ www.WritePaper.info ⇐. A friend of mine asked them to write a whole dissertation for him and he said it turned out great! Afterwards I also ordered an essay from them and I was very happy with the work I got too.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello! I can recommend a site that has helped me. It's called ⇒ www.HelpWriting.net ⇐ They helped me for writing my quality research paper on diabetes, and of course by keeping my all other needs fulfilled.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Cloud Computing Forensic Science

  1. 1. NIST Cloud Computing Forum and Workshop VIII Dr. Martin Herman ITL Senior Advisor for Forensics and IT Information Technology Laboratory (ITL) National Institute of Standards & Technology
  2. 2. NIST Cloud Computing Forum and Workshop VIII July 2015 Cloud Computing Forensic Science •  Application of science and technology to investigation and establishment of facts of interest within cloud environments for –  Courtroom •  Criminal investigation and prosecution (e.g., child exploitation, drug dealings, terrorism, cyber attacks, data breaches, insider theft) •  Civil litigation (e.g., e-discovery in lawsuits, insurance claims) –  Regulatory compliance (e.g., auditing) –  Internal business policy violations •  Within an enterprise (e.g., HR privacy violations, employee computer misuse) –  Cybersecurity (incident response) •  Mitigate future cyber attacks, prevent system failure, minimize data loss
  3. 3. NIST Cloud Computing Forum and Workshop VIII July 2015 NIST Activities •  Chair of the Cloud Computing Forensic Science Working Group •  Long-term goals: –  Determine challenges in cloud forensics •  Forensics applied to artifacts/evidence found in the cloud (as opposed to using the cloud to perform forensic analysis on data from other sources) •  Identify, aggregate, analyze challenges –  Prioritize challenges –  Determine gaps in technology, standards and measurements to address these challenges –  Develop a roadmap to address these challenges
  4. 4. NIST Cloud Computing Forum and Workshop VIII 5. Lack of Transparency 4. Deletion in the Cloud 7. Use of Metadata 1. Confidentiality 3. E-Discovery 8. Geo-location 9. Data Integrity 10. Recovering Overwritten Data 6. Timestamp 2. Root of Trust 11. Data Chain of Custody 12.Chain of Dependencies13. Resource Seizure 14.Secure Provenance 15. Chain of Dependencies 16.Locating Evidence17.Evidence Identification
  5. 5. NIST Cloud Computing Forum and Workshop VIII Cloud Computing Forensic Science Challenges •  Challenges related to: Architecture e.g., Segregation of potential evidence in a multi-tenant system Data collection e.g., Recovery of deleted data in a shared and distributed virtual environment; e.g., E-Discovery Analysis of forensic data e.g., Evidence correlation across multiple cloud Providers Anti-forensics e.g., Malicious code may circumvent virtual machine isolation methods •  Challenges related to: Incident first responders e.g., Confidence, competence, and trustworthiness of the cloud providers to act as first-responders and perform data collection Role management e.g., Ease of anonymity and creating false personas online Legal issues e.g., Ease of anonymity and creating false personas online Standards e.g., Lack of test and validation procedures Training e.g., Lack of test and validation procedures
  6. 6. NIST Cloud Computing Forum and Workshop VIII July 2015 Mindmap (PRIMARY)
  7. 7. NIST Cloud Computing Forum and Workshop VIII July 2015 Assessment  of  Importance  
  8. 8. NIST Cloud Computing Forum and Workshop VIII Highest Priority Challenges & Scores 10 Confidentiality and PII 9 Root of trust 9 E-discovery 8 Deletion in the cloud 8 Lack of transparency 7 Timestamp synchronization 7 Use of metadata 7 Multiple venues and geolocations 7 Data integrity and evidence preservation 6 Recovering overwritten data 6 Cloud confiscation and resource seizure 6 Potential evidence segregation 6 Secure provenance 6 Data chain of custody 6 Chain of dependencies 6 Locating evidence 6 Locating storage media 6 Evidence identification 6 Dynamic storage 6 Live forensics 6 Resource abstraction 6 Ambiguous trust boundaries 6 Cloud training for investigators From  NIST  IR  8006:  DRAFT  NIST  Cloud  Compu1ng  Forensic  Science  Challenges   h;p://csrc.nist.gov/publica1ons/PubsNISTIRs.html      
  9. 9. NIST Cloud Computing Forum and Workshop VIII Use Case Template Cloud forensic challenge highlighted by this use case: Title of use case: Description of use case: Forensic evidence relevant to use case: Relevance to the cloud forensic challenge: The role of each cloud stakeholder in the forensic investigation: Cloud Service Consumer (Enterprise): Cloud Service Consumer (Individual): Cloud Service Provider: Cloud Broker (Technical): Cloud Broker (Business): Cloud Carrier: Cloud Auditor (Law enforcement): Cloud Auditor (Government regulators): Cloud Auditor (Accreditation & certification bodies): Cloud Auditor (Forensics lab practitioners): How do the cloud stakeholders work together in the forensic investigation? The role of client endpoints: What is effect of different cloud service/deployment models? IaaS Public: IaaS Private: IaaS Hybrid: IaaS Community: PaaS Public: PaaS Private: PaaS Hybrid: PaaS Community: SaaS Public: SaaS Private: SaaS Hybrid: SaaS Community: What technical, legal and best practices elements are needed to achieve a successful forensic investigation in this use case? Technical (technology and technical standards): Legal: Best practices: For the technical elements, what are the gaps in technology and standards?
  10. 10. NIST Cloud Computing Forum and Workshop VIII July 2015 Today’s Agenda •  Will focus on several of the top challenges –  Cloud E-Discovery –  Root of trust –  Deletion in the cloud –  Timestamp synchronization –  Data integrity & evidence preservation •  Will also discuss other areas of interest in cloud forensics –  Data governance in the cloud –  Forensics in stealth and dark clouds –  Cloud forensics architecture

×