The relocation of systems and services into cloud environments is on the rise. Because of this trend users lose direct control over their machines and depend on the offered services from cloud providers. These services are especially in the field of digital forensics very rudimentary. The possibilities for users to analyze their virtual machines with forensic methods are very limited. In the underlying research of this talk a practical approach has been developed that gives the user additional capabilities in the field of forensic investigations. The solution focuses on a memory forensic service offering. To reach this goal, a management solution for cloud environments has been extended with memory forensic services. Self-developed memory forensic services, which are installed on each cloud node and are managed through the cloud management component, are the basis for this solution. Forensic data is gained via virtual machine introspection techniques. Compared to other approaches it is possible to get trustworthy data without influencing the running system. Additionally, a general overview about the underlying technologies is provided and the pros and cons are discussed. The solution approach is discussed in a generic way and practically implemented in a prototype. In this prototype OpenNebula is used for managing the cloud infrastructure in combination with Xen as virtualization component, LibVMI as Virtual Machine Introspection library and Volatility as forensic tool.
Tobias Zillner runs his own security consulting company and works asindependent researcher on several security projects. He conducts informationsystems audits in order to assess compliance to relevant internal and externalrequirements and to provide a customers management with an independent opinionregarding the effectiveness, and efficiency of IT systems. Furthermore, Tobiasevaluates and assures security of Information Technology by performingwebapplication and web service penetration tests, source code analysis as wellas network and infrastructure penetration tests. He has a Bachelor degree inComputer and Media Security, a Master degree in IT Security and a Masterdegree in Information Systems Management. Tobias expertise also applies to theIT Governance, Risk and Compliance domains. He also holds a wide range ofcertifications, like CISSP, CISA, QSA, CEH, ITIL or COBIT.