SlideShare a Scribd company logo

Cloud Computing Forensic Science

David Sweigert
David Sweigert

NIST Cloud Computing Forum and Workshop VIII July 2015 Cloud Computing Forensic Science Posted as a courtesy by: Dave Sweigert CISA CISSP HCISPP PMP SEC+

Healthcare
1 of 10
NIST Cloud Computing Forum and Workshop VIII Dr. Martin Herman ITL Senior Advisor for Forensics and IT Information Technology Laboratory (ITL) National Institute of Standards & Technology
NIST Cloud Computing Forum and Workshop VIII July 2015 Cloud Computing Forensic Science •  Application of science and technology to investigation and establishment of facts of interest within cloud environments for –  Courtroom •  Criminal investigation and prosecution (e.g., child exploitation, drug dealings, terrorism, cyber attacks, data breaches, insider theft) •  Civil litigation (e.g., e-discovery in lawsuits, insurance claims) –  Regulatory compliance (e.g., auditing) –  Internal business policy violations •  Within an enterprise (e.g., HR privacy violations, employee computer misuse) –  Cybersecurity (incident response) •  Mitigate future cyber attacks, prevent system failure, minimize data loss
NIST Cloud Computing Forum and Workshop VIII July 2015 NIST Activities •  Chair of the Cloud Computing Forensic Science Working Group •  Long-term goals: –  Determine challenges in cloud forensics •  Forensics applied to artifacts/evidence found in the cloud (as opposed to using the cloud to perform forensic analysis on data from other sources) •  Identify, aggregate, analyze challenges –  Prioritize challenges –  Determine gaps in technology, standards and measurements to address these challenges –  Develop a roadmap to address these challenges
NIST Cloud Computing Forum and Workshop VIII 5. Lack of Transparency 4. Deletion in the Cloud 7. Use of Metadata 1. Confidentiality 3. E-Discovery 8. Geo-location 9. Data Integrity 10. Recovering Overwritten Data 6. Timestamp 2. Root of Trust 11. Data Chain of Custody 12.Chain of Dependencies13. Resource Seizure 14.Secure Provenance 15. Chain of Dependencies 16.Locating Evidence17.Evidence Identification
NIST Cloud Computing Forum and Workshop VIII Cloud Computing Forensic Science Challenges •  Challenges related to: Architecture e.g., Segregation of potential evidence in a multi-tenant system Data collection e.g., Recovery of deleted data in a shared and distributed virtual environment; e.g., E-Discovery Analysis of forensic data e.g., Evidence correlation across multiple cloud Providers Anti-forensics e.g., Malicious code may circumvent virtual machine isolation methods •  Challenges related to: Incident first responders e.g., Confidence, competence, and trustworthiness of the cloud providers to act as first-responders and perform data collection Role management e.g., Ease of anonymity and creating false personas online Legal issues e.g., Ease of anonymity and creating false personas online Standards e.g., Lack of test and validation procedures Training e.g., Lack of test and validation procedures
NIST Cloud Computing Forum and Workshop VIII July 2015 Mindmap (PRIMARY)
NIST Cloud Computing Forum and Workshop VIII July 2015 Assessment  of  Importance  
NIST Cloud Computing Forum and Workshop VIII Highest Priority Challenges & Scores 10 Confidentiality and PII 9 Root of trust 9 E-discovery 8 Deletion in the cloud 8 Lack of transparency 7 Timestamp synchronization 7 Use of metadata 7 Multiple venues and geolocations 7 Data integrity and evidence preservation 6 Recovering overwritten data 6 Cloud confiscation and resource seizure 6 Potential evidence segregation 6 Secure provenance 6 Data chain of custody 6 Chain of dependencies 6 Locating evidence 6 Locating storage media 6 Evidence identification 6 Dynamic storage 6 Live forensics 6 Resource abstraction 6 Ambiguous trust boundaries 6 Cloud training for investigators From  NIST  IR  8006:  DRAFT  NIST  Cloud  Compu1ng  Forensic  Science  Challenges   h;p://csrc.nist.gov/publica1ons/PubsNISTIRs.html      
NIST Cloud Computing Forum and Workshop VIII Use Case Template Cloud forensic challenge highlighted by this use case: Title of use case: Description of use case: Forensic evidence relevant to use case: Relevance to the cloud forensic challenge: The role of each cloud stakeholder in the forensic investigation: Cloud Service Consumer (Enterprise): Cloud Service Consumer (Individual): Cloud Service Provider: Cloud Broker (Technical): Cloud Broker (Business): Cloud Carrier: Cloud Auditor (Law enforcement): Cloud Auditor (Government regulators): Cloud Auditor (Accreditation & certification bodies): Cloud Auditor (Forensics lab practitioners): How do the cloud stakeholders work together in the forensic investigation? The role of client endpoints: What is effect of different cloud service/deployment models? IaaS Public: IaaS Private: IaaS Hybrid: IaaS Community: PaaS Public: PaaS Private: PaaS Hybrid: PaaS Community: SaaS Public: SaaS Private: SaaS Hybrid: SaaS Community: What technical, legal and best practices elements are needed to achieve a successful forensic investigation in this use case? Technical (technology and technical standards): Legal: Best practices: For the technical elements, what are the gaps in technology and standards?
NIST Cloud Computing Forum and Workshop VIII July 2015 Today’s Agenda •  Will focus on several of the top challenges –  Cloud E-Discovery –  Root of trust –  Deletion in the cloud –  Timestamp synchronization –  Data integrity & evidence preservation •  Will also discuss other areas of interest in cloud forensics –  Data governance in the cloud –  Forensics in stealth and dark clouds –  Cloud forensics architecture

Recommended

Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
The Trouble with Cloud Forensics
The Trouble with Cloud ForensicsThe Trouble with Cloud Forensics
The Trouble with Cloud Forensics
Sharique Rizvi
 
Challenges of Cloud Forensics.pptx
Challenges of Cloud Forensics.pptxChallenges of Cloud Forensics.pptx
Challenges of Cloud Forensics.pptx
ShehanSanjula
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
anupriti
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Govind Maheswaran
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
Jake K.
 

Recommended

Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
The Trouble with Cloud Forensics
The Trouble with Cloud ForensicsThe Trouble with Cloud Forensics
The Trouble with Cloud Forensics
Sharique Rizvi
 
Challenges of Cloud Forensics.pptx
Challenges of Cloud Forensics.pptxChallenges of Cloud Forensics.pptx
Challenges of Cloud Forensics.pptx
ShehanSanjula
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
anupriti
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
Govind Maheswaran
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
AlienVault
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Ninh Nguyen
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
Jake K.
 
SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
SHRIYARAI4
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Incident response process
Incident response processIncident response process
Incident response process
Bhupeshkumar Nanhe
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
hashnees
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Web application firewall
Web application firewallWeb application firewall
Web application firewall
Aju Thomas
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 

More Related Content

What's hot

SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
SHRIYARAI4
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
mohamed nasri
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
Priyanka Aash
 
Incident response process
Incident response processIncident response process
Incident response process
Bhupeshkumar Nanhe
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
Evolve IP
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
Camilo Fandiño Gómez
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
n|u - The Open Security Community
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
Amy McMullin
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
DARSHANBHAVSAR14
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
hashnees
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
Tripwire
 
Web application firewall
Web application firewallWeb application firewall
Web application firewall
Aju Thomas
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
Sqrrl
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
Shah Sheikh
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
Devyani Vaidya
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
Sylvain Martinez
 

What's hot (20)

SIEM : Security Information and Event Management
SIEM : Security Information and Event Management SIEM : Security Information and Event Management
SIEM : Security Information and Event Management
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
From SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity ChasmFrom SIEM to SOC: Crossing the Cybersecurity Chasm
From SIEM to SOC: Crossing the Cybersecurity Chasm
 
Incident response process
Incident response processIncident response process
Incident response process
 
Cyber Security Best Practices
Cyber Security Best PracticesCyber Security Best Practices
Cyber Security Best Practices
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Security Information Event Management - nullhyd
Security Information Event Management - nullhydSecurity Information Event Management - nullhyd
Security Information Event Management - nullhyd
 
Chapter 1 Presentation
Chapter 1 PresentationChapter 1 Presentation
Chapter 1 Presentation
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
McAfee SIEM solution
McAfee SIEM solution McAfee SIEM solution
McAfee SIEM solution
 
The Zero Trust Model of Information Security
The Zero Trust Model of Information Security The Zero Trust Model of Information Security
The Zero Trust Model of Information Security
 
Web application firewall
Web application firewallWeb application firewall
Web application firewall
 
Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)Building a Next-Generation Security Operations Center (SOC)
Building a Next-Generation Security Operations Center (SOC)
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)DTS Solution - Building a SOC (Security Operations Center)
DTS Solution - Building a SOC (Security Operations Center)
 
cloud security ppt
cloud security ppt cloud security ppt
cloud security ppt
 
INCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEWINCIDENT RESPONSE OVERVIEW
INCIDENT RESPONSE OVERVIEW
 

Similar to Cloud Computing Forensic Science

Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
IJERA Editor
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
Challenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingChallenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computing
Brandix India Apparel City Pvt Ltd.
 
Cyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdfCyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdf
shyamv3005
 
Cyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdfCyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdf
amallblitz0
 
cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..
mohammadbinshad332
 
Cyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz AcademyCyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz Academy
trashbin306
 
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
sharinblitz
 
Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...
Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...
Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...
Marco Casassa Mont
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityTech and Law Center
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
Cloud Standards Customer Council
 
SafeGov Cloud and Law Enforcement event - 31Jan13
SafeGov Cloud and Law Enforcement event - 31Jan13SafeGov Cloud and Law Enforcement event - 31Jan13
SafeGov Cloud and Law Enforcement event - 31Jan13
Rick Holgate
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016
Elsa Prieto
 
Challenges and Proposed Solutions for Cloud Forensic
Challenges and Proposed Solutions for Cloud ForensicChallenges and Proposed Solutions for Cloud Forensic
Challenges and Proposed Solutions for Cloud Forensic
IJERA Editor
 
Research, the Cloud, and the IRB
Research, the Cloud, and the IRBResearch, the Cloud, and the IRB
Research, the Cloud, and the IRBMichael Zimmer
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
Ulf Mattsson
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is CloudWilliam Lam
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Hector Del Castillo, CPM, CPMM
 
Judicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud ComputingJudicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud Computing
International Journal of Science and Research (IJSR)
 

Similar to Cloud Computing Forensic Science (20)

Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed SolutionCloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
Cloud Forensics: Drawbacks in Current Methodologies and Proposed Solution
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
Challenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computingChallenges of IP protection in era of cloud computing
Challenges of IP protection in era of cloud computing
 
Cyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdfCyber security course near me | Cyber security institute near me.pdf
Cyber security course near me | Cyber security institute near me.pdf
 
Cyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdfCyber security course in Kerala, Kochi.pdf
Cyber security course in Kerala, Kochi.pdf
 
cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..cyber forensic courses in kerala,kochi..
cyber forensic courses in kerala,kochi..
 
Cyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz AcademyCyber security course in kerala | C|HFI | Blitz Academy
Cyber security course in kerala | C|HFI | Blitz Academy
 
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
" Become a Certified Ethical Hacker at Blitz Academy | Near Me"
 
Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...
Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...
Cloud Computing: Security, Privacy and Trust Aspects across Public and Privat...
 
The Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the SingularityThe Death Of Computer Forensics: Digital Forensics After the Singularity
The Death Of Computer Forensics: Digital Forensics After the Singularity
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
 
SafeGov Cloud and Law Enforcement event - 31Jan13
SafeGov Cloud and Law Enforcement event - 31Jan13SafeGov Cloud and Law Enforcement event - 31Jan13
SafeGov Cloud and Law Enforcement event - 31Jan13
 
Witdom overview 2016
Witdom overview 2016Witdom overview 2016
Witdom overview 2016
 
Challenges and Proposed Solutions for Cloud Forensic
Challenges and Proposed Solutions for Cloud ForensicChallenges and Proposed Solutions for Cloud Forensic
Challenges and Proposed Solutions for Cloud Forensic
 
Research, the Cloud, and the IRB
Research, the Cloud, and the IRBResearch, the Cloud, and the IRB
Research, the Cloud, and the IRB
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is Cloud
 
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMMCloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
Cloud01: Best Practices for Virtual Cloud Security - H. Del Castillo, AIPMM
 
Judicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud ComputingJudicial Frameworks and Privacy Issues of Cloud Computing
Judicial Frameworks and Privacy Issues of Cloud Computing
 

More from David Sweigert

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
David Sweigert
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
David Sweigert
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
David Sweigert
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
David Sweigert
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
David Sweigert
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
David Sweigert
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
David Sweigert
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
David Sweigert
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
David Sweigert
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
David Sweigert
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
David Sweigert
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
David Sweigert
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
David Sweigert
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
David Sweigert
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
David Sweigert
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
David Sweigert
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
David Sweigert
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
David Sweigert
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
David Sweigert
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
David Sweigert
 

More from David Sweigert (20)

The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
The hacking methods of the Singularity Event doomsday cult (TYLER A.I.)
 
Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting Law Enforcement Cyber Incident Reporting
Law Enforcement Cyber Incident Reporting
 
Sample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark AnalysisSample Network Analysis Report based on Wireshark Analysis
Sample Network Analysis Report based on Wireshark Analysis
 
National Cyber Security Awareness Month poster
National Cyber Security Awareness Month posterNational Cyber Security Awareness Month poster
National Cyber Security Awareness Month poster
 
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner Department of Defense standard 8570 - CompTia Advanced Security Practitioner
Department of Defense standard 8570 - CompTia Advanced Security Practitioner
 
National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017National Cyber Security Awareness Month - October 2017
National Cyber Security Awareness Month - October 2017
 
California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9California Attorney General Notification Penal Code 646.9
California Attorney General Notification Penal Code 646.9
 
Congressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber SecurityCongressional support of Ethical Hacking and Cyber Security
Congressional support of Ethical Hacking and Cyber Security
 
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
EXAM NOTES for DOD Standard 8570 CompTia Advanced Security Practitioner (CASP)
 
Application of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking ThreatsApplication of Racketeering Law to Suppress CrowdStalking Threats
Application of Racketeering Law to Suppress CrowdStalking Threats
 
Canada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector ChartCanada Communications Security Establishment - Threat Vector Chart
Canada Communications Security Establishment - Threat Vector Chart
 
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
Port of Charleston evacuation case study: The cognitive threat of conspiracy ...
 
Cyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public CommentCyber Incident Response Team NIMS Public Comment
Cyber Incident Response Team NIMS Public Comment
 
Cyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public CommentCyber Incident Response Team - NIMS - Public Comment
Cyber Incident Response Team - NIMS - Public Comment
 
National Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFTNational Incident Management System (NIMS) NQS DRAFT
National Incident Management System (NIMS) NQS DRAFT
 
National Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public FeedbackNational Incident Management System - NQS Public Feedback
National Incident Management System - NQS Public Feedback
 
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERTNursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
Nursing meets Hacking -- Medical Computer Emergency Response Teams -- MedCERT
 
National Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd editionNational Preparedness Goals 2015 2nd edition
National Preparedness Goals 2015 2nd edition
 
Healthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness PlanHealthcare Sector-wide Disaster Prepardness Plan
Healthcare Sector-wide Disaster Prepardness Plan
 
Cyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHSCyber Risk Assessment for the Emergency Services Sector - DHS
Cyber Risk Assessment for the Emergency Services Sector - DHS
 

Recently uploaded

Yemen National Tuberculosis Program .ppt
Yemen National Tuberculosis Program .pptYemen National Tuberculosis Program .ppt
Yemen National Tuberculosis Program .ppt
Esam43
 
Health Education on prevention of hypertension
Health Education on prevention of hypertensionHealth Education on prevention of hypertension
Health Education on prevention of hypertension
Radhika kulvi
 
How many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdfHow many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdf
pubrica101
 
10 Ideas for Enhancing Your Meeting Experience
10 Ideas for Enhancing Your Meeting Experience10 Ideas for Enhancing Your Meeting Experience
10 Ideas for Enhancing Your Meeting Experience
ranishasharma67
 
ABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROMEABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROME
Rommel Luis III Israel
 
India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...
India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...
India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...
Kumar Satyam
 
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
pchutichetpong
 
Essential Metrics for Palliative Care Management
Essential Metrics for Palliative Care ManagementEssential Metrics for Palliative Care Management
Essential Metrics for Palliative Care Management
Care Coordinations
 
Introduction to Forensic Pathology course
Introduction to Forensic Pathology courseIntroduction to Forensic Pathology course
Introduction to Forensic Pathology course
fprxsqvnz5
 
Neuro Saphirex Cranial Brochure
Neuro Saphirex Cranial BrochureNeuro Saphirex Cranial Brochure
Neuro Saphirex Cranial Brochure
RXOOM Healthcare Pvt. Ltd. ​
 
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
ranishasharma67
 
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
ranishasharma67
 
Myopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptxMyopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptx
RitonDeb1
 
Telehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptxTelehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptx
The Harvest Clinic
 
Antibiotic Stewardship by Anushri Srivastava.pptx
Antibiotic Stewardship by Anushri Srivastava.pptxAntibiotic Stewardship by Anushri Srivastava.pptx
Antibiotic Stewardship by Anushri Srivastava.pptx
AnushriSrivastav
 
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptxGLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
priyabhojwani1200
 
A Community health , health for prisoners
A Community health , health for prisonersA Community health , health for prisoners
A Community health , health for prisoners
Ahmed Elmi
 
The Importance of Community Nursing Care.pdf
The Importance of Community Nursing Care.pdfThe Importance of Community Nursing Care.pdf
The Importance of Community Nursing Care.pdf
AD Healthcare
 
.Metabolic.disordersYYSSSFFSSSSSSSSSSDDD
.Metabolic.disordersYYSSSFFSSSSSSSSSSDDD.Metabolic.disordersYYSSSFFSSSSSSSSSSDDD
.Metabolic.disordersYYSSSFFSSSSSSSSSSDDD
samahesh1
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
rajkumar669520
 

Recently uploaded (20)

Yemen National Tuberculosis Program .ppt
Yemen National Tuberculosis Program .pptYemen National Tuberculosis Program .ppt
Yemen National Tuberculosis Program .ppt
 
Health Education on prevention of hypertension
Health Education on prevention of hypertensionHealth Education on prevention of hypertension
Health Education on prevention of hypertension
 
How many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdfHow many patients does case series should have In comparison to case reports.pdf
How many patients does case series should have In comparison to case reports.pdf
 
10 Ideas for Enhancing Your Meeting Experience
10 Ideas for Enhancing Your Meeting Experience10 Ideas for Enhancing Your Meeting Experience
10 Ideas for Enhancing Your Meeting Experience
 
ABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROMEABDOMINAL COMPARTMENT SYSNDROME
ABDOMINAL COMPARTMENT SYSNDROME
 
India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...
India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...
India Clinical Trials Market: Industry Size and Growth Trends [2030] Analyzed...
 
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...Medical Technology Tackles New Health Care Demand - Research Report - March 2...
Medical Technology Tackles New Health Care Demand - Research Report - March 2...
 
Essential Metrics for Palliative Care Management
Essential Metrics for Palliative Care ManagementEssential Metrics for Palliative Care Management
Essential Metrics for Palliative Care Management
 
Introduction to Forensic Pathology course
Introduction to Forensic Pathology courseIntroduction to Forensic Pathology course
Introduction to Forensic Pathology course
 
Neuro Saphirex Cranial Brochure
Neuro Saphirex Cranial BrochureNeuro Saphirex Cranial Brochure
Neuro Saphirex Cranial Brochure
 
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
Haridwar ❤CALL Girls 🔝 89011★83002 🔝 ❤ℂall Girls IN Haridwar ESCORT SERVICE❤
 
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
 
Myopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptxMyopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptx
 
Telehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptxTelehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptx
 
Antibiotic Stewardship by Anushri Srivastava.pptx
Antibiotic Stewardship by Anushri Srivastava.pptxAntibiotic Stewardship by Anushri Srivastava.pptx
Antibiotic Stewardship by Anushri Srivastava.pptx
 
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptxGLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
 
A Community health , health for prisoners
A Community health , health for prisonersA Community health , health for prisoners
A Community health , health for prisoners
 
The Importance of Community Nursing Care.pdf
The Importance of Community Nursing Care.pdfThe Importance of Community Nursing Care.pdf
The Importance of Community Nursing Care.pdf
 
.Metabolic.disordersYYSSSFFSSSSSSSSSSDDD
.Metabolic.disordersYYSSSFFSSSSSSSSSSDDD.Metabolic.disordersYYSSSFFSSSSSSSSSSDDD
.Metabolic.disordersYYSSSFFSSSSSSSSSSDDD
 
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
 

Cloud Computing Forensic Science

  • 1. NIST Cloud Computing Forum and Workshop VIII Dr. Martin Herman ITL Senior Advisor for Forensics and IT Information Technology Laboratory (ITL) National Institute of Standards & Technology
  • 2. NIST Cloud Computing Forum and Workshop VIII July 2015 Cloud Computing Forensic Science •  Application of science and technology to investigation and establishment of facts of interest within cloud environments for –  Courtroom •  Criminal investigation and prosecution (e.g., child exploitation, drug dealings, terrorism, cyber attacks, data breaches, insider theft) •  Civil litigation (e.g., e-discovery in lawsuits, insurance claims) –  Regulatory compliance (e.g., auditing) –  Internal business policy violations •  Within an enterprise (e.g., HR privacy violations, employee computer misuse) –  Cybersecurity (incident response) •  Mitigate future cyber attacks, prevent system failure, minimize data loss
  • 3. NIST Cloud Computing Forum and Workshop VIII July 2015 NIST Activities •  Chair of the Cloud Computing Forensic Science Working Group •  Long-term goals: –  Determine challenges in cloud forensics •  Forensics applied to artifacts/evidence found in the cloud (as opposed to using the cloud to perform forensic analysis on data from other sources) •  Identify, aggregate, analyze challenges –  Prioritize challenges –  Determine gaps in technology, standards and measurements to address these challenges –  Develop a roadmap to address these challenges
  • 4. NIST Cloud Computing Forum and Workshop VIII 5. Lack of Transparency 4. Deletion in the Cloud 7. Use of Metadata 1. Confidentiality 3. E-Discovery 8. Geo-location 9. Data Integrity 10. Recovering Overwritten Data 6. Timestamp 2. Root of Trust 11. Data Chain of Custody 12.Chain of Dependencies13. Resource Seizure 14.Secure Provenance 15. Chain of Dependencies 16.Locating Evidence17.Evidence Identification
  • 5. NIST Cloud Computing Forum and Workshop VIII Cloud Computing Forensic Science Challenges •  Challenges related to: Architecture e.g., Segregation of potential evidence in a multi-tenant system Data collection e.g., Recovery of deleted data in a shared and distributed virtual environment; e.g., E-Discovery Analysis of forensic data e.g., Evidence correlation across multiple cloud Providers Anti-forensics e.g., Malicious code may circumvent virtual machine isolation methods •  Challenges related to: Incident first responders e.g., Confidence, competence, and trustworthiness of the cloud providers to act as first-responders and perform data collection Role management e.g., Ease of anonymity and creating false personas online Legal issues e.g., Ease of anonymity and creating false personas online Standards e.g., Lack of test and validation procedures Training e.g., Lack of test and validation procedures
  • 6. NIST Cloud Computing Forum and Workshop VIII July 2015 Mindmap (PRIMARY)
  • 7. NIST Cloud Computing Forum and Workshop VIII July 2015 Assessment  of  Importance  
  • 8. NIST Cloud Computing Forum and Workshop VIII Highest Priority Challenges & Scores 10 Confidentiality and PII 9 Root of trust 9 E-discovery 8 Deletion in the cloud 8 Lack of transparency 7 Timestamp synchronization 7 Use of metadata 7 Multiple venues and geolocations 7 Data integrity and evidence preservation 6 Recovering overwritten data 6 Cloud confiscation and resource seizure 6 Potential evidence segregation 6 Secure provenance 6 Data chain of custody 6 Chain of dependencies 6 Locating evidence 6 Locating storage media 6 Evidence identification 6 Dynamic storage 6 Live forensics 6 Resource abstraction 6 Ambiguous trust boundaries 6 Cloud training for investigators From  NIST  IR  8006:  DRAFT  NIST  Cloud  Compu1ng  Forensic  Science  Challenges   h;p://csrc.nist.gov/publica1ons/PubsNISTIRs.html      
  • 9. NIST Cloud Computing Forum and Workshop VIII Use Case Template Cloud forensic challenge highlighted by this use case: Title of use case: Description of use case: Forensic evidence relevant to use case: Relevance to the cloud forensic challenge: The role of each cloud stakeholder in the forensic investigation: Cloud Service Consumer (Enterprise): Cloud Service Consumer (Individual): Cloud Service Provider: Cloud Broker (Technical): Cloud Broker (Business): Cloud Carrier: Cloud Auditor (Law enforcement): Cloud Auditor (Government regulators): Cloud Auditor (Accreditation & certification bodies): Cloud Auditor (Forensics lab practitioners): How do the cloud stakeholders work together in the forensic investigation? The role of client endpoints: What is effect of different cloud service/deployment models? IaaS Public: IaaS Private: IaaS Hybrid: IaaS Community: PaaS Public: PaaS Private: PaaS Hybrid: PaaS Community: SaaS Public: SaaS Private: SaaS Hybrid: SaaS Community: What technical, legal and best practices elements are needed to achieve a successful forensic investigation in this use case? Technical (technology and technical standards): Legal: Best practices: For the technical elements, what are the gaps in technology and standards?
  • 10. NIST Cloud Computing Forum and Workshop VIII July 2015 Today’s Agenda •  Will focus on several of the top challenges –  Cloud E-Discovery –  Root of trust –  Deletion in the cloud –  Timestamp synchronization –  Data integrity & evidence preservation •  Will also discuss other areas of interest in cloud forensics –  Data governance in the cloud –  Forensics in stealth and dark clouds –  Cloud forensics architecture