CLOUD FORENSICS

CYBER CRIME
HACKIN
G
CYBER
CRIME
“Unlawful act wherein the computer is either
a tool or a target or both".

Two aspects:
 Computer as a tool to commit crime
• Child porn, threatening email, assuming
someone’s identity, sexual harassment,
defamation, spam, phishing
 Computer itself becomes target of crime
 Viruses, worms, software piracy, hacking

28-Jul-20 6
 WHY DIGITAL
EVIDENCE ?

We need a means for investigation & analysis of

the crimes – to bring the culprits to conviction.

All solution lies in Digital Evidence

28-Jul-20 7
DIGITAL
FORENSIC
 CYBER
FORENSICS
Role of Cyber Forensics
A means of systematically gathering digital
evidence, analyzing it to make credible evidence,
authentically presenting it to the court of law.

28-Jul-20 9
CYBER FORENSICS ::
CLASSIFICATION
Source? Disk Forensics
Cyber forensics
Cloud Forensics
OFF /ON ?
N/W Forensics

Traditional Forensics Live Forensics Device Forensics

28-Jul-20 10
CLOUD COMPUTING
WHAT IS CLOUD
COMPUTING?
• Cloud computing is a model for enabling ubiquitous,
convenient, on-demand network access to a shared pool
of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be
rapidly provisioned and released with minimal
management effort or service provider interaction.
(by NIST)

• “an Internet based computing paradigm that delivers on-

demand software and hardware computing capability as
a ‘service’ through virtualization where the end user is
completely abstracted from the computing resources”
 3-4-5
RULE ???
 IaaS (Infrastructure as a Service)
 PaaS (Platform as a Service)
Private Cloud
3 : Services

 SaaS (Software as a Service)
 Community Cloud
 Public Cloud
 Hybrid Cloud
4 : Deployment Models

 On-demand self-service
 Broad network access
 Resource pooling
5 : Characteristics
 Rapid Elasticity
 Metered or measured service
CLOUD CRIME
CYBER
BULLING
 “Willful and repeated harm inflicted through the use of
computers, cell phones, and other electronic devices” OR
 “The use of electronic communication to bully a person,
typically by sending messages of an intimidating or threatening
nature”
 Children may be reluctant to admit to being the victims of
cyber bullying
 Examples:
 Someone repeatedly makes fun of another person online
 Repeatedly picks on another person through e-mail or text message
 When someone posts something online about another person that they
don’t like
CYBER BULLING
(CONTD..)
WELL KNOWN CLOUD
CRIMES
 Running of “Zeus botnet controller” on an EC2
instance on Amazon’s cloud infrastructure was
reported in 2009
 iCloud hack (2014)
 Sony Pictures (2014)
 Home Depot (2015)
 Anthem (2015)
CLOUD CRIME:
 “a crime that involves cloud computing in a sense that the
cloud can be the object, subject or tool of crimes”
 Object - CSP( cloud service provider) is the
target of the
 crime;
 Subject - cloud is the environment
where the crime is committed;
 Tool - cloud can also be the tool used to
conduct or plan a
 crime
CLOUD FORENSICS:
 Cloud forensics is a subset of network forensics
 “The application of computer forensic principles and
procedures in a cloud computing environment”

 “The process of applying various digital forensic phases in

cloud platform depending on the service model and
deployment models of cloud”
CLOUD FORENSICS-
STEPS

Preservation Forensics Lab

Presentation

CFL Analysis
Scene of Crime

Authentication

Acquisition

Seizure & Hashing

Cloud
Identification

28-Jul-20 22
DATA CENTER
WHERE IS MY DATA STORED?
CLOUD
DATA?
Private cloud example
Digital forensic model for the
cloud computing systems
Digital forensic model for the cloud computing systems (1)
Digital forensic model for the cloud computing systems (2)
DATA
ACQUISITION
DATA
ANALYSIS
 Within the Virtual Machine
 Analysis of virtual hard disk data
 Analysis of VM’s RAM
 Outside the Virtual Machine
 Segregation of logs
 Acquisition of logs
Virtual disk examination process
 A ROADMAP AHEAD

S/W tools Lack of specialized tools

Storage Capacity Distributed, virtualized and

volatile storage
Chain of custody No roadmap for cloud
Preservation/ forensics
Collection Imaging physical media in a cloud
Media Imaging
is impractical
Time Synch Evidence from multiple time zones

Data stored in multiple

Legal Authority
jurisdictions
Data Integrity Lack of write-blocking
Traditional Forensics
Live Vs. Dead Acquisition of physical media
Cloud Forensics
acquisition from providers is cumbersome.
Live acquisition (Multi-tenancy)
CONCLUSION
• Cloud computing is still an evolving computational platform which
lacks the support for crime investigation in terms of the required
frameworks/tools

• Need to be Self Reliant. Make In India and Digital India are

opportunities for us to emerge with indigenous solutions and
products for Digital Forensics (specially for cloud, IoT, Fog, etc.)

• Take major initiatives for educating and making people aware of the
dangers and the ways to mitigate them

• Launch programmes and schemes to increase the number of cyber

security experts in the country

• Establish strong Public-Private links

• “Monitoring of Critical Infrastructure Systems”

DISCUSSION
THANK
YOU