SlideShare a Scribd company logo

Adding event reconstruction to a cloud forensic readiness

Download as PPTX, PDF
Victor Kebande
Victor Kebande

Presentation at the ICSA Lab

Technology
1 of 13
Adding Event Reconstruction to a Cloud Forensic Readiness Model Presenter: V.R Kebande Supervisor: Prof Hein.S. Venter University of Pretoria
What is the focus of Digital Investigations Currently?  Searching for Digital Evidence  Collection of Digital Evidence  Examining the Properties of Collected Evidence. But why is that Evidence Really Evidence? Important Aspect: Need to Identify what CAUSED Evidence to have the properties it has. Introduction
ER examines and analyses the evidence to identify why it has its characteristics [Carrier & Spafford, 2004]. ER will pose the following questions:  Why Evidence has the properties  Where could they have come from?  When were they created? This may help to create a hypothesis for a DFI Reconstruction identifies events for which evidence exist to support their occurrence. What is Event Reconstruction
 Forensic Readiness-Maximizing an environment’s ability to collect credible Digital Evidence.  Minimizing the cost of forensic investigation during incident response [Rowlingson, 2004]  ISO/IEC 27043-”occurs before incident detection” A Cloud Forensic Readiness Model
 Proactive Approach  Retaining Critical Information  Collecting appropriate Digital Evidence So, How can a Cloud be Forensically Ready?
High-level view of the Model
 What is involved? Event reconstruction Event reconstruction Process  High-level Process  Detailed process Proposed Enhanced Cloud Forensic readiness Model
Enhanced Cloud Forensic Readiness Model
Reconstruction Reconstruction Process
P S A1 A2 A3 An Wi Xi yi Znei (Clu_N) (Clu_N) (Clu_N) (Clu_N) Event search function
Similarity measure between events represented by Minkowskis’ distance function A,B-Events p=1,2…to ∞ is [comparative metric for suitable distance metric between events] dMD-Is the distance metric for Minkowski Distance Similarity Measure ),( BAd MD pp n i ii BA ||1  
Event reconstruction based on the distance function help achieve the following:  To be able to distinguish one event from the other  Predict behaviour of events  Distinguish one event from the other through focusing on the relationship between them  Enables a discovery of the structure of events Using distance metric
 The ECFR can still be extended. Conclusion

Recommended

Oozma kappa
Oozma kappaOozma kappa
Oozma kappaSahara Ali
 
Towards a High-Performance National Research Platform Enabling Digital Research
Towards a High-Performance National Research Platform Enabling Digital ResearchTowards a High-Performance National Research Platform Enabling Digital Research
Towards a High-Performance National Research Platform Enabling Digital ResearchLarry Smarr
 
Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...
Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...
Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...EarthCube
 
High Performance Collaboration – The Jump to Light Speed
High Performance Collaboration – The Jump to Light SpeedHigh Performance Collaboration – The Jump to Light Speed
High Performance Collaboration – The Jump to Light SpeedLarry Smarr
 
Cloud Application Logging for Forensics
Cloud Application Logging for ForensicsCloud Application Logging for Forensics
Cloud Application Logging for ForensicsRaffael Marty
 
11.cyber forensics in cloud computing
11.cyber forensics in cloud computing11.cyber forensics in cloud computing
11.cyber forensics in cloud computingAlexander Decker
 
Cloud Forensics- An IS Approach
Cloud Forensics- An IS ApproachCloud Forensics- An IS Approach
Cloud Forensics- An IS ApproachIOSR Journals
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science David Sweigert
 

Recommended

Oozma kappa
Oozma kappaOozma kappa
Oozma kappaSahara Ali
 
Towards a High-Performance National Research Platform Enabling Digital Research
Towards a High-Performance National Research Platform Enabling Digital ResearchTowards a High-Performance National Research Platform Enabling Digital Research
Towards a High-Performance National Research Platform Enabling Digital ResearchLarry Smarr
 
Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...
Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...
Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...EarthCube
 
High Performance Collaboration – The Jump to Light Speed
High Performance Collaboration – The Jump to Light SpeedHigh Performance Collaboration – The Jump to Light Speed
High Performance Collaboration – The Jump to Light SpeedLarry Smarr
 
Cloud Application Logging for Forensics
Cloud Application Logging for ForensicsCloud Application Logging for Forensics
Cloud Application Logging for ForensicsRaffael Marty
 
11.cyber forensics in cloud computing
11.cyber forensics in cloud computing11.cyber forensics in cloud computing
11.cyber forensics in cloud computingAlexander Decker
 
Cloud Forensics- An IS Approach
Cloud Forensics- An IS ApproachCloud Forensics- An IS Approach
Cloud Forensics- An IS ApproachIOSR Journals
 
Cloud Computing Forensic Science
Cloud Computing Forensic Science Cloud Computing Forensic Science
Cloud Computing Forensic Science David Sweigert
 
Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingPriyanka Aash
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsSandeep Saxena
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningValdez Ladd MBA, CISSP, CISA,
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
The Cloud: Privacy and Forensics
The Cloud: Privacy and ForensicsThe Cloud: Privacy and Forensics
The Cloud: Privacy and ForensicsInfo_Studies_Aberystwyth
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropboxINSIGHT FORENSIC
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Quantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace IndustryQuantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace IndustryIntaver Insititute
 
A Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessA Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessEditor IJCATR
 
Project Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace IndustryProject Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace IndustryIntaver Insititute
 
Mythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event ProcessingMythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event ProcessingTim Bass
 
reducing firearms based on deep learning
reducing firearms based on deep learningreducing firearms based on deep learning
reducing firearms based on deep learningkonkalasilpa1319
 
DF Process Models
DF Process ModelsDF Process Models
DF Process ModelsCostas Katsavounidis
 
Bs4301396400
Bs4301396400Bs4301396400
Bs4301396400IJERA Editor
 
An Overview and Classification of Approaches to Information Extraction in Wir...
An Overview and Classification of Approaches to Information Extraction in Wir...An Overview and Classification of Approaches to Information Extraction in Wir...
An Overview and Classification of Approaches to Information Extraction in Wir...M H
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelCSCJournals
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer ForensicEditor IJCTER
 
eventdemo2016
eventdemo2016eventdemo2016
eventdemo2016Rachel Guan
 
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEWFORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEWcscpconf
 
National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context Bank Alfalah Limited
 
Real Time Crime Detection using Deep Learning
Real Time Crime Detection using Deep LearningReal Time Crime Detection using Deep Learning
Real Time Crime Detection using Deep LearningIRJET Journal
 
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...IJwest
 

More Related Content

Viewers also liked

Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingPriyanka Aash
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsSandeep Saxena
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensicssdavis532
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropboxINSIGHT FORENSIC
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 

Viewers also liked (7)

Memory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computingMemory forensics using VMI for cloud computing
Memory forensics using VMI for cloud computing
 
Cloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security MetricsCloud Monitoring And Forensic Using Security Metrics
Cloud Monitoring And Forensic Using Security Metrics
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Cloud Forensics
Cloud ForensicsCloud Forensics
Cloud Forensics
 
The Cloud: Privacy and Forensics
The Cloud: Privacy and ForensicsThe Cloud: Privacy and Forensics
The Cloud: Privacy and Forensics
 
(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox(130928) #fitalk cloud storage forensics - dropbox
(130928) #fitalk cloud storage forensics - dropbox
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 

Similar to Adding event reconstruction to a cloud forensic readiness

Quantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace IndustryQuantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace IndustryIntaver Insititute
 
A Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessA Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessEditor IJCATR
 
Project Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace IndustryProject Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace IndustryIntaver Insititute
 
Mythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event ProcessingMythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event ProcessingTim Bass
 
reducing firearms based on deep learning
reducing firearms based on deep learningreducing firearms based on deep learning
reducing firearms based on deep learningkonkalasilpa1319
 
An Overview and Classification of Approaches to Information Extraction in Wir...
An Overview and Classification of Approaches to Information Extraction in Wir...An Overview and Classification of Approaches to Information Extraction in Wir...
An Overview and Classification of Approaches to Information Extraction in Wir...M H
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelCSCJournals
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer ForensicEditor IJCTER
 
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEWFORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEWcscpconf
 
National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context Bank Alfalah Limited
 
Real Time Crime Detection using Deep Learning
Real Time Crime Detection using Deep LearningReal Time Crime Detection using Deep Learning
Real Time Crime Detection using Deep LearningIRJET Journal
 
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...IJwest
 
Event detection and summarization based on social networks and semantic query...
Event detection and summarization based on social networks and semantic query...Event detection and summarization based on social networks and semantic query...
Event detection and summarization based on social networks and semantic query...ijnlc
 
Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006Tim Bass
 
Information Fusion Methods for Location Data Analysis
Information Fusion Methods for Location Data AnalysisInformation Fusion Methods for Location Data Analysis
Information Fusion Methods for Location Data AnalysisAlket Cecaj
 
ICRA: Intelligent Platform for Collaboration and Interaction
ICRA: Intelligent Platform for Collaboration and InteractionICRA: Intelligent Platform for Collaboration and Interaction
ICRA: Intelligent Platform for Collaboration and InteractionLukas Tencer
 

Similar to Adding event reconstruction to a cloud forensic readiness (20)

Quantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace IndustryQuantiative Risk Analysis for the Aerospace Industry
Quantiative Risk Analysis for the Aerospace Industry
 
A Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation ProcessA Proactive Approach in Network Forensic Investigation Process
A Proactive Approach in Network Forensic Investigation Process
 
Project Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace IndustryProject Risk Analysis in Aerospace Industry
Project Risk Analysis in Aerospace Industry
 
Mythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event ProcessingMythbusters: Event Stream Processing v. Complex Event Processing
Mythbusters: Event Stream Processing v. Complex Event Processing
 
reducing firearms based on deep learning
reducing firearms based on deep learningreducing firearms based on deep learning
reducing firearms based on deep learning
 
DF Process Models
DF Process ModelsDF Process Models
DF Process Models
 
Bs4301396400
Bs4301396400Bs4301396400
Bs4301396400
 
An Overview and Classification of Approaches to Information Extraction in Wir...
An Overview and Classification of Approaches to Information Extraction in Wir...An Overview and Classification of Approaches to Information Extraction in Wir...
An Overview and Classification of Approaches to Information Extraction in Wir...
 
Systematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation ModelSystematic Digital Forensic Investigation Model
Systematic Digital Forensic Investigation Model
 
Review on Computer Forensic
Review on Computer ForensicReview on Computer Forensic
Review on Computer Forensic
 
eventdemo2016
eventdemo2016eventdemo2016
eventdemo2016
 
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEWFORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
 
National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context National framework for digital forensics bangladesh context
National framework for digital forensics bangladesh context
 
Real Time Crime Detection using Deep Learning
Real Time Crime Detection using Deep LearningReal Time Crime Detection using Deep Learning
Real Time Crime Detection using Deep Learning
 
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...
 
Event detection and summarization based on social networks and semantic query...
Event detection and summarization based on social networks and semantic query...Event detection and summarization based on social networks and semantic query...
Event detection and summarization based on social networks and semantic query...
 
EENA 2021 - Improving public safety with smart cities and Internet of Things ...
EENA 2021 - Improving public safety with smart cities and Internet of Things ...EENA 2021 - Improving public safety with smart cities and Internet of Things ...
EENA 2021 - Improving public safety with smart cities and Internet of Things ...
 
Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006Proposed Event Processing Definitions ,September 20, 2006
Proposed Event Processing Definitions ,September 20, 2006
 
Information Fusion Methods for Location Data Analysis
Information Fusion Methods for Location Data AnalysisInformation Fusion Methods for Location Data Analysis
Information Fusion Methods for Location Data Analysis
 
ICRA: Intelligent Platform for Collaboration and Interaction
ICRA: Intelligent Platform for Collaboration and InteractionICRA: Intelligent Platform for Collaboration and Interaction
ICRA: Intelligent Platform for Collaboration and Interaction
 

Recently uploaded

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKJago de Vreede
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 

Adding event reconstruction to a cloud forensic readiness

  • 1. Adding Event Reconstruction to a Cloud Forensic Readiness Model Presenter: V.R Kebande Supervisor: Prof Hein.S. Venter University of Pretoria
  • 2. What is the focus of Digital Investigations Currently?  Searching for Digital Evidence  Collection of Digital Evidence  Examining the Properties of Collected Evidence. But why is that Evidence Really Evidence? Important Aspect: Need to Identify what CAUSED Evidence to have the properties it has. Introduction
  • 3. ER examines and analyses the evidence to identify why it has its characteristics [Carrier & Spafford, 2004]. ER will pose the following questions:  Why Evidence has the properties  Where could they have come from?  When were they created? This may help to create a hypothesis for a DFI Reconstruction identifies events for which evidence exist to support their occurrence. What is Event Reconstruction
  • 4.  Forensic Readiness-Maximizing an environment’s ability to collect credible Digital Evidence.  Minimizing the cost of forensic investigation during incident response [Rowlingson, 2004]  ISO/IEC 27043-”occurs before incident detection” A Cloud Forensic Readiness Model
  • 5.  Proactive Approach  Retaining Critical Information  Collecting appropriate Digital Evidence So, How can a Cloud be Forensically Ready?
  • 6. High-level view of the Model
  • 7.  What is involved? Event reconstruction Event reconstruction Process  High-level Process  Detailed process Proposed Enhanced Cloud Forensic readiness Model
  • 8. Enhanced Cloud Forensic Readiness Model
  • 10. P S A1 A2 A3 An Wi Xi yi Znei (Clu_N) (Clu_N) (Clu_N) (Clu_N) Event search function
  • 11. Similarity measure between events represented by Minkowskis’ distance function A,B-Events p=1,2…to ∞ is [comparative metric for suitable distance metric between events] dMD-Is the distance metric for Minkowski Distance Similarity Measure ),( BAd MD pp n i ii BA ||1  
  • 12. Event reconstruction based on the distance function help achieve the following:  To be able to distinguish one event from the other  Predict behaviour of events  Distinguish one event from the other through focusing on the relationship between them  Enables a discovery of the structure of events Using distance metric
  • 13.  The ECFR can still be extended. Conclusion