Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mastering Windows Network Forensics and Investigation Chapter 17: The Challenges of Cloud Computing and Virtualization.

Published byCarmella Newton Modified over 8 years ago

Similar presentations

Presentation on theme: "Mastering Windows Network Forensics and Investigation Chapter 17: The Challenges of Cloud Computing and Virtualization."— Presentation transcript:

1 Mastering Windows Network Forensics and Investigation Chapter 17: The Challenges of Cloud Computing and Virtualization

2 Chapter Topics: Understand investigative implications when virtualization or cloud services are used Detect and acquire artifacts of virtualization applications Detect and acquire pertinent data from cloud services

3 What is Virtualization? Host-based –An environment that exists in specialized software within the host system designed to emulate a wholly separate OS with its own resources

4 What is Virtualization? Server-based –Environment is installed on top of the host hardware layer to maximizes system resources Hypervisor –makes virtualization possible Type 1 – bare metal Type 2 – hosted

5 What is Virtualization? Type 1 Type 2

6 Incident Response What is the scope of the network How is the environment configured? What machines have been compromised? What are their roles? Where are they?

7 Acquiring RAM Live Host-based Virtual Environment –Similar procedure as host system Methods –FTK Imager Lite –DumpIt –Force VM snapshot

8 Forensic Analysis Techniques Identify the source of digital evidence Forensically acquire the digital evidence Analyze digital evidence Report on pertinent findings

9 Dead Host-Based VM Locate files used to build virtual environment Acquire virtual disk (.vmdk) using forensic tools –FTK Imager

10 Dead Host-Based VM Analyze *.vmsd file –Contains meta data about specific VM’s saved to the host system Acquire memory –Locate *.vmem file –Structured the same as RAM from live system

11 Live Virtual Environment Structured the same as a traditional computer system Acquire logical or physical image of storage media using forensic tools –FTK Imager –EnCase Additional Artifacts –*vmem (virtual memory) –VM Snapshots

12 Cloud Computing What is it? –“a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources…”, NIST –Not new! Email Mainframe Dummy Terminals Services –IaaS Rackspace, VMWare vSphere –SaaS Google Apps, Dropbox, iCloud –PaaS AWS, SunCloud

13 Forensic Challenges Where is the evidence? –Client Level? –Cloud Service Level? –Underlying cloud servel level? –All of the above? Legal Authority –Jurisdictional obstacles –Who will you serve search warrant to? Where?

Download ppt "Mastering Windows Network Forensics and Investigation Chapter 17: The Challenges of Cloud Computing and Virtualization."

Similar presentations

Ed Duguid with subject: MACE Cloud

Ed Duguid with subject: MACE Cloud
Darren Quick Supervisor: Dr Kim-Kwang Raymond Choo.

Darren Quick Supervisor: Dr Kim-Kwang Raymond Choo.
An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.

An Approach to Secure Cloud Computing Architectures By Y. Serge Joseph FAU security Group February 24th, 2011.
Virtualization and the Cloud

Virtualization and the Cloud
Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.

Presented by Sujit Tilak. Evolution of Client/Server Architecture Clients & Server on different computer systems Local Area Network for Server and Client.
Wally Kowal, President and Founder Canadian Cloud Computing Inc.

Wally Kowal, President and Founder Canadian Cloud Computing Inc.
M.A.Doman 2011. Model for enabling the delivery of computing as a SERVICE.

M.A.Doman Model for enabling the delivery of computing as a SERVICE.
Virtualization for Cloud Computing

Virtualization for Cloud Computing
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support
ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.

ProjectWise Virtualization Kevin Boland. What is Virtualization? Virtualization is a technique for deploying technologies. Virtualization creates a level.
Cloud computing Tahani aljehani.

Cloud computing Tahani aljehani.
Next step of e-government.. Importance Foreword Cloud computing  Characteristics  Service  Users  Benefit Challenges in E-government Cloud government.

Next step of e-government.. Importance Foreword Cloud computing  Characteristics  Service  Users  Benefit Challenges in E-government Cloud government.
To run the program: To run the program: You need the OS: You need the OS:

To run the program: To run the program: You need the OS: You need the OS:
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Cloud Computing Why is it called the cloud?.

Cloud Computing Why is it called the cloud?.
This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

This courseware is copyrighted © 2011 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
VIRTUALIZATION AND CLOUD COMPUTING Dr. John P. Abraham Professor, Computer Engineering UTPA.

VIRTUALIZATION AND CLOUD COMPUTING Dr. John P. Abraham Professor, Computer Engineering UTPA.
Teaching Digital Forensics w/Virtuals By Amelia Phillips.

Teaching Digital Forensics w/Virtuals By Amelia Phillips.
Introduction to VMware Virtualization

Introduction to VMware Virtualization
Virtualization. ABCs Special software: hypervisors or virtual machine managers Guest OS (virtual machine) sits on top of host OS (Win 7 in our case) We.

Virtualization. ABCs Special software: hypervisors or virtual machine managers Guest OS (virtual machine) sits on top of host OS (Win 7 in our case) We.

Similar presentations

Ads by Google