SlideShare a Scribd company logo

Adding event reconstruction to a cloud forensic readiness

Download as PPTX, PDF
Victor Kebande, profile picture
Victor Kebande

This document discusses adding event reconstruction to a cloud forensic readiness model. It proposes enhancing the model to include event reconstruction, which examines evidence to identify what caused it and helps create hypotheses for digital forensic investigations. It outlines key aspects of event reconstruction, including posing questions about evidence properties and where/when items were created. The proposed enhanced cloud forensic readiness model incorporates a process for event reconstruction that uses similarity measures and distance functions to distinguish between events, predict their behavior, and discover their underlying structures based on their relationships.

Technology
1 of 13
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
Adding Event Reconstruction to a Cloud Forensic Readiness Model Presenter: V.R Kebande Supervisor: Prof Hein.S. Venter University of Pretoria
What is the focus of Digital Investigations Currently?  Searching for Digital Evidence  Collection of Digital Evidence  Examining the Properties of Collected Evidence. But why is that Evidence Really Evidence? Important Aspect: Need to Identify what CAUSED Evidence to have the properties it has. Introduction
ER examines and analyses the evidence to identify why it has its characteristics [Carrier & Spafford, 2004]. ER will pose the following questions:  Why Evidence has the properties  Where could they have come from?  When were they created? This may help to create a hypothesis for a DFI Reconstruction identifies events for which evidence exist to support their occurrence. What is Event Reconstruction
 Forensic Readiness-Maximizing an environment’s ability to collect credible Digital Evidence.  Minimizing the cost of forensic investigation during incident response [Rowlingson, 2004]  ISO/IEC 27043-”occurs before incident detection” A Cloud Forensic Readiness Model
 Proactive Approach  Retaining Critical Information  Collecting appropriate Digital Evidence So, How can a Cloud be Forensically Ready?
High-level view of the Model
 What is involved? Event reconstruction Event reconstruction Process  High-level Process  Detailed process Proposed Enhanced Cloud Forensic readiness Model
Enhanced Cloud Forensic Readiness Model
Reconstruction Reconstruction Process
P S A1 A2 A3 An Wi Xi yi Znei (Clu_N) (Clu_N) (Clu_N) (Clu_N) Event search function
Similarity measure between events represented by Minkowskis’ distance function A,B-Events p=1,2…to ∞ is [comparative metric for suitable distance metric between events] dMD-Is the distance metric for Minkowski Distance Similarity Measure ),( BAd MD pp n i ii BA ||1  
Event reconstruction based on the distance function help achieve the following:  To be able to distinguish one event from the other  Predict behaviour of events  Distinguish one event from the other through focusing on the relationship between them  Enables a discovery of the structure of events Using distance metric
 The ECFR can still be extended. Conclusion

More Related Content

PPTX
Oozma kappa
Sahara Ali
 
PPTX
Towards a High-Performance National Research Platform Enabling Digital Research
Larry Smarr
 
PPT
Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...
EarthCube
 
PPT
High Performance Collaboration – The Jump to Light Speed
Larry Smarr
 
PDF
Cloud Application Logging for Forensics
Raffael Marty
 
PDF
11.cyber forensics in cloud computing
Alexander Decker
 
PDF
Cloud Forensics- An IS Approach
IOSR Journals
 
PDF
Cloud Computing Forensic Science
David Sweigert
 
Oozma kappa
Sahara Ali
 
Towards a High-Performance National Research Platform Enabling Digital Research
Larry Smarr
 
Toward Real-Time Analysis of Large Data Volumes for Diffraction Studies by Ma...
EarthCube
 
High Performance Collaboration – The Jump to Light Speed
Larry Smarr
 
Cloud Application Logging for Forensics
Raffael Marty
 
11.cyber forensics in cloud computing
Alexander Decker
 
Cloud Forensics- An IS Approach
IOSR Journals
 
Cloud Computing Forensic Science
David Sweigert
 

Viewers also liked (7)

PDF
Memory forensics using VMI for cloud computing
Priyanka Aash
 
PPT
Cloud Monitoring And Forensic Using Security Metrics
Sandeep Saxena
 
PDF
Cloud Breach - Forensics Audit Planning
Valdez Ladd MBA, CISSP, CISA,
 
PPSX
Cloud Forensics
sdavis532
 
PPTX
The Cloud: Privacy and Forensics
Info_Studies_Aberystwyth
 
PDF
(130928) #fitalk cloud storage forensics - dropbox
INSIGHT FORENSIC
 
PDF
Cloud-forensics
anupriti
 
Memory forensics using VMI for cloud computing
Priyanka Aash
 
Cloud Monitoring And Forensic Using Security Metrics
Sandeep Saxena
 
Cloud Breach - Forensics Audit Planning
Valdez Ladd MBA, CISSP, CISA,
 
Cloud Forensics
sdavis532
 
The Cloud: Privacy and Forensics
Info_Studies_Aberystwyth
 
(130928) #fitalk cloud storage forensics - dropbox
INSIGHT FORENSIC
 
Cloud-forensics
anupriti
 
Ad

Similar to Adding event reconstruction to a cloud forensic readiness (20)

PPTX
Quantiative Risk Analysis for the Aerospace Industry
Intaver Insititute
 
PDF
A Proactive Approach in Network Forensic Investigation Process
Editor IJCATR
 
PPT
Project Risk Analysis in Aerospace Industry
Intaver Insititute
 
PPT
Mythbusters: Event Stream Processing v. Complex Event Processing
Tim Bass
 
PPTX
reducing firearms based on deep learning
konkalasilpa1319
 
PPTX
DF Process Models
Costas Katsavounidis
 
PDF
Bs4301396400
IJERA Editor
 
PDF
An Overview and Classification of Approaches to Information Extraction in Wir...
M H
 
PDF
Systematic Digital Forensic Investigation Model
CSCJournals
 
PDF
Review on Computer Forensic
Editor IJCTER
 
PDF
eventdemo2016
Rachel Guan
 
PDF
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
cscpconf
 
PPTX
National framework for digital forensics bangladesh context
Bank Alfalah Limited
 
PDF
Real Time Crime Detection using Deep Learning
IRJET Journal
 
PDF
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...
IJwest
 
PDF
Event detection and summarization based on social networks and semantic query...
ijnlc
 
PDF
EENA 2021 - Improving public safety with smart cities and Internet of Things ...
EENA (European Emergency Number Association)
 
PPT
Proposed Event Processing Definitions ,September 20, 2006
Tim Bass
 
PPTX
Information Fusion Methods for Location Data Analysis
Alket Cecaj
 
PPTX
ICRA: Intelligent Platform for Collaboration and Interaction
Lukas Tencer
 
Quantiative Risk Analysis for the Aerospace Industry
Intaver Insititute
 
A Proactive Approach in Network Forensic Investigation Process
Editor IJCATR
 
Project Risk Analysis in Aerospace Industry
Intaver Insititute
 
Mythbusters: Event Stream Processing v. Complex Event Processing
Tim Bass
 
reducing firearms based on deep learning
konkalasilpa1319
 
DF Process Models
Costas Katsavounidis
 
Bs4301396400
IJERA Editor
 
An Overview and Classification of Approaches to Information Extraction in Wir...
M H
 
Systematic Digital Forensic Investigation Model
CSCJournals
 
Review on Computer Forensic
Editor IJCTER
 
eventdemo2016
Rachel Guan
 
FORENSIC COMPUTING MODELS: TECHNICAL OVERVIEW
cscpconf
 
National framework for digital forensics bangladesh context
Bank Alfalah Limited
 
Real Time Crime Detection using Deep Learning
IRJET Journal
 
Estimating Fire Weather Indices Via Semantic Reasoning Over Wireless Sensor N...
IJwest
 
Event detection and summarization based on social networks and semantic query...
ijnlc
 
EENA 2021 - Improving public safety with smart cities and Internet of Things ...
EENA (European Emergency Number Association)
 
Proposed Event Processing Definitions ,September 20, 2006
Tim Bass
 
Information Fusion Methods for Location Data Analysis
Alket Cecaj
 
ICRA: Intelligent Platform for Collaboration and Interaction
Lukas Tencer
 
Ad

Recently uploaded (20)

PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Approach and Philosophy of On baking technology
30anthuong17
 
Spectroscopy.pptx food analysis technology
nawahassan45
 

Adding event reconstruction to a cloud forensic readiness

  • 1. Adding Event Reconstruction to a Cloud Forensic Readiness Model Presenter: V.R Kebande Supervisor: Prof Hein.S. Venter University of Pretoria
  • 2. What is the focus of Digital Investigations Currently?  Searching for Digital Evidence  Collection of Digital Evidence  Examining the Properties of Collected Evidence. But why is that Evidence Really Evidence? Important Aspect: Need to Identify what CAUSED Evidence to have the properties it has. Introduction
  • 3. ER examines and analyses the evidence to identify why it has its characteristics [Carrier & Spafford, 2004]. ER will pose the following questions:  Why Evidence has the properties  Where could they have come from?  When were they created? This may help to create a hypothesis for a DFI Reconstruction identifies events for which evidence exist to support their occurrence. What is Event Reconstruction
  • 4.  Forensic Readiness-Maximizing an environment’s ability to collect credible Digital Evidence.  Minimizing the cost of forensic investigation during incident response [Rowlingson, 2004]  ISO/IEC 27043-”occurs before incident detection” A Cloud Forensic Readiness Model
  • 5.  Proactive Approach  Retaining Critical Information  Collecting appropriate Digital Evidence So, How can a Cloud be Forensically Ready?
  • 6. High-level view of the Model
  • 7.  What is involved? Event reconstruction Event reconstruction Process  High-level Process  Detailed process Proposed Enhanced Cloud Forensic readiness Model
  • 8. Enhanced Cloud Forensic Readiness Model
  • 10. P S A1 A2 A3 An Wi Xi yi Znei (Clu_N) (Clu_N) (Clu_N) (Clu_N) Event search function
  • 11. Similarity measure between events represented by Minkowskis’ distance function A,B-Events p=1,2…to ∞ is [comparative metric for suitable distance metric between events] dMD-Is the distance metric for Minkowski Distance Similarity Measure ),( BAd MD pp n i ii BA ||1  
  • 12. Event reconstruction based on the distance function help achieve the following:  To be able to distinguish one event from the other  Predict behaviour of events  Distinguish one event from the other through focusing on the relationship between them  Enables a discovery of the structure of events Using distance metric
  • 13.  The ECFR can still be extended. Conclusion