Cloud Busting: Understanding Cloud-Based Digital Forensics

What, exactly, is “the Cloud”? Is it a network of machines connected via the Internet scattered all over the globe? Is it a data center environment located in the United States or anywhere in the world? Is it really just “someone else’s computer”? Or, is there more to it that needs to be understood by the Information Security professional, to arm him or her with enough knowledge to answer the tough question that inevitably will be asked by their employer, “Why should we take the risk to move our most sensitive data into the cloud?” To take it one step further, should in the event of a data breach that same employer should say, “We need to investigate how this happened;” what exactly will the Information Security professional need to know to successfully conduct a digital forensic investigation, especially if he or she doesn’t have direct access to the server or hardware?

After attending this workshop, attendees should have a greater understanding of the following subjects:

• Cloud computing, including the different service models and deployment models
• Differences in Cloud governance laws between the United States and other countries
• Risks involved moving data into the cloud (and how they can be mitigated)
• How to identify the challenges of conducting a cloud-based digital forensics investigation (and how can they be overcome)
• Proper procedures of a cloud-based forensics investigation as defined by laws, regulations, and federal standards
• How to gather evidence from a cloud service provider to conduct a digital forensics investigation

Students must arrive with laptops preinstalled with TSK/Autopsy (or a valid licensed copy of FTK or EnCase). The forensic image will be made available shortly before the conference; alternatively it will be distributed on the day of the class.