±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 2 Overall: 36006
New Yesterday: 0 Visitors: 167

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

HELP for thesis in cloud forensics

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

Ibernato
Member
 

HELP for thesis in cloud forensics

Post Posted: Jul 17, 19 15:39

Hi guys,
I should do a master's thesis on cloud forensics. In particular, I have to simulate a cloud environment on the virtual box virtual machine on which to install windows server 2019 datacentre. I know there is a difference between a cloud environment and a traditional environment, but unfortunately there are limits. For this I am forced to simulate it on a virtual machine.
My problem is that I have no idea how to structure the thesis index.
Do you have any suggestions?
I had thought:
1) Introduction: here I am talking about cloud computing
1.1) Digital Forensics
1.2) Cloud forensics
2) The various types of cloud architecture: (Saas, PaaS, IaaS)
3) The various types of cloud: private, public, hybrid
4) Analysis of Windows Server on virtual box
4.1) The importance of windows artifacts
4.2) Analysis of the registers  
 
  

mcman
Senior Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 17, 19 16:20

I think you need to clarify if you're interested in investigating cloud data (or data stored in the cloud) or using the cloud to conduct forensic investigations (running your tools in the cloud) as those are two very separate things and would have completely different goals and outcomes to your thesis.

Jamie  
 
  

Ibernato
Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 17, 19 18:53

@mcman

I'm interested in the investigation of data on the cloud. The problem is that it is not possible to operate on the cloud because it requires permits.
So on my computer I install a windows 2019 datacenter server (on virtualbox) and then I should explain what needs to be examined (registers, virtual memory).

Is it clear to you what to do?
I have to do a panomarica on the cloud forensics, listing the problems present and simulating an analysis on a windows server.  
 
  

athulin
Senior Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 17, 19 19:28

- Ibernato
My problem is that I have no idea how to structure the thesis index.
Do you have any suggestions?


No. You have to get a clear idea of who is going to read your thesis. People without the slightest clue, or forensic professionals? Once you know that, you know (hopefully) how to structure your work.

I had thought:
1) Introduction: here I am talking about cloud computing
1.1) Digital Forensics
1.2) Cloud forensics
2) The various types of cloud architecture: (Saas, PaaS, IaaS)
3) The various types of cloud: private, public, hybrid
4) Analysis of Windows Server on virtual box
4.1) The importance of windows artifacts
4.2) Analysis of the registers


I'm probably out of touch with what a master's thesis should contain, but ... I don't see anything about what problem or question you are addressing. I expected some kind of documentation of previous research ... but then, unless you define the point of your research, there's little that can be said about that.

I don't see that anything in chapter 1, 2 and 3 will be based on your personal work -- and that's where I flip out. A master's thesis to me is not a 'dummies guide to cloud forensics' -- it's research into well defined question. Probably a fairly narrow one. But you don't seem to have a question.

If there are questions about normal Windows Server forensic analysis, and Windows Server in various types of clouds (such as clouds may have central AD to make life simpler), that might be such an area: what difference are there? One very cloud-specific question is related to the cloudiness of the cloud: in a real cloud you don't really know where your services are realized. If server X gets overloaded and a server that implements a particular server has to be moved from X to another server Y ... does that leave any forensic artifacts visible in the server? In DNS setup? Elsewhere? Is the new instance a forensically sound 'copy' of the old one, or is there something that gets changed, or lost or added? To keep a fairly narrow area for research, a 'çloudy' web server might be enough. Or perhaps a simple storage server, say, an FTP server or such.

But that's just my take. Your primary point of contact for questions like this one is your thesis advisor or faculty advisor or whoever is responsible for directing your work.  
 
  

jaclaz
Senior Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 18, 19 08:28

Sorry Sad to be blunt, but your index (and approach) makes no sense whatsoever (to me at least).

I read this:

1) Introduction: here I am talking about cloud computing
1.1) Digital Forensics
1.2) Cloud forensics
2) The various types of cloud architecture: (Saas, PaaS, IaaS)
3) The various types of cloud: private, public, hybrid
4) Analysis of Windows Server on virtual box
4.1) The importance of windows artifacts
4.2) Analysis of the registers


As I would read the index of a cuisine book:

1) Introduction: here I am talking about ice cream
1.1) Ice cream tasting
1.2) Sorbets tasting
2) The various types of ice cream, with eggs and without
3) The various types of ice cream flavours, fruit, non-fruit and new tastes
4) Analysis of bean soup cooked on stoves
4.1) The importance of the right kind of wood as fuel in stoves
4.2) Analysis of the stove temperatures (above 60°)


As Athulin stated, points #1 to #3 seem like a "generic introduction" (to something that later you will NOT test/analyze) Shocked .

Not only a Windows Server install in virtualbox has NOTHING to do with "cloud computing", but actual "cloud computing" in 95% or more of cases won't be using Windows (on the server side) at all (nowadays almost *everyone* on the cloud is running this - or that - incarnation of Linux)

But anyway, if you can only test an install of Windows Server in VirtualBox, the ONLY valid results you will get are - not so surprisingly I have to say - related to an install of Windows Server in VirtualBox ONLY, *anything* else wll be speculations or suppositions that in a completely different environment, and accessed by completely different means, the OS will behave the same (which is not given at all).


jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

athulin
Senior Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 18, 19 09:17

- jaclaz
But anyway, if you can only test an install of Windows Server in VirtualBox, the ONLY valid results you will get are - not so surprisingly I have to say - related to an install of Windows Server in VirtualBox ONLY, *anything* else wll be speculations or suppositions that in a completely different environment, and accessed by completely different means, the OS will behave the same (which is not given at all).


This is a good point: results will probably be of limited direct use.

It may be of indirect use, though: that is, identification of results that would need to be verified in one or more real cloud environments. Or ... the thesis may conceivably be directed towards methodology rather than direct artifacts. Again, however, any proposed methodology for finding 'different' artifacts will need to be verified in real cloud environments. But as master's theses often prepare the way for PhD theses, this is not necessarily a drawback.

But I should probably say that to me, a bachelor's thesis is the first serious, though usually minor, work in academical research a student undertakes. The master's thesis is typically the second, and is thus less of a 'this is my first formal piece research', and more of a 'I'm going deeper into research I started earlier' .

In your situation, that might not be true: if, for some reason, a master's thesis is the first time you face formal academical research, everything I have said here and earlier was misdirected, and you should really ensure that you have a working relationship with the teacher/tutour/advisor you have (you *must* have) for all your questions.

(Added: An in the situation that your Master's Thesis is not done in an academical environment, ... again, everything I've said missed the goal.)  
 
  

steve862
Senior Member
 

Re: HELP for thesis in cloud forensics

Post Posted: Jul 18, 19 13:18

Hi,

As with the above comments your thesis needs to be much more clearly defined, with a clear set of objectives and for an intended audience. You should significantly reduce the range of topics you are considering. The Cloud is a massive subject without getting into a discussion of the Windows registry.

You might consider a more targetted approach and one of the starting points might be looking at the legislation around cloud data being collected by law enforcement agencies in the country in which you reside/study, or it could be a number of other counties. From there you could look at the quantities of data in the various cloud services that would not be found on a suspect's devices. Establishing a determination as to whether a crime is being adequatately investigated if no cloud data is being collected.

There are options of how cloud data should be collected and by whom. How do these people become trained and qualified to collect this data and what tools, processes, contemp notes should exist. How many people would be needed and where would they fit into the law enforcement agencies. Should they be a separate technical entity apart from the investigations team or part of it. How would they verify they are accessing the correct accounts, i.e. what level of checks and balances need to be in place.

You could look at the traditional digital forensic examination process and determine the artefacts that would demonstrate the use of cloud services. You could establish a list of clear indicators that data is being manually synchronised with a cloud service versus automatically sychronised. You could determine user settings and preferences and perhaps the evidence that synchronisation services had been turned on or off and when. Such artefacts might well exist and you could identify these and publish your findings. Extensive test sets would be needed and youd have to limit the number of cloud services and device types in your study.

Any one of those three suggestions is plenty for a Master's. You wouldn't need to be doing all three. With each of the three above there are plenty of further questions I could have added.

I'm not sure your planned approach of creating a simulated cloud service will provide much real-world relevance. I think you would be better placed looking at actual cloud services in use. This would particularly be the case with mobile devices where the cloud access is linked to the services' own installed app.

This has the potential to be a very interesting topic for the community. Done well it would be a positive contribution to the community if you were to share it once completed. In some countries law enforcement agencies are starting to collect cloud data on a more routine basis but others are not. It's early days for cloud forensics.

I'm guessing fom your posts English is not your first language. If that is the case I hope the advice being given makes sense.

Steve
_________________
Forensic Computer Examiner, London, UK 
 

Page 1 of 2
Page 1, 2  Next