Challenges in Cloud Forensics.
In this presentation we take a look at the following topics;
What is Cloud Computing ?
Types of Cloud & Cloud Services
What is Cloud Forensics?
Common Cloud Forensics Challenges?
Impact of the ChallengesExisting Methods & Tools
Limitations of Existing Methods
Future Developments
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and Systems – Understanding Computer Investigation – Data Acquisition.
Cloud Forensics...this presentation shows you the current state of progress and challenges that stand today in the world of CLOUD FORENSICS.Based on lots of Google search and whites by Josiah Dykstra and Alan Sherman.The presentation builds right from basics and compares the conflicting requirements between traditional and Clod Forensics.
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and Systems – Understanding Computer Investigation – Data Acquisition.
Cloud Forensics...this presentation shows you the current state of progress and challenges that stand today in the world of CLOUD FORENSICS.Based on lots of Google search and whites by Josiah Dykstra and Alan Sherman.The presentation builds right from basics and compares the conflicting requirements between traditional and Clod Forensics.
Cluster computing is a type of computing where a group of several computers are linked together, allowing the entire group of computers to behave as if it were a single entity. There are a wide variety of different reasons why people might use cluster computing for various computer tasks. It s also used to make sure that a computing system will always be available. It is unknown when this cluster computing concept was first developed, and several different organizations have claimed to have invented it.
A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.
Designed by Sanjay Ghemawat , Howard Gobioff and Shun-Tak Leung of Google in 2002-03.
Provides fault tolerance, serving large number of clients with high aggregate performance.
The field of Google is beyond the searching.
Google store the data in more than 15 thousands commodity hardware.
Handles the exceptions of Google and other Google specific challenges in their distributed file system.
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and Systems – Understanding Computer Investigation – Data Acquisition.
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
Cluster computing is a type of computing where a group of several computers are linked together, allowing the entire group of computers to behave as if it were a single entity. There are a wide variety of different reasons why people might use cluster computing for various computer tasks. It s also used to make sure that a computing system will always be available. It is unknown when this cluster computing concept was first developed, and several different organizations have claimed to have invented it.
A presentation given at the Glasgow Caledonian University, Digital Forensics Student Conference in 2014 discussing some of the technical challenges we face in cyber forensics and possible research areas.
Designed by Sanjay Ghemawat , Howard Gobioff and Shun-Tak Leung of Google in 2002-03.
Provides fault tolerance, serving large number of clients with high aggregate performance.
The field of Google is beyond the searching.
Google store the data in more than 15 thousands commodity hardware.
Handles the exceptions of Google and other Google specific challenges in their distributed file system.
INTRODUCTION TO COMPUTER FORENSICS
Introduction to Traditional Computer Crime, Traditional problems associated with Computer Crime. Introduction to Identity Theft & Identity Fraud. Types of CF techniques – Incident and incident response methodology – Forensic duplication and investigation. Preparation for IR: Creating response tool kit and IR team. – Forensics Technology and Systems – Understanding Computer Investigation – Data Acquisition.
Introduction to Cyber forensics: Information Security Investigations, Corporate Cyber Forensics, Scientific method in forensic analysis, investigating large scale Data breach cases.
Analyzing Malicious software.
Cloud Breach - Forensics Audit Planning
The goal of this presentation is to assist IT Risk and Security professionals with adding Cloud computing forensics to their Incident Response team.
It should assist them with understanding the technical ways of capturing forensic data from cloud service providers using security controls that incorporate and integrate logging, chain of evidence, virtualization and cloud security architecture
Today’s business world is using Cloud computing services to meet there mandate. Mobile. Computing includes services and deployment models. Services models are Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS) while deployment models are Public Cloud, Private Cloud, Community Cloud and Hybrid Cloud. Cloud Computing Services are prone to threat, vulnerabilities and security issues in general. However, these services come with enormous benefits. To enhance trust in use of cloud computing services, this research proposes to design a secure third party environment for accessing cloud computing services. Secure protocols and algorithms will be developed as well as carrying out experiments to support this.
Azure 101: Shared responsibility in the Azure CloudPaulo Renato
Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data.
Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
In the IoT scenario, things at the edge can create significantly large amounts of data. Fog Computing has recently emerged as the paradigm to address the needs of edge computing in the Internet of Things (IoT) and Industrial Internet of Things (IIoT) applications. In a Fog Computing environment, much of the processing would take place closer to the edge in a router device, rather than having to be transmitted to the Fog. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes.Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data and there have been instances when the password-based authentication has been manipulated to gain access into the data. Since the conventional methods such as passwords do not serve the purpose of data security, research worksare focused on biometric user authentication in fog computing environment. In this paper, we present biometric smartcard authentication to protect the fog computing environment.
BIOMETRIC SMARTCARD AUTHENTICATION FOR FOG COMPUTINGIJNSA Journal
In the IoT scenario, things at the edge can create significantly large amounts of data. Fog Computing has recently emerged as the paradigm to address the needs of edge computing in the Internet of Things (IoT) and Industrial Internet of Things (IIoT) applications. In a Fog Computing environment, much of the processing would take place closer to the edge in a router device, rather than having to be transmitted to the Fog. Authentication is an important issue for the security of fog computing since services are offered to massive-scale end users by front fog nodes.Fog computing faces new security and privacy challenges besides those inherited from cloud computing. Authentication helps to ensure and confirms a user's identity. The existing traditional password authentication does not provide enough security for the data and there have been instances when the password-based authentication has been manipulated to gain access into the data. Since the conventional methods such as passwords do not serve the purpose of data security, research worksare focused on biometric user authentication in fog computing environment. In this paper, we present biometric smartcard authentication to protect the fog computing environment.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
3. Content
3
2 4 6
7
5
3
What is Cloud
Computing ?
What is Cloud
Forensics?
Impact of the
Challenges
Types of Cloud & Cloud
Services
Common Cloud
Forensics Challenges?
Limitations of Existing
Methods
1
Existing Methods &
Tools
Future Developments
8
4. What is Cloud Computing ?
Cloud computing is a means of providing computing
services (including databases, servers, software, and
networking) via the internet, allowing the user to bypass
direct management of those systems. [1]
1
5. “
5
Types of Cloud
Private Cloud
Public Cloud
Hybrid Cloud
Main Types of Cloud Services
IaaS – Microsoft Azure | Cisco Metacloud
PaaS – OpenShift | AWS
SaaS - Cisco WebEx | GSuite
6. 2
What is Cloud Forensics?
“Cloud forensics is the application of digital forensics in
cloud computing as a subset of network forensics to
gather and preserve evidence in a way that is suitable
for presentation in a court of law.”[2]
Cloud Forensics Steps
8. “
8
Impact of the Challenges in
Identification Stage
1) Access to the Evidence in Logs
2) Unknown or Not Accessible Physical Location
9. “
9
Impact of the Challenges in
Collection & Preservation Stage
1) Multi-tenancy & Resource Sharing
2) Chain of Custody
3) Dependence on CSP [4]
10. “
10
Impact of the Jurisdictional
Challenges
1) Jurisdiction Challenges
Involvement of international & local law
enforcement parties
Bulletproof hosting
Right to access data
11. 5
Existing Methods for
Mitigating the Challenges
1) Resource Tagging
2) Isolating cloud instance & Sandboxing
3) RSA Signature [5]
4) SLA specifying the specific forensic Services
12. 7
Tools Using for
Challenge Mitigation
1) UFED Cloud Analyzer
2) FROST
•Google My Activity and Facebook
•iCloud and Google backup
•Uber, Lyft
•DJI drones
•API logs
•Guest firewall logs
•Virtual disks
•API logs
•Guest firewall logs
•Virtual disks
13. 6
Existing Methods
Limitations Related to Jurisdiction
1) International Commiunication and Cooperation
Limitation – Only effective for non urent invetigations
2) Foreign Jurisdiction Remote Examination
Limitation – Risk of damaging the target system
14. 8
Future Developments
1) Method of Evidence Collection and Provenance
Preservation for Cloud Using SDN and Blockchain
Technology [6].
2) Permission Block Chain Based Data Logging and
Integrity Management System for Cloud Forensics [7].
15. “
References
[1] https://www.talend.com/resources/what-is-cloud-computing/
[2] https://kumarshivam-66534.medium.com/cloud-forensics-be18e14230de
[3] A Systematic Survey on Cloud Forensics Challenges, Solutions, and Future Directions | ACM
Computing Surveys. (2022). ACM Computing Surveys (CSUR). Retrieved from
https://dl.acm.org/doi/fullHtml/10.1145/3361216
[4] Ruan, K., et al. Key Terms for Service Level Agreements to Support Cloud Forensics. in IFIP Int. Conf.
Digital Forensics. 2012. Springer.
[5] Lin, C.-H., C.Y. Lee, and T.-W. Wu, A cloud-aided RSA signature scheme for sealing and storing the
digital evidences in computer forensics. International journal of security and its Applications, 2012.
6(2): p. 241-244.
[6] M. Pourvahab and G. Ekbatanifard, "Digital Forensics Architecture for Evidence Collection and
Provenance Preservation in IaaS Cloud Environment Using SDN and Blockchain Technology," in IEEE
Access, vol. 7, pp. 153349-153364, 2019, doi: 10.1109/ACCESS.2019.2946978.
[7] Park, Jun & Park, Jun & Huh, Eui. (2017). Block Chain Based Data Logging and Integrity Management
System for Cloud Forensics. 149-159. 10.5121/csit.2017.71112.
15
In simple terms - Cloud computing is a way to remotely store and access data and programming that utilizes the internet rather than hosting information on your computer’s hard drive.
************************************
Private Cloud:
exclusively created and owned by a business.
managed on a private network.
private cloud could be on-site data centre, or even ask a third-party to host
Public Cloud:
Service is solely offered by a third-party like Microsoft Azure
manages all your hardware, software and other supporting infrastructure.
U can manage your services through your web browser.
Hybrid Cloud:
a perfect combination of public and private clouds
provides your business with more flexibility and will help optimise your current infrastructure, security and compliance.
**************************************************************************************************
Infrastructure as a Service (IaaS)
Provide IT infrastructure from a third-party cloud provider.
rent servers, network, storage, virtual machines and more.
Platform as a Service (PaaS)
offers an environment for you to develop, test, deliver and manage your software applications with ease.
provide storage, network and databases needed for ur developments.
Software as a Service (SaaS)
is a method for delivering your software applications over the internet.
cloud provider will host and manage the software application and infrastructure.
Most of the time it’s a subscription basis on–demand service
***************************************
cloud forensics is also just like any other forensics. Put into simple words, it means to collect and preserve the evidences that they are suitable to present in a court of law.
****************************
Identifying cloud forensics evidences is more complicated than the normal computer forensics evidence identification because of the Decentralized property of cloud.
If we take logs for an instance it provide the creation, storage, processing, and distribution of data across multiple data centres. The availability of cloud system logs are depending on the cloud service model. Therefore accessing the logs of a cloud is smtimes a challenge.
Unlike normal cyber forensics incidents, when it comes to cloud forensics, most of the time the data is not physically accessible. So, in evidence identification, it is a challenge for FI ppl.
******************************************************
Multitenancy means shared hosting, in which server resources are divided among different customers. Multitenancy is the opposite of single tenancy, where a software instance or computer system has 1 end user or group of users. So the challenge here is : since evidence could be located across several locations it makes evidence collection difficult. The distribution of evidence can be across multiple virtual hosts, physical machines, data centres and geographical and legal jurisdictions.
Chain of custody implies how the evidence was collected, analysed and preserved at the aim of presenting the evidence in admissible way at the court of law. Challenge is : the distributed and multi-layered nature of cloud make it harder to verify the chain of custody. Also the verification of how the logs were collected, generated and stores along with who had the access to the logs is also challenging to be verified.
Most CSPs r not motivated to aid FI cuz that could damage their reputation. In case of an incident, the cloud provider will focus upon restoring the service rather than preserving the evidence and handling it in a forensically sound manner. Moreover the integrity of evidence is also depending on the CSP.
************************************************************
Involvement of international & local law enforcement parties : Sometimes FI ppl may hv to work with both international & local law enforcement parties to carry out the investigation which is very time and resource consuming.
Bulletproof hosting : means storing illegal data in countries where it’s difficult for law enforcement agencies to take legal actions. Often located in corrupted countries where the country itself will provide lesser or no support in forensic investigation. Ukraine and Netherlands are two countries where law enforcement agencies can’t easily takedown.
Right to access data : in different jurisdictions which can be varied from place to place.
********************************************************
Unknown or not accessible physical location - The cloud resource consumers do the resource tagging to mark the information assets locations easily. Which can also be used by CSPs for their benefits. In other words when an incident occurs in a server that is in the other side of the world, it can be easier to handle all the laws, jurisdiction, chain of custody related challenges if that resource is been previously tagged. So it makes the investigation much easier.
Multi-tenancy and resource sharing - One technique is to place isolating evidence in a Sandbox. **Instance Relocation, where an incident can be moved inside the cloud. Server Farming, which can be used to re-route the request between user and node. **
Chain of custody - Can be used to verify the chain of custody and data integrity
Dependence on CSP + Jurisdiction Challenges - Good SLA guarantees benefit like accessibility and consistence.
UFED Cloud Analyzer is a windows-based extraction and analysis tool. It allows you to extract, preserve and analyze public and private domain, social-media data, instant messaging, file storage, web pages and other cloud-based content using a forensically sound process.
FROST is an OpenStack cloud computing platform forensics tool. It also requires no interaction with the operating system of guest virtual machines. And also the system is user-drive.
That means its not good for investigations against DOS or DDOS attack cuz in that case we need the answers fast in real time to mitigate the ongoing attack. Rason is there are lot of agencies and even time zones to be consider.
Damaging a system in a foreign jurisdiction is not good at all right.
What they did was actually, encrypt all the data based on the sensitivity level and stored in the cloud server. For encryption they hv used, Sensitivity Aware Deep Elliptic Curve Cryptography algorithm.
The proposed system is able to guarantee the integrity of data while processing more transactions than existing permission-less based blockchains.