Upload File

web viewist 454: cyber forensics. cloud computing forensics. team 1. terry bazemore. amanda bennett....

  • Home
  • Documents
  • Web viewIST 454: Cyber Forensics. Cloud Computing Forensics. Team 1. Terry Bazemore. Amanda Bennett. Shaan Mulchandani. William Riggins. December 11,
88
IST 454: Cyber Forensics Cloud Computing Forensics Team 1 Terry Bazemore Amanda Bennett Shaan Mulchandani William Riggins December 11, 2011 1

Upload: dotu

Post on 30-Jan-2018

233 views

Category:

Documents


0 download

Report

TRANSCRIPT

1

IST 454: Cyber Forensics

Cloud Computing Forensics

Team 1

Terry Bazemore

Amanda Bennett

Shaan Mulchandani

William Riggins

December 11, 2011

Table of ContentsExecutive Summary41.Introduction51.1What is The Cloud?51.2Cloud Services71.2.1Overview71.2.2.Utilization and Purpose71.3Cloud Solutions A Forensic Perspective92.Objectives123.The Need for Cloud Forensics144.Forensic Tools and Technologies165.Cloud Services195.1Amazon Web Services (AWS)195.1.1Overview195.1.2Forensic Capabilities205.2Google App Engine255.2.1.Overview255.2.2Forensic Capabilities255.3Microsoft Azure285.3.1Overview285.3.2Forensic Capabilities285.4Salesforce315.4.1Overview315.4.2Forensic Capabilities326.Ratings and Analysis346.1Overview346.2Ratings356.3Analysis366.3.1Amazon Web Services366.3.2Google App Engine Ratings386.3.3Microsoft Azure Ratings406.3.4Salesforce Ratings427.Scenarios and Analysis457.1Cloud Forensics in Academia457.1.1Scenario457.1.2Analysis467.2Cloud Forensics in a Software-as-a-Service Model487.2.1Scenario487.2.2Analysis497.3Cloud Forensics in the Public Sector507.3.1Scenario507.3.2Analysis517.4Cloud Forensics at an Enterprise Level527.4.1Scenario527.4.2Analysis538.Project Website559.Conclusion56Appendices57Appendix A: Project Plan and Timeline57Milestone 1: Project Proposal57Milestone 2: Project Report and Website Development58Milestone 3: Project Presentation59Appendix B: References60

Executive Summary

The emergence of cloud computing has proven to be a reliable, cost saving IT infrastructure solution for numerous large corporations, which no longer require dedicated servers, facilities, and staff. While security be it physical or information/logical is a concern that has been investigated in depth, there is a lack of extensive research in terms of forensic capabilities offered by these cloud-computing solutions.

Therefore this paper investigates four cloud-service providers, viz. Amazon Web Services (AWS), Google App Engine, Microsoft Azure, and Salesforce from a forensic perspective. Prior to conducting a detailed study on these products, we examine contemporary literature and challenges with cloud-computing solutions. Following analysis of the chosen products, findings are used to determine scores and suitability ratings based on weighted categories. Ratings assigned are justified, and applied to four different practical scenarios in various sectors such as academia, provision of software as a service, the public sector, and corporations.

Products evaluated in this paper, ratings, scenarios, and all analysis have also been presented on a website / portal developed for the purpose of our study, and may be found at www.cloudforensics.wordpress.com.

1.Introduction1.1What is The Cloud?

The Cloud when used in the Information Technology realm, is a term that implies a vast network of distributed computing and storage services. Subscribers to cloud services are able to re-provision IT infrastructure services at will, and avail of elastic or on-demand computing. As a laymans analogy, we can imagine cloud-computing services to be similar to an electricity grid that supplies power to each household [or in this case subscriber] that can choose how much power he/she wishes to consume.

Due to the fact that users can reallocate resources at will, and keeping in line with the analogy provided above, cloud computing provides services that are device and location independent just as we continue to receive a supply of electricity in our homes without actually knowing where the nearest power grid is. Figure 1 illustrates this device and location independence.

Figure 1

1.2Cloud Services1.2.1Overview

The previous section, 1.1: What is The Cloud, provided us with an introduction to cloud services and why they are rapidly gaining popularity. This section expands on the current and future uses of cloud computing services, and provides a literature review of cloud solutions from a forensic perspective in other words, can traditional computer forensic practices keep up with rapid development in distributed computing and storage technology?

1.2.2.Utilization and Purpose

Cloud computing services add tremendous value for end-users in addition to providing device and location independence. Some of these advantages are:

These solutions empower end-users by putting the provisioning of computing resources in their own control, as opposed to the control of a centralized IT service

Agility improves with users' ability to re-provision technological infrastructure resources

Cloud computing systems typically use REST-based APIs that lead to ease of data access and storage

Cost is reduced in a public cloud delivery model

Reliability is improved, which makes cloud computing suitable for business continuity and disaster recovery

Scalability and Elasticity via dynamic provisioning of resources on a fine-grained, self-service basis near real-time, without users having to engineer for peak loads

These advantages, amongst numerous others, are evident in services that we use such as Amazon Web Services Elastic Cloud Compute, SimpleDB, Elastic Beanstalk, and others such as Dropbox for file storage, or GitHub for social coding.

1.3Cloud Solutions A Forensic Perspective

Reilly et al discuss the merits and detriments of cloud computing as it relates to the operations of law enforcements ability to gather evidence. Of particular interest is a section of the paper devoted to computer forensics, and the challenges brought on by cloud based services. They argue that where computer forensics is concerned, cloud computing has not been thoroughly considered in terms of its forensic readiness, but also that the cloud was designed to be secure. It is this statement that instills the most fear, as the system may very well be secure, but is it able to be investigated using traditional forensics tools, or do we need an entirely different process? The authors also attempt to answer this question through application of legacy methods, only with a twist, to tailor forensic processes for use in the cloud.

Barnett and Kipper, in their book titled Virtualization and Forensics state that there are a number of obstacles when conducting forensic investigations in cloud environments, much less on (entire) cloud environments. They mention factors such as laws, court-approved methods, standard operating procedures for forensic investigators, and the involvement of a third party, viz. the cloud service producer introduce various challenges and complications. Part of this is attributed to the inapplicability of traditional forensic procedures, where forensic investigators must utilize different procedures for seized hard-drives, versus mobile platforms, etc. In this regard, researchers at Gartner state, Investigating inappropriate or illegal activity may be impossible in cloud computing. Cloud services are especially difficult to investigate, because logging and data for multiple customers may be co-located and may also be spread across and ever-changing set of hosts and data centers. If you cannot get a contractual commitment to support specific forms of investigation along with evidence that the vendor has already supported such activities then your only safe assumption is that investigation and discovery requests will be impossible. However, with regard to forensic analysis within the cloud service, Barnett and Kipper suggest promising solutions. They say that cloud computing becomes an on demand service when using infrastructure as a service (IaaS) models, with the option of using as much storage and computing power as required. Dedicated forensic servers could also remain offline, until needed which minimizes cost for corporations and/or law enforcement agencies. An example of this, with one of our cloud solutions being considered, is AWS which allows for a MD5 hash file to be generated for every file present on the system.

According to the project titled CLOIDFIN, which reveals (general) challenges faced in a cloud-computing environment, it is stated on forensics Traditional digital forensic methodologies permit investigators to seize equipment and perform detailed analysis on the media and data recovered. The likelihood therefore, of the data being removed, overwritten, deleted or destroyed by the perpetrator in this case is low. More closely linked to a CC environment would be businesses that own and maintain their own multi-server type infrastructure, though this would be on a far smaller scale in comparison. However, the scale of the cloud and the rate at which data is overwritten is of concern.

Simson Garfinkel, in a paper on Digital Forensics Research: The Next 10 Years discusses cloud related issues within the scope of forensic investigations, listing Use of the cloud for remote processing and storage, and to split a single data structure into elements, means that frequently data or code cannot even be found as a concern. Furthermore, he states similar concerns as Gartner (earlier described) when he says Encryption and cloud computing both threaten forensic visibility and both in much the same way. No matter whether critical information is stored in an unidentified server somewhere in the cloud or stored on the subjects hard drive inside a TrueCrypt volume, these technologies deny investigators access to the case data. While neither technology is invincible, both require time and frequently luck to circumvent (Casey and Stellatos, 2008). Cloud computing in particular may make it impossible to perform basic forensic steps of data preservation and isolation on systems of forensic interest.

2.Objectives

We propose to research the feasibility of cloud-computing solutions, in particular: Ama


SQL SERVER Anti-Forensics - Black Hat · • Anti-Forensics techniques help to make forensics investigations difficult • Anti-Forensics can be a never ending game • Forensics

Implementation of Forensic Analysis Procedures for ...Android Forensics, Instant Messenger Forensics, Viber Forensics, WhatsApp Forensics. 1. INTRODUCTION ... communication medium

History of Forensics CHS. Define Forensics Forensics is the application of science to law

USB FORENSICS -PRODISCOVER USB FORENSICS –ENCASE V7csc.csudh.edu/cae/.../2013/11/All-is-not-Lost-Forensics-on-a-USB-Ale… · USB FORENSICS -PRODISCOVER USB FORENSICS -PRODISCOVER

Computer Forensics – Tracking the Cyber vandals Forensics

Forensics · Disk Forensics Mobile Forensics E-mail investigations Questioned document Cryptography, examination Steganography Live Forensics and Network Forensics Audio/video authentication

Is Mobile Device Forensics Really Forensics?

Forensics & Anti- Forensics - Power Of Communitypowerofcommunity.net/poc2007/casper.pdf · Anti-Forensics • Wipe can reply all Host Forensics Tools • Counterfeit Evidence •

Cloud Storage Forensics - SANS Computer Forensics

QCL 14-v3 [BEST PRACTICES]-[BANASTHALI UNIVERSITY]_[POONAM MULCHANDANI]

Digital Evidence and Computer Forensics Oct 7-8 2013/Tab 02 Oct 7-8... · Digital Evidence and Computer Forensics COMPUTER FORENSICS FORENSICS FORENSICS

Qcl 14-v3 [flowchart]-[banasthali vidyapith]_[poonam mulchandani]

Memory Forensics - publish.illinois.edupublish.illinois.edu/.../files/2014/03/acc-forensics.pdfWhat is Computer Forensics? Mobile Device Forensics Network Forensics Memory & Data Forensics

Forensics & Anti- Forensics

iPhone Forensics Methodology and Tools · Forensics methodologies, iPhone forensics, forensics tools, digital forensics evidence handling, INTRODUCTION iPhone mobile phone is becoming

© The Forensics Files Lincoln-Douglas Debate The Forensics Files The Forensics Files

Live Forensics Investigations Computer Forensics 2013

Windows 8 Forensics & Anti Forensics

Fundamental Limits in Multimedia Forensics and Anti-Forensics

Acquisizione Laboratorio Disk forensics Network forensics

Network Forensics PPrinciples of Network Forensics

Digital forensics track schroader-rob when forensics collide

Computer forensics - Jordan University of Science and ...tawalbeh/aabfs/presentations/computer_forensics.pdf · 29.08.2006 Computer forensics 2 Computer forensics Definitions: Forensics

Managing International Operations Presented by Prakash R. Mulchandani

COMPUTER FORENSICS - Boise Chapter€¦ · 3 Mobile device forensics 4 Other 5 References Computer forensics Main article: computer forensics ... 1.19 Computer Forensics Solution

Constitutional Amendments & Digital Forensics Computer Forensics BACS 371

QCLl 14-v3 [Cause and effect diagram]-[bansthali vidyapith]_[poonam mulchandani]

Digital Forensics or Cyber Forensics My Contribution

DefCon 2012 - Anti-Forensics and Anti-Anti-Forensics

Preventive Digital Forensics: Creating Preventive Digital Forensics

Introduction to IT Forensics and Forensics Process 1

Subject: Forensics Course Title: Forensics Unit: Criminalistics and

The Computer Forensics Challenge and Anti-Forensics - H2HC

FORENSICS JOURNAL - Stevenson Universitystevenson.edu/online/publications/forensics/documents/...FORENSICS JOURNAL 1 Welcome to the third edition of the Stevenson University Forensics

Hiten Mulchandani - COnnecting REpositoriesAn Engine Air-Brake Integration Study by Hiten Mulchandani Bachelor of Engineering, Mechanical (2008) The University of Auckland Submitted