adding event reconstruction to a cloud forensic readiness

Adding Event Reconstruction to a Cloud Forensic Readiness Model Presenter: V.R Kebande Supervisor: Prof Hein.S. Venter University of Pretoria

Upload: victor-kebande

Post on 29-Jul-2015

53 views

Category:

Technology

3 download

Report

Download

Tags:

Embed Size (px):

TRANSCRIPT

Page 1: Adding event reconstruction to a cloud forensic readiness

Adding Event Reconstruction to a Cloud Forensic Readiness Model

Presenter: V.R KebandeSupervisor: Prof Hein.S. Venter

University of Pretoria

Page 2: Adding event reconstruction to a cloud forensic readiness

What is the focus of Digital Investigations Currently?

Searching for Digital Evidence Collection of Digital Evidence Examining the Properties of Collected Evidence.

But why is that Evidence Really Evidence?Important Aspect: Need to Identify what CAUSED Evidence to have the properties it has.

Introduction

Page 3: Adding event reconstruction to a cloud forensic readiness

ER examines and analyses the evidence to identify why it has its characteristics [Carrier & Spafford, 2004].ER will pose the following questions:

Why Evidence has the properties Where could they have come from? When were they created?

This may help to create a hypothesis for a DFI

Reconstruction identifies events for which evidence exist to support their occurrence.

What is Event Reconstruction

Page 4: Adding event reconstruction to a cloud forensic readiness

Forensic Readiness-Maximizing an environment’s ability to collect credible Digital Evidence.

Minimizing the cost of forensic investigation during incident response [Rowlingson, 2004]

ISO/IEC 27043-”occurs before incident detection”

A Cloud Forensic Readiness Model

Page 5: Adding event reconstruction to a cloud forensic readiness

Proactive Approach

Retaining Critical Information

Collecting appropriate Digital Evidence

So, How can a Cloud be Forensically Ready?

Page 6: Adding event reconstruction to a cloud forensic readiness

High-level view of the Model

Page 7: Adding event reconstruction to a cloud forensic readiness

What is involved?

Event reconstruction* Event reconstruction Process

* High-level Process

* Detailed process

ProposedEnhanced Cloud Forensic readiness Model

Page 8: Adding event reconstruction to a cloud forensic readiness

Enhanced Cloud Forensic Readiness Model

Reconstruction

Reconstruction Process

A2 A3

Wi Xi yi Znei

(Clu_N)

(Clu_N) (Clu_N)

(Clu_N)

Event search function

Page 11: Adding event reconstruction to a cloud forensic readiness

Similarity measure between events represented by Minkowskis’ distance function

A,B-Eventsp=1,2…to ∞ is [comparative metric for suitable distance metric between events] dMD-Is the distance metric for Minkowski Distance

Similarity Measure

),( BAd MDpp n

i ii BA ||1

Page 12: Adding event reconstruction to a cloud forensic readiness

Event reconstruction based on the distance function help achieve the following:

To be able to distinguish one event from the other

Predict behaviour of events Distinguish one event from the other through

focusing on the relationship between them Enables a discovery of the structure of events

Using distance metric

Page 13: Adding event reconstruction to a cloud forensic readiness

The ECFR can still be extended.

Conclusion

Forensic Readiness for Wireless Medical Systems

Forensic Accounting - people.csail.mit.edupeople.csail.mit.edu/ddeford/Forensic_Accounting.pdf · Forensic Accounting Introduction Forensic Figure:Exciting! The word forensic actually

Its happened Were you ready - Network · 2018-06-19 · A definition of Forensic Readiness Quote from “Good Practice Guide No. 18 -Forensic Readiness “ “Forensic Readiness is

Forensic Anthropology - FORENSIC SCIENCE

Forensic readiness: Preparing for the worst, and how to contain it

Digital Forensic Readiness in Megacities TOKI, 2014

Digital Forensics Readiness - Forward Defense · of what happened during an incident may be impossible. Forensic readiness is the ability of your organization to maximize use of digital

Forensic Readinessfireeyeday.com/event/pdf/T1_5.CyberDefenseLive2018.pdf · Forensic Readiness is the achievement of an appropriate level of capability by an organization in order

Forensic Sciences Year Book · 2019. 7. 23. · Forensic Sciences degree. We are very excited with the many new developments this academic year. The Forensic programs are adding new

InsIde ForensIc scIence Forensic Pharmacology

Forensic medicine (forensic pathology)

venkat... · Web viewOne typical anti forensic method is adding anti-forensic dither to DCT transform coefficients and erasing blocking artifacts to remove compression history. In

forensic readiness consulting seien sie vorbereitet · Riesaer Straße 5 D-01129 Dresden Tel.: +49 (0) 351 - 2820 - 0 ihr fahrplan fÜr eine forensic readiness reagieren • Verbesserung

ADDING AGILITY TO SOFTWARE READINESS ASSESS- MENT ...ecis2018.eu/wp-content/uploads/2018/09/1587-doc.pdf · Grieger et al. /Adding Agility to Software Readiness Assessment Twenty-Sixth

Digital Forensic ReadinessBusiness Plan November 2014 PwC Slide 1 Digital Forensic Readiness Krishna Sastry Pendyala Executive Director, Incident Response & Digital Forensic Services

FACT FAMILIES ADDING Subtraction ADDING Subtraction ADDING Subtraction ADDING Subtraction

Digital Forensic Readiness as a Component of …...Digital Forensic Readiness as a Component of Information Security Best Practice CP Groble^^ CP Louwrens^ 1 University of Johannesburg,

Forensic Applications of Foraminifera · Forensic Applications of Foraminifera 1 Andrew M. Bowen Stoney Forensic, Inc.* KEYWORDS Forensic geology, forensic geoscience, forensic soil

Experts reviews of a cloud forensic readiness framework for ......RESEARCH Open Access Experts reviews of a cloud forensic readiness framework for organizations Ahmed Alenezi1,2*,

` Forensic readiness: Preparing for the worst, and how to contain it. Campbell Murray Technical Director, Encription Limited 09 July 2014

Creating cyber forensic readiness in your organisation

FORENSIC BIOLOGY PROTOCOLS FOR FORENSIC STR ANALYSIS · FORENSIC BIOLOGY PROTOCOLS FOR FORENSIC STR ... FORENSIC BIOLOGY PROTOCOLS FOR FORENSIC STR ANALYSIS ... c. Fill both tip racks

10 Step Process for Forensic Readiness

admission.utm.my · Cloud Computing Protocol & Security Co-Creation and Strategic System Computer Forensic Computer Network & Security Corporate Forensic Readiness Framework Data

First Responders Course - Session 4 - Forensic Readiness [2004]

Digital Forensic Readiness as a Component of Information

Good Practice Guide Forensic Readiness - NCSC Site 18... · Forensic Readiness ... practitioners can use this Good Practice Guide ... factors that provide a scaled approach to the

BigData와 Forensic Readiness - cpoforum.or.krcpoforum.or.kr/privacy2013/download/Track_B_2.pdf · iii 보안로그분석 적용 ... 오픈 소스 소프트웨어의 비적인 발전

The Modelling of a Digital Forensic Readiness Approach for ... · 4.1 Overview of Digital Forensics Readiness The purpose of digital forensic readiness is to reduce the effort involved

INCIDENT RESPONSE PLANNING and FORENSIC READINESS

Digital Forensic Readiness Architecture for Cloud

8 Forensic Science & Forensic Toxicology

Forensic Readiness

A Ten Step Process for Forensic Readiness

Cyber forensic readiness cybercon2012 adv j fick

adding event reconstruction to a cloud forensic readiness

Technology

appropriate digital

credible digital evidence

dfi reconstruction

n event search function

suitable distance metric

distance function help

events dmd

structure of events