Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Data Management

Mastering Windows Network Forensics and Investigation

advertisement 
Mastering Windows Network
Forensics and Investigation
Chapter 17: The Challenges of Cloud
Computing and Virtualization
Chapter Topics:
• Understand investigative
implications when virtualization
or cloud services are used
• Detect and acquire artifacts of
virtualization applications
• Detect and acquire pertinent data
from cloud services
What is Virtualization?
• Host-based
– An environment that exists in
specialized software within the host
system designed to emulate a
wholly separate OS with its own
resources
What is Virtualization?
• Server-based
– Environment is installed on top of
the host hardware layer to
maximizes system resources
• Hypervisor
– makes virtualization possible
• Type 1 – bare metal
• Type 2 – hosted
What is Virtualization?
• Type 1
• Type 2
Incident Response
• What is the scope of the network
• How is the environment
configured?
• What machines have been
compromised?
• What are their roles?
• Where are they?
Acquiring RAM
• Live Host-based Virtual
Environment
– Similar procedure as host system
• Methods
– FTK Imager Lite
– DumpIt
– Force VM snapshot
Forensic Analysis
Techniques
• Identify the source of digital evidence
• Forensically acquire the digital
evidence
• Analyze digital evidence
• Report on pertinent findings
Dead Host-Based VM
• Locate files used to build virtual environment
• Acquire virtual disk (.vmdk) using forensic
tools
– FTK Imager
Dead Host-Based VM
• Analyze *.vmsd file
– Contains meta data about specific VM’s saved to the host
system
• Acquire memory
– Locate *.vmem file
– Structured the same as RAM from live system
Live Virtual Environment
• Structured the same as a traditional
computer system
• Acquire logical or physical image of storage
media using forensic tools
– FTK Imager
– EnCase
• Additional Artifacts
– *vmem (virtual memory)
– VM Snapshots
Cloud Computing
• What is it?
– “a model for enabling convenient, on-demand network access
to a shared pool of configurable computing resources…”,
NIST
– Not new!
•
•
Email
Mainframe Dummy Terminals
• Services
– IaaS
•
Rackspace, VMWare vSphere
– SaaS
•
Google Apps, Dropbox, iCloud
– PaaS
•
AWS, SunCloud
Forensic Challenges
• Where is the evidence?
–
–
–
–
Client Level?
Cloud Service Level?
Underlying cloud servel level?
All of the above?
• Legal Authority
– Jurisdictional obstacles
– Who will you serve search warrant to? Where?
Related documents
Research Problem
Research Problem
A First Look at Problems in the Cloud
A First Look at Problems in the Cloud
systems administrator
systems administrator
Virtual Host - Tata DOCOMO
Virtual Host - Tata DOCOMO
Virtualization Production Lab powerpoints
Virtualization Production Lab powerpoints
Details… - Twin Cities Quality Assurance Association (TCQAA)
Details… - Twin Cities Quality Assurance Association (TCQAA)
IMAV: An Intelligent Multi-Agent Model Based on Cloud Computing Myougnjin Kim
IMAV: An Intelligent Multi-Agent Model Based on Cloud Computing Myougnjin Kim
International Journal of Application or Innovation in Engineering & Management... Web Site: www.ijaiem.org Email: , Volume 3, Issue 2, February 2014
International Journal of Application or Innovation in Engineering & Management... Web Site: www.ijaiem.org Email: , Volume 3, Issue 2, February 2014
1.1.2 What is Cloud Computing
1.1.2 What is Cloud Computing
Download
advertisement