Presentation is loading. Please wait.

Presentation is loading. Please wait.

Suntisak Thammavongsa 28-11-2011 Bachelor of IT (Honours) Supervised by Dr Raymond Choo University of South Australia Investigating a Private Ubuntu Enterprise.

Published byEgbert Owens Modified over 9 years ago

Similar presentations

Presentation on theme: "Suntisak Thammavongsa 28-11-2011 Bachelor of IT (Honours) Supervised by Dr Raymond Choo University of South Australia Investigating a Private Ubuntu Enterprise."— Presentation transcript:

1 Suntisak Thammavongsa 28-11-2011 Bachelor of IT (Honours) Supervised by Dr Raymond Choo University of South Australia Investigating a Private Ubuntu Enterprise Cloud

2 Background Research Topic Research Method Research Findings Outline

3 Cloud Computing Background “A whole broad range of IT services as long as those IT services are delivered on demand and they’re delivered elastically in terms of being able scale out and scale in” defined by Dasmalchi (2010)Dasmalchi (2010)

4 Traditional Physical Hosting Internet Web 1 Web 2 Directory E-Mail File Database Background

5 Private Cloud Internet Cloud Controller Database Centralized Data Storage Web 1 Web 2 Web 3 Directory 1 Directory 2 CRM APP DHCP Email DNS Background

6 Private Cloud Internet Cloud Controller Database Email 1 Email 2 DNS DHCP Centralized Data Storage Background Web 1 Web 2 Web 3 Directory 1 Directory 2 CRM 1 CRM 2 APP 1 APP 2

7 Digital Forensics “The process of identifying, preserving, analysing and presenting digital evidence in a manner that is legally acceptable” defined by McKemmish (1999)McKemmish (1999) Background

8 Digital Forensics Primary questions What happened? When did it happen? How did it happen? Who was involved? Background

9 Investigate a private Ubuntu Enterprise Cloud v10.10 powered by Eucalyptus open source edition v2.0 SRQ1: What are the artefacts of interest? SRQ2: How to recover deleted artefacts? SRQ3: What are other sources of evidence? Research Topic

10 Desk-based A more comprehensive literature review To gain a deeper understanding of how the technology works Laboratory-based Build a dual-node private cloud Generate text files for a data recovery experiment Research Method

11 Block Storage Controller (EBS) Node Controller (NC) Block Storage Controller (EBS) Node Controller (NC) Cluster Controller (CC) Walrus Storage Controller (WS3) Cloud Controller (CLC) Storage Server Cluster Controller (CC) iSCSI Eucalyptus Architecture Research Findings

12 Linux system artefacts on Eucalyptus controllers SWAP space under /proc Linux logs under /var Temporary files under /tmp SRQ1: What are the artefacts of interest? Research Findings

13 Cluster Controller (CC) cc.log, httpd-cc_error.log, registration.log Node Controller (NC) nc.log, httpd-nc_error.log, euca_test_nc.log Cloud Controller (CLC) cloud-debug.log, cloud-error.log, cloud-output.log, axis2c.log Elastic Block Storage Controller (EBS) sc-state.log, registration.log Walrus Storage Controller (WS3) walrus-state.log, registration.log Eucalyptus logs SRQ1: What are the artefacts of interest? Research Findings

14 Cloud Controller (CLC) $EUCALYPTUS/etc/eucalyptus.conf Cloud Controller (CLC) $EUCALYPTUS/var/lib/eucalyptus/db Cloud Controller (CLC) $EUCALYPTUS/var/lib/eucalyptus/keys Elastic Block Storage Controller (EBS) $EUCALYPTUS/var/lib/eucalyptus/bukkits Walrus Storage Controller (WS3) $EUCALYPTUS/var/lib/eucalyptus/volumes Eucalyptus essential files SRQ1: What are the artefacts of interest? Research Findings

15 Virtual machine files VM images & associated XML files on WS3 Virtual hard disk files on NC User data files User persistent data volumes on EBS Snapshots of volumes on WS3 SRQ1: What are the artefacts of interest? Research Findings

16 The process would be the same as the process in the traditional physical hosting Each Eucalyptus controller is essentially a standard Linux server with Eucalyptus software Data files are stored with EXT4 SRQ2: How to recover deleted artefacts? Research Findings

17 If a forensic copy of the local storage of each Eucalyptus controller can be acquired, current forensic tools like EnCase can access and recover the following deleted files: Linux system artefacts on Eucalyptus controllers Eucalyptus logs Eucalyptus essential files VM images & associated XML files on WS3 Virtual hard disk files on NC Snapshots of volumes on WS3 SRQ2: How to recover deleted artefacts? Research Findings

18 User data files on EBS volumes Data files may be stored in different filesystems The underlying hardware storage technology could be NAS, SAN, etc. SRQ2: How to recover deleted artefacts? Research Findings

19 Artefacts inside virtual machines Use VM ID to track down the NC Recover virtual hard disk files Recover deleted files on the virtual hard disk files SRQ2: How to recover deleted artefacts? Research Findings

20

21 Virtualization Dynamic nature of resource usage Increased number of nodes involved Centralised data storage Summary of additional challenges Research Findings

22 Client side investigation VNC, RDP, SSH, FireFox, etc. Live investigation EnCase Enterprise Virtual Introspection Network level monitoring IDS, Firewall, WAF, etc. SRQ3: What are some other sources of evidence? Research Findings

23 Thank you

Download ppt "Suntisak Thammavongsa 28-11-2011 Bachelor of IT (Honours) Supervised by Dr Raymond Choo University of South Australia Investigating a Private Ubuntu Enterprise."

Similar presentations

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES IT Services Storage And Backup Low Cost Central Storage (LCCS) January 9, 2009 1.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES IT Services Storage And Backup Low Cost Central Storage (LCCS) January 9,
INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.

INSTALLING LINUX.  Identify the proper Hardware  Methods for installing Linux  Determine a purpose for the Linux Machine  Linux File Systems  Linux.
1 NETE4631 Cloud deployment models and migration Lecture Notes #4.

1 NETE4631 Cloud deployment models and migration Lecture Notes #4.
What to expect.  Linux  Windows Server (2008 or 2012)

What to expect.  Linux  Windows Server (2008 or 2012)
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.

1 Week #1 Objectives Review clients, servers, and Windows network models Differentiate among the editions of Server 2008 Discuss the new Windows Server.
FYP Briefing Presentation Experiencing Content Addressable Storage: I really hate removable hard disk April 9, 2009 Presented by: Dr. T.Y. Wong.

FYP Briefing Presentation Experiencing Content Addressable Storage: I really hate removable hard disk April 9, 2009 Presented by: Dr. T.Y. Wong.
Jharrod LaFon (HPC-3) Jim Williams (HPC-3) 2011 Computer System, Cluster, and Networking Summer Institute Russell Husted (MTU) Derek Walker (NCA&TSU) Povi.

Jharrod LaFon (HPC-3) Jim Williams (HPC-3) 2011 Computer System, Cluster, and Networking Summer Institute Russell Husted (MTU) Derek Walker (NCA&TSU) Povi.
Hyper-V Recovery Service DR Orchestration Extensible Data Channel (Hyper-V Replica, SQL AlwaysOn)

Hyper-V Recovery Service DR Orchestration Extensible Data Channel (Hyper-V Replica, SQL AlwaysOn)
Session 3 Windows Platform Dina Alkhoudari. Learning Objectives Understanding Server Storage Technologies Direct Attached Storage DAS Network-Attached.

Session 3 Windows Platform Dina Alkhoudari. Learning Objectives Understanding Server Storage Technologies Direct Attached Storage DAS Network-Attached.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
Cloud inflection Integration with System Center Service Providers.

Cloud inflection Integration with System Center Service Providers.
Amazon EC2 Quick Start adapted from EC2_GetStarted.html.

Amazon EC2 Quick Start adapted from EC2_GetStarted.html.
Desktop in the Clouds Using Virtualization to Extend Client Outreach and Protect Data.

Desktop in the Clouds Using Virtualization to Extend Client Outreach and Protect Data.
File Systems and N/W attached storage (NAS) www.bookspar.com | VTU NOTES | QUESTION PAPERS | NEWS | VTU RESULTS | FORUM | BOOKSPAR ANDROID APP.

File Systems and N/W attached storage (NAS) | VTU NOTES | QUESTION PAPERS | NEWS | VTU RESULTS | FORUM | BOOKSPAR ANDROID APP.
1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.

1 Networks, advantages & types of What is a network? Two or more computers that are interconnected so they can exchange data, information & resources.
Senior Design – Spring 2009 Richard Gory Focus: Networking & Web.

Senior Design – Spring 2009 Richard Gory Focus: Networking & Web.
Cloud Computing الحوسبة السحابية. subject History of Cloud Before the cloud Cloud Conditions Definition of Cloud Computing Cloud Anatomy Type of Cloud.

Cloud Computing الحوسبة السحابية. subject History of Cloud Before the cloud Cloud Conditions Definition of Cloud Computing Cloud Anatomy Type of Cloud.
A Brief Overview by Aditya Dutt March 18 th ’ 2014 1Aditya Inc.

A Brief Overview by Aditya Dutt March 18 th ’ Aditya Inc.

Similar presentations

Ads by Google