![Page 1: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/1.jpg)
CLOUD FORENSICS
Dr. Digambar Pawar Associate Professor
University of Hyderabad [email protected] +91 7601010528
![Page 2: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/2.jpg)
Today’s agenda
Recent trends
Cyber Crime
Digital Forensics
Cloud Computing
Cloud Crime
Cloud Forensics
Discussion
![Page 3: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/3.jpg)
CYBER CRIME
![Page 4: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/4.jpg)
![Page 5: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/5.jpg)
Hacking
![Page 6: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/6.jpg)
28-Jul-20 6
Cyber Crime
“Unlawful act wherein the computer is either a tool or a target or both".
Two aspects:
Computer as a tool to commit crime
• Child porn, threatening email, assuming
someone’s identity, sexual harassment, defamation, spam, phishing
Computer itself becomes target of crime
Viruses, worms, software piracy, hacking
![Page 7: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/7.jpg)
28-Jul-20 7
We need a means for investigation & analysis of the crimes – to bring the culprits to conviction.
All solution lies in Digital Evidence
Why Digital Evidence ?
![Page 8: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/8.jpg)
DIGITAL FORENSIC
![Page 9: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/9.jpg)
28-Jul-20 9
Cyber Forensics deals with forensic analysis of cyber crimes with the objectives of
Identifying digital evidence
Acquiring digital evidence
Authenticating digital evidence
Reporting digital evidence
Cyber Forensics
A means of systematically gathering digital evidence, analyzing it to make credible evidence,
authentically presenting it to the court of law.
Role of Cyber Forensics
![Page 10: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/10.jpg)
28-Jul-20 10
Cyber Forensics :: Classification
Cyber forensics Disk Forensics
N/W Forensics
Device Forensics Live Forensics Traditional Forensics
OFF /ON ?
Source?
Cloud Forensics
![Page 11: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/11.jpg)
CLOUD COMPUTING
![Page 12: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/12.jpg)
• Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (by NIST)
• “an Internet based computing paradigm that delivers on-demand software and hardware computing capability as a ‘service’ through virtualization where the end user is completely abstracted from the computing resources”
What is Cloud Computing?
![Page 13: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/13.jpg)
3 : Services
4 : Deployment Models
5 : Characteristics
3-4-5 Rule ???
IaaS (Infrastructure as a Service)
PaaS (Platform as a Service)
SaaS (Software as a Service)
Private Cloud
Community Cloud
Public Cloud
Hybrid Cloud
On-demand self-service
Broad network access
Resource pooling
Rapid Elasticity
Metered or measured service
![Page 14: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/14.jpg)
![Page 15: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/15.jpg)
CLOUD CRIME
![Page 16: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/16.jpg)
Cyber Bulling
“Willful and repeated harm inflicted through the use of computers, cell phones, and other electronic devices” OR
“The use of electronic communication to bully a person, typically by sending messages of an intimidating or threatening nature”
Children may be reluctant to admit to being the victims of cyber bullying
Examples:
Someone repeatedly makes fun of another person online
Repeatedly picks on another person through e-mail or text message
When someone posts something online about another person that they don’t
like
![Page 17: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/17.jpg)
Cyber Bulling (contd..)
![Page 18: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/18.jpg)
Running of “Zeus botnet controller” on an EC2 instance on Amazon’s cloud infrastructure was reported in 2009
iCloud hack (2014)
Sony Pictures (2014)
Home Depot (2015)
Anthem (2015)
Well known Cloud Crimes
![Page 19: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/19.jpg)
Cloud crime: “a crime that involves cloud computing in a sense that the cloud can be the object, subject or tool of crimes”
Object - CSP( cloud service provider) is the target of the crime;
Subject - cloud is the environment where the crime is committed;
Tool - cloud can also be the tool used to conduct or plan a crime
![Page 20: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/20.jpg)
Cloud forensics: Cloud forensics is a subset of network forensics
“The application of computer forensic principles and procedures in a cloud computing environment”
“The process of applying various digital forensic phases in cloud platform depending on the service model and deployment models of cloud”
![Page 21: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/21.jpg)
28-Jul-20 22
Cloud Forensics-Steps
Identification
Seizure & Hashing
Acquisition
Authentication
Analysis
Presentation
Preservation
Scene of Crime
Forensics Lab
Cloud
CFL
![Page 22: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/22.jpg)
Data center
![Page 23: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/23.jpg)
Where is my data stored?
![Page 24: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/24.jpg)
Cloud Data? Private cloud example
![Page 25: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/25.jpg)
Digital forensic model for the cloud computing systems
![Page 26: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/26.jpg)
Digital forensic model for the cloud computing systems (1)
![Page 27: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/27.jpg)
Digital forensic model for the cloud computing systems (2)
![Page 28: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/28.jpg)
Data Acquisition
![Page 29: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/29.jpg)
Data Analysis
Within the Virtual Machine
Analysis of virtual hard disk data
Analysis of VM’s RAM
Outside the Virtual Machine
Segregation of logs
Acquisition of logs
![Page 30: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/30.jpg)
Virtual disk examination process
![Page 31: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/31.jpg)
A roadmap ahead
S/W tools
Storage Capacity
Chain of custody
Media Imaging
Time Synch
Legal Authority
Data Integrity
Live Vs. Dead
acquisition
Distributed, virtualized and volatile storage
Lack of specialized tools
No roadmap for cloud forensics
Imaging physical media in a cloud is impractical
Evidence from multiple time zones
Data stored in multiple jurisdictions
Lack of write-blocking
Acquisition of physical media from providers is cumbersome. Live acquisition (Multi-tenancy)
Traditional Forensics
Cloud Forensics
Preservation/
Collection
![Page 32: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/32.jpg)
Conclusion • Cloud computing is still an evolving computational platform which
lacks the support for crime investigation in terms of the required frameworks/tools
• Need to be Self Reliant. Make In India and Digital India are opportunities for us to emerge with indigenous solutions and products for Digital Forensics (specially for cloud, IoT, Fog, etc.)
• Take major initiatives for educating and making people aware of the dangers and the ways to mitigate them
• Launch programmes and schemes to increase the number of cyber security experts in the country
• Establish strong Public-Private links
• “Monitoring of Critical Infrastructure Systems”
![Page 33: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/33.jpg)
Discussion
![Page 34: CLOUD FORENSICS - Indian Institute of Science](https://reader031.vdocuments.us/reader031/viewer/2022022017/62111ac1e9d682472172d8db/html5/thumbnails/34.jpg)
Thank You