Spelling suggestions: "subject:"cloud forensics"" "subject:"cloud forensic's""
1 |
A forensically-enabled IaaS cloud computing architectureAlqahtany, Saad January 2017 (has links)
Cloud computing has been advancing at an intense pace. It has become one of the most important research topics in computer science and information systems. Cloud computing offers enterprise-scale platforms in a short time frame with little effort. Thus, it delivers significant economic benefits to both commercial and public entities. Despite this, the security and subsequent incident management requirements are major obstacles to adopting the cloud. Current cloud architectures do not support digital forensic investigators, nor comply with today’s digital forensics procedures – largely due to the fundamental dynamic nature of the cloud. When an incident has occurred, an organization-based investigation will seek to provide potential digital evidence while minimising the cost of the investigation. Data acquisition is the first and most important process within digital forensics – to ensure data integrity and admissibility. However, access to data and the control of resources in the cloud is still very much provider-dependent and complicated by the very nature of the multi-tenanted operating environment. Thus, investigators have no option but to rely on the Cloud Service Providers (CSPs) to acquire evidence for them. Due to the cost and time involved in acquiring the forensic image, some cloud providers will not provide evidence beyond 1TB despite a court order served on them. Assuming they would be willing or are required to by law, the evidence collected is still questionable as there is no way to verify the validity of evidence and whether evidence has already been lost. Therefore, dependence on the CSPs is considered one of the most significant challenges when investigators need to acquire evidence in a timely yet forensically sound manner from cloud systems. This thesis proposes a novel architecture to support a forensic acquisition and analysis of IaaS cloud-base systems. The approach, known as Cloud Forensic Acquisition and Analysis System (Cloud FAAS), is based on a cluster analysis of non-volatile memory that achieves forensically reliable images at the same level of integrity as the normal “gold standard” computer forensic acquisition procedures with the additional capability to reconstruct the image at any point in time. Cloud FAAS fundamentally, shifts access of the data back to the data owner rather than relying on a third party. In this manner, organisations are free to undertaken investigations at will requiring no intervention or cooperation from the cloud provider. The novel architecture is validated through a proof-of-concept prototype. A series of experiments are undertaken to illustrate and model how Cloud FAAS is capable of providing a richer and more complete set of admissible evidence than what current CSPs are able to provide. Using Cloud FAAS, investigators have the ability to obtain a forensic image of the system after, just prior to or hours before the incident. Therefore, this approach can not only create images that are forensically sound but also provide access to deleted and more importantly overwritten files – which current computer forensic practices are unable to achieve. This results in an increased level of visibility for the forensic investigator and removes any limitations that data carving and fragmentation may introduce. In addition, an analysis of the economic overhead of operating Cloud FAAS is performed. This shows the level of disk change that occurs is well with acceptable limits and is relatively small in comparison to the total volume of memory available. The results show Cloud FAAS has both a technical and economic basis for solving investigations involving cloud computing.
|
2 |
Forensic Analysis of G Suite Collaborative ProtocolsMcCulley, Shane 09 August 2017 (has links)
Widespread adoption of cloud services is fundamentally changing the way IT services are delivered and how data is stored. Current forensic tools and techniques have been slow to adapt to new challenges and demands of collecting and analyzing cloud artifacts. Traditional methods focusing only on client data collection are incomplete, as the client may have only a (partial) snapshot and misses cloud-native artifacts that may contain valuable historical information.
In this work, we demonstrate the importance of recovering and analyzing cloud-native artifacts using G Suite as a case study. We develop a tool that extracts and processes the history of Google Documents and Google Slides by reverse engineering the web applications private protocol. Combined with previous work that has focused on API-based acquisition of cloud drives, this presents a more complete solution to cloud forensics, and is generalizable to any cloud service that maintains a detailed log of revisions.
|
3 |
API-Based Acquisition of Evidence from Cloud Storage ProvidersBarreto, Andres E 11 August 2015 (has links)
Cloud computing and cloud storage services, in particular, pose a new challenge to digital forensic investigations. Currently, evidence acquisition for such services still follows the traditional approach of collecting artifacts on a client device. In this work, we show that such an approach not only requires upfront substantial investment in reverse engineering each service, but is also inherently incomplete as it misses prior versions of the artifacts, as well as cloud-only artifacts that do not have standard serialized representations on the client.
In this work, we introduce the concept of API-based evidence acquisition for cloud services, which addresses these concerns by utilizing the officially supported API of the service. To demonstrate the utility of this approach, we present a proof-of-concept acquisition tool, kumodd, which can acquire evidence from four major cloud storage providers: Google Drive, Microsoft One, Dropbox, and Box. The implementation provides both command-line and web user interfaces, and can be readily incorporated into established forensic processes.
|
4 |
Forensiska Undersökningar av MolntjänsterWestberg, Sofia January 2012 (has links)
Användning av molntjänster har gjort forensiska undersökningar mer komplicerade. Däremot finns det goda förutsättningar om molnleverantörerna skapar tjänster för att få ut all information. Det skulle göra det enklare och mer tillförlitligt. Informationen som ska tas ut från molntjänsterna är svår att få ut på ett korrekt sätt. Undersökningen görs inte på en skrivskyddad kopia, utan i en miljö som riskerar att förändras. Det är då möjligt att ändringar görs under tiden datan hämtas ut, vilket inte alltid syns. Det går heller inte att jämföra skillnaderna genom att ta hashsummor på filerna som görs vid forensiska undersökningar av datorer. Därför är det viktigt att dokumentera hur informationen har tagits ut, helst genom att filma datorskärmen under tiden informationen tas ut. Informationen finns sparad på flera platser då molntjänsterna Office 365 och Google Apps används, både i molnet och på den eller de datorer som har använts för att ansluta till molntjänsten. Webbläsare sparar mycket information om vad som har gjorts. Därför är det viktigt att det går att ta reda på vilka datorer som har använts för att ansluta sig till molntjänsten, vilket idag inte möjligt. Om det är möjligt att undersöka de datorer som använts kan bevis som inte finns kvar i molnet hittas. Det bästa ur forensisk synvinkel skulle vara om leverantörerna av molntjänster erbjöd en tjänst som hämtar ut all data som rör en användare, inklusive alla relevanta loggar. Då skulle det ske på ett mycket säkrare sätt, då det inte skulle gå att ändra informationen under tiden den hämtas ut. / The usage of cloud services has made forensics investigations more complicated. But there are good foundations if the cloud service providers would create services to retrieve all the information. It would make the process easier and more reliable. The most difficult part to do correctly is to download the information from the cloud services. The investigation is done in a volatile environment and not on a secured copy. It is possible that changes are made during the time the data is retrieved, which is not always visible. It is not possible to compare the differences in files with hash values, in the same way as forensic investigations of computers. That is why it is very important to document how the information is retrieved, preferably by recording the computer screen during the time the information is retrieved. The information is saved on multiple locations when the cloud services Office 365 and Google Apps are used, both in the cloud and on the computer that is being used to access the cloud. The web browser saves a lot of information of what has been done. That is why it is important to find out which computer has been used to connect to the cloud service, which is not possible today. If it would be possible to examine all the computer that have been used, evidence that is no longer in the cloud could be found, The best through a forensic angle would be if the cloud service providers offered to retrieve all data which involves a user, including all relevant logs. Then it would be possible to retrieve the data with a secure method, because it would not be possible to change the information during the retrieval.
|
5 |
I förövarens moln : En kvalitativ analys av lagen om genomsökning på distansLuong, Jenny, Humaloja, Amanda January 2023 (has links)
I takt med att världen blir alltmer uppkopplad och digitaliserad, är det en ständig utmaning för lagstiftningen att hänga med i utvecklingen. Digitaliseringen har också öppnat upp en helt ny arena för brottslighet, där elektroniska enheter och information har blivit alltmer centrala. För att bekämpa den ökande brottsligheten i den digitala sfären, har det funnits ett behov av att säkra digitalt bevismaterial som lagras utanför den fysiska enheten. Tidigare kunde det vara svårt att komma åt dessa digitala bevis på ett effektivt och lagligt sätt. Den nya lagen om genomsökning på distans har öppnat upp för möjligheten att säkra digitalt bevismaterial även utanför den lokala enheten. Syftet med uppsatsen var att undersöka hur lagen har påverkat det IT-forensiska arbetet, samt kartlägga möjligheter och utmaningar som lagen medför. Därutöver lyfter arbetet även fram önskemål på förändringar i lagen ur ett IT-forensiskt perspektiv. Detta undersöktes med hjälp av en kvalitativ studie där det utfördes intervjuer med IT-forensiker på Polismyndigheten och en verksamhetsutvecklare på NFC. / As the world becomes increasingly connected and digitized, it is a constant challenge for legislation to keep up with the pace of the technical development. Digitalization has also established an entirely new arena for criminal activity, where electronic devices and information have become increasingly central. To combat the increasing digital crime, there has been a need to secure digital evidence stored outside of the physical device. Previously, it could be difficult to access this digital evidence in an effective and legal manner. The new law on cloud forensic investigation has enabled the probability of securing digital evidence even outside of the local device. The purpose of this essay was to examine how the law has affected the IT-forensic investigation work, as well as to identify the opportunities and challenges posed by the law. In addition, the work highlights requests for changes to the law from an IT forensic perspective. This was investigated using a qualitative study where interviews were conducted with IT-forensic experts from Polismyndigheten and a developer from NFC.
|
6 |
Exploring IoT Security Threats and Forensic Challenges: A LiteratureReview and Survey StudyAl Allaf, Abdulrahman, Totonji, Waseem January 2023 (has links)
Internet of Things (IoT) devices have increased rapidly in recent years, revolutionizing many industries, including healthcare, manufacturing, and transportation, and bringing benefits to both individuals and industries. However, this increase in IoT device usage has exposed IoT ecosystems to numerous security threats and digital forensic challenges. This thesis investigates the most common IoT security threats and attacks, students’ awareness of them and their mitigation strategies, and the key challenges associated with IoT forensic investigations. A mixed-method approach is adopted in this thesis combining a literature review and a survey study. The survey assesses students’ knowledge of IoT security threats, mitigation techniques, and perceptions of the most effective ways to enhance IoT security. The survey also emphasizes the importance of user training and awareness in mitigating IoT threats, highlighting the most effective strategies, such as stronger regulations and improved device security by manufacturers. The literature review provides a comprehensive overview of the most common IoT security threats and attacks, such as malware, malicious code injection, replay attacks, Man in the Middle (MITM), botnets, and Distributed Denial of Service Attacks (DDoS). The mitigation techniques to these threats are overviewed as well as real-world incidents and crimes, such as the Mirai botnet, St. Jude Medical implant cardiac devices hack, and the Verkada hack, are examined to understand the consequences of these attacks. Moreover, this work also highlights the definition and the process of digital and IoT forensics, the importance of IoT forensics, and different data sources in IoT ecosystems. The key challenges associated with IoT forensics and how they impact the effectiveness of digital investigations in the IoT ecosystem are examined in detail. Overall, the results of this work contribute to ongoing research to improve IoT device security, highlight the importance of increased awareness and user training, and address the challenges associated with IoT forensic investigations.
|
7 |
Information security, privacy, and compliance models for cloud computing servicesAlruwaili, Fahad F. 13 April 2016 (has links)
The recent emergence and rapid advancement of Cloud Computing (CC) infrastructure and services have made outsourcing Information Technology (IT) and digital services to Cloud Providers (CPs) attractive. Cloud offerings enable reduction in IT resources (hardware, software, services, support, and staffing), and provide flexibility and agility in resource allocation, data and resource delivery, fault-tolerance, and scalability. However, the current standards and guidelines adopted by many CPs are tailored to address functionality (such as availability, speed, and utilization) and design requirements (such as integration), rather than protection against cyber-attacks and associated security issues. In order to achieve sustainable trust for cloud services with minimal risks and impact on cloud customers, appropriate cloud information security models are required. The research described in this dissertation details the processes adopted for the development and implementation of an integrated information security cloud based approach to cloud service models. This involves detailed investigation into the inherent information security deficiencies identified in the existing cloud service models, service agreements, and compliance issues. The research conducted was a multidisciplinary in nature, with detailed investigations on factors such as people, technology, security, privacy, and compliance involved in cloud risk assessment to ensure all aspects are addressed in holistic and well-structured models.
The primary research objectives for this dissertation are investigated through a series of scientific papers centered on these key research disciplines. The assessment of information security, privacy, and compliance implementations in a cloud environment is described in Chapters two, three, four, and five. Paper 1 (CCIPS: A Cooperative Intrusion Detection and Prevention Framework for Cloud Services) outlines a framework for detecting and preventing known and zero-day threats targeting cloud computing networks. This framework forms the basis for implementing enhanced threat detection and prevention via behavioral and anomaly data analysis. Paper 2 (A Trusted CCIPS Framework) extends the work of cooperative intrusion detection and prevention to enable trusted delivery of cloud services. The trusted CCIPS model details and justifies the multi-layer approach to enhance the performance and efficiency of detecting and preventing cloud threats. Paper 3 (SOCaaS: Security Operations Center as a Service for Cloud Computing Environments) describes the need for a trusted third party to perform real-time monitoring of cloud services to ensure compliance with security requirements by suggesting a security operations center system architecture. Paper 4 (SecSLA: A Proactive and Secure Service Level Agreement Framework for Cloud Services) identifies the necessary cloud security and privacy controls that need to be addressed in the contractual agreements, i.e. service level agreements (SLAs), between CPs and their customers.
Papers five, six, seven, and eight (Chapters 6 – 9) focus on addressing and reducing the risk issues resulting from poor assessment to the adoption of cloud services and the factors that influence such as migration. The investigation of cloud-specific information security risk management and migration readiness frameworks, detailed in Paper 5 (An Effective Risk Management Framework for Cloud Computing Services) and Paper 6 (Information Security, Privacy, and Compliance Readiness Model) was achieved through extensive consideration of all possible factors obtained from different studies. An analysis of the results indicates that several key factors, including risk tolerance, can significantly influence the migration decision to cloud technology. An additional issue found during this research in assessing the readiness of an organization to move to the cloud is the necessity to ensure that the cloud service provider is actually with information security, privacy, and compliance (ISPC) requirements. This investigation is extended in Paper 7 (A Practical Life Cycle Approach for Cloud based Information Security) to include the six phases of creating proactive cloud information security systems beginning with initial design, through the development, implementation, operations and maintenance. The inherent difficulty in identifying ISPC compliant cloud technology is resolved by employing a tracking method, namely the eligibility and verification system presented in Paper 8 (Cloud Services Information Security and Privacy Eligibility and Verification System).
Finally, Paper 9 (A Case Study of Migration to a Compliant Cloud Technology) describes the actual implementation of the proposed frameworks and models to help the decision making process faced by the Saudi financial agency in migrating their IT services to the cloud. Together these models and frameworks suggest that the threats and risks associated with cloud services are continuously changing and more importantly, increasing in complexity and sophistication. They contribute to making stronger cloud based information security, privacy, and compliance technological frameworks. The outcomes obtained significantly contribute to best practices in ensuring information security controls are addressed, monitoring, enforced, and compliant with relevant regulations. / Graduate / 0984 / 0790 / fahd333@gmail.com
|
8 |
Uppe bland molnen : Tvångsmedlet genomsökning på distans RB 28:10 och utvinning av molndata tillhörande GoogletjänsterDahlstrand, Elsa, Dahl, Moa January 2023 (has links)
Det sker en kontinuerlig digitalisering i världen vilket innebär en utmaning för samhällets lagstiftning, till följd av att lagstiftning är tids- och resurskrävande. Detta är något som kriminella utnyttjar i och med att deras verksamhet har flyttats alltmer till den digitala världen. Kriminell verksamhet som genomförs med hjälp av molntjänster har varit svårt att bekämpa, då det inte är säkert att den data som skapas i molntjänster också lagras i samma land. Arbetet att samla in denna data har för svenska myndigheter därför varit krångligt, och i vissa fall, omöjligt. Det var först i juni 2022 som en lag trädde i kraft, RB 28:10 genomsökning på distans, som gjorde det möjligt för utredare att gå in i molntjänster och leta efter bevismaterial. I denna uppsats har semi-strukturerade intervjuermed IT-forensiker och åklagare genomförtsoch analyserats.Resultatet visar att upplevelsen av lagen är positiv; att den kom hastigt men att den var behövlig. Däremot har den skapat mer arbete för IT-forensiker som en konsekvens. Kompletterande har ett experiment av molndata tillhörande ett Google-konto undersökts med hjälp av två IT-forensiska verktyg, vilket resulterat i att en skillnad i verktygens identifiering av raderad data uppmärksammats. Slutligen påvisar uppsatsen och dess resultat att lagen,genomsökning på distans, och utvinning av molndata försett brottsbekämpningen med data av högt bevisvärde och möjliggjort utredningar som tidigare inte var möjligt enligt lag. / The constant digitalization of our world poses a challenge to our governments in developing laws correspondingly. This divergence is something cybercriminals exploit. Criminal activity taking place in the cyberspace, specifically through cloud platforms, has been difficult for law enforcement to regulate and prosecute, partially due to the information needed is kept in servers outside of jurisdiction. In Swedish law enforcement this has caused the acquisition of valuable cloud data, in some cases, impossible, consequently leading to unsolved cases. As of June 2022, a new law regarding means of coercion took effect which enabled the recovery of account specific cloud data. In this work semi-structured interviews, with IT-forensics and prosecutors, were conductedand analyzed. The result shows that the experience of the law is positive, that it came abruptlybut that it was necessary. However, it has created more work for IT-forensics as a consequence. In addition, an experiment involving cloud data belonging to a Google account has been investigated with the help of two IT-forensic tools, which resulted in the observation of a variation in the tools' identification of deleted data. Finally, the paper and its findings demonstrate that the law and cloud data mining have provided law enforcement with high probative value data and enabled investigations previously not lawfully possible.
|
Page generated in 0.0718 seconds