HELP for thesis in ...
 
Notifications
Clear all

HELP for thesis in cloud forensics

11 Posts
6 Users
0 Likes
1,696 Views
(@ibernato)
Posts: 28
Eminent Member
Topic starter
 

Hi guys,
I should do a master's thesis on cloud forensics. In particular, I have to simulate a cloud environment on the virtual box virtual machine on which to install windows server 2019 datacentre. I know there is a difference between a cloud environment and a traditional environment, but unfortunately there are limits. For this I am forced to simulate it on a virtual machine.
My problem is that I have no idea how to structure the thesis index.
Do you have any suggestions?
I had thought
1) Introduction here I am talking about cloud computing
1.1) Digital Forensics
1.2) Cloud forensics
2) The various types of cloud architecture (Saas, PaaS, IaaS)
3) The various types of cloud private, public, hybrid
4) Analysis of Windows Server on virtual box
4.1) The importance of windows artifacts
4.2) Analysis of the registers

 
Posted : 17/07/2019 3:39 pm
(@mcman)
Posts: 189
Estimable Member
 

I think you need to clarify if you're interested in investigating cloud data (or data stored in the cloud) or using the cloud to conduct forensic investigations (running your tools in the cloud) as those are two very separate things and would have completely different goals and outcomes to your thesis.

Jamie

 
Posted : 17/07/2019 4:20 pm
(@ibernato)
Posts: 28
Eminent Member
Topic starter
 

@mcman

I'm interested in the investigation of data on the cloud. The problem is that it is not possible to operate on the cloud because it requires permits.
So on my computer I install a windows 2019 datacenter server (on virtualbox) and then I should explain what needs to be examined (registers, virtual memory).

Is it clear to you what to do?
I have to do a panomarica on the cloud forensics, listing the problems present and simulating an analysis on a windows server.

 
Posted : 17/07/2019 6:53 pm
(@athulin)
Posts: 1156
Noble Member
 

My problem is that I have no idea how to structure the thesis index.
Do you have any suggestions?

No. You have to get a clear idea of who is going to read your thesis. People without the slightest clue, or forensic professionals? Once you know that, you know (hopefully) how to structure your work.

I had thought
1) Introduction here I am talking about cloud computing
1.1) Digital Forensics
1.2) Cloud forensics
2) The various types of cloud architecture (Saas, PaaS, IaaS)
3) The various types of cloud private, public, hybrid
4) Analysis of Windows Server on virtual box
4.1) The importance of windows artifacts
4.2) Analysis of the registers

I'm probably out of touch with what a master's thesis should contain, but … I don't see anything about what problem or question you are addressing. I expected some kind of documentation of previous research … but then, unless you define the point of your research, there's little that can be said about that.

I don't see that anything in chapter 1, 2 and 3 will be based on your personal work – and that's where I flip out. A master's thesis to me is not a 'dummies guide to cloud forensics' – it's research into well defined question. Probably a fairly narrow one. But you don't seem to have a question.

If there are questions about normal Windows Server forensic analysis, and Windows Server in various types of clouds (such as clouds may have central AD to make life simpler), that might be such an area what difference are there? One very cloud-specific question is related to the cloudiness of the cloud in a real cloud you don't really know where your services are realized. If server X gets overloaded and a server that implements a particular server has to be moved from X to another server Y … does that leave any forensic artifacts visible in the server? In DNS setup? Elsewhere? Is the new instance a forensically sound 'copy' of the old one, or is there something that gets changed, or lost or added? To keep a fairly narrow area for research, a 'çloudy' web server might be enough. Or perhaps a simple storage server, say, an FTP server or such.

But that's just my take. Your primary point of contact for questions like this one is your thesis advisor or faculty advisor or whoever is responsible for directing your work.

 
Posted : 17/07/2019 7:28 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Sorry ( to be blunt, but your index (and approach) makes no sense whatsoever (to me at least).

I read this

1) Introduction here I am talking about cloud computing
1.1) Digital Forensics
1.2) Cloud forensics
2) The various types of cloud architecture (Saas, PaaS, IaaS)
3) The various types of cloud private, public, hybrid
4) Analysis of Windows Server on virtual box
4.1) The importance of windows artifacts
4.2) Analysis of the registers

As I would read the index of a cuisine book

1) Introduction here I am talking about ice cream
1.1) Ice cream tasting
1.2) Sorbets tasting
2) The various types of ice cream, with eggs and without
3) The various types of ice cream flavours, fruit, non-fruit and new tastes
4) Analysis of bean soup cooked on stoves
4.1) The importance of the right kind of wood as fuel in stoves
4.2) Analysis of the stove temperatures (above 60°)

As Athulin stated, points #1 to #3 seem like a "generic introduction" (to something that later you will NOT test/analyze) 😯 .

Not only a Windows Server install in virtualbox has NOTHING to do with "cloud computing", but actual "cloud computing" in 95% or more of cases won't be using Windows (on the server side) at all (nowadays almost *everyone* on the cloud is running this - or that - incarnation of Linux)

But anyway, if you can only test an install of Windows Server in VirtualBox, the ONLY valid results you will get are - not so surprisingly I have to say - related to an install of Windows Server in VirtualBox ONLY, *anything* else wll be speculations or suppositions that in a completely different environment, and accessed by completely different means, the OS will behave the same (which is not given at all).

jaclaz

 
Posted : 18/07/2019 8:28 am
(@athulin)
Posts: 1156
Noble Member
 

But anyway, if you can only test an install of Windows Server in VirtualBox, the ONLY valid results you will get are - not so surprisingly I have to say - related to an install of Windows Server in VirtualBox ONLY, *anything* else wll be speculations or suppositions that in a completely different environment, and accessed by completely different means, the OS will behave the same (which is not given at all).

This is a good point results will probably be of limited direct use.

It may be of indirect use, though that is, identification of results that would need to be verified in one or more real cloud environments. Or … the thesis may conceivably be directed towards methodology rather than direct artifacts. Again, however, any proposed methodology for finding 'different' artifacts will need to be verified in real cloud environments. But as master's theses often prepare the way for PhD theses, this is not necessarily a drawback.

But I should probably say that to me, a bachelor's thesis is the first serious, though usually minor, work in academical research a student undertakes. The master's thesis is typically the second, and is thus less of a 'this is my first formal piece research', and more of a 'I'm going deeper into research I started earlier' .

In your situation, that might not be true if, for some reason, a master's thesis is the first time you face formal academical research, everything I have said here and earlier was misdirected, and you should really ensure that you have a working relationship with the teacher/tutour/advisor you have (you *must* have) for all your questions.

(Added An in the situation that your Master's Thesis is not done in an academical environment, … again, everything I've said missed the goal.)

 
Posted : 18/07/2019 9:17 am
steve862
(@steve862)
Posts: 194
Estimable Member
 

Hi,

As with the above comments your thesis needs to be much more clearly defined, with a clear set of objectives and for an intended audience. You should significantly reduce the range of topics you are considering. The Cloud is a massive subject without getting into a discussion of the Windows registry.

You might consider a more targetted approach and one of the starting points might be looking at the legislation around cloud data being collected by law enforcement agencies in the country in which you reside/study, or it could be a number of other counties. From there you could look at the quantities of data in the various cloud services that would not be found on a suspect's devices. Establishing a determination as to whether a crime is being adequatately investigated if no cloud data is being collected.

There are options of how cloud data should be collected and by whom. How do these people become trained and qualified to collect this data and what tools, processes, contemp notes should exist. How many people would be needed and where would they fit into the law enforcement agencies. Should they be a separate technical entity apart from the investigations team or part of it. How would they verify they are accessing the correct accounts, i.e. what level of checks and balances need to be in place.

You could look at the traditional digital forensic examination process and determine the artefacts that would demonstrate the use of cloud services. You could establish a list of clear indicators that data is being manually synchronised with a cloud service versus automatically sychronised. You could determine user settings and preferences and perhaps the evidence that synchronisation services had been turned on or off and when. Such artefacts might well exist and you could identify these and publish your findings. Extensive test sets would be needed and youd have to limit the number of cloud services and device types in your study.

Any one of those three suggestions is plenty for a Master's. You wouldn't need to be doing all three. With each of the three above there are plenty of further questions I could have added.

I'm not sure your planned approach of creating a simulated cloud service will provide much real-world relevance. I think you would be better placed looking at actual cloud services in use. This would particularly be the case with mobile devices where the cloud access is linked to the services' own installed app.

This has the potential to be a very interesting topic for the community. Done well it would be a positive contribution to the community if you were to share it once completed. In some countries law enforcement agencies are starting to collect cloud data on a more routine basis but others are not. It's early days for cloud forensics.

I'm guessing fom your posts English is not your first language. If that is the case I hope the advice being given makes sense.

Steve

 
Posted : 18/07/2019 1:18 pm
(@ibernato)
Posts: 28
Eminent Member
Topic starter
 

Hi,

As with the above comments your thesis needs to be much more clearly defined, with a clear set of objectives and for an intended audience. You should significantly reduce the range of topics you are considering. The Cloud is a massive subject without getting into a discussion of the Windows registry.

You might consider a more targetted approach and one of the starting points might be looking at the legislation around cloud data being collected by law enforcement agencies in the country in which you reside/study, or it could be a number of other counties. From there you could look at the quantities of data in the various cloud services that would not be found on a suspect's devices. Establishing a determination as to whether a crime is being adequatately investigated if no cloud data is being collected.

There are options of how cloud data should be collected and by whom. How do these people become trained and qualified to collect this data and what tools, processes, contemp notes should exist. How many people would be needed and where would they fit into the law enforcement agencies. Should they be a separate technical entity apart from the investigations team or part of it. How would they verify they are accessing the correct accounts, i.e. what level of checks and balances need to be in place.

You could look at the traditional digital forensic examination process and determine the artefacts that would demonstrate the use of cloud services. You could establish a list of clear indicators that data is being manually synchronised with a cloud service versus automatically sychronised. You could determine user settings and preferences and perhaps the evidence that synchronisation services had been turned on or off and when. Such artefacts might well exist and you could identify these and publish your findings. Extensive test sets would be needed and youd have to limit the number of cloud services and device types in your study.

Any one of those three suggestions is plenty for a Master's. You wouldn't need to be doing all three. With each of the three above there are plenty of further questions I could have added.

I'm not sure your planned approach of creating a simulated cloud service will provide much real-world relevance. I think you would be better placed looking at actual cloud services in use. This would particularly be the case with mobile devices where the cloud access is linked to the services' own installed app.

This has the potential to be a very interesting topic for the community. Done well it would be a positive contribution to the community if you were to share it once completed. In some countries law enforcement agencies are starting to collect cloud data on a more routine basis but others are not. It's early days for cloud forensics.

I'm guessing fom your posts English is not your first language. If that is the case I hope the advice being given makes sense.

Steve

Yes, i'm italian.
I know that the cloud is different from the virtual machine and that it doesn't make sense. Unfortunately I can't simulate in a real cloud environment.

Mine is not a research thesis, but a normal thesis.

What is your advice?
Examine the artifacts of various cloud services? (dropbox, drive, etc.)?

Examine the artifacts of a smartphone?

 
Posted : 18/07/2019 2:27 pm
(@trewmte)
Posts: 1877
Noble Member
 

Hi guys,
I should do a master's thesis on cloud forensics.

1) What is the time frame you have to complete the work and thesis?
2) What research have you carried out to-date on this subject?
3) Have you read papers by others that focussed their thesis on forensics and the cloud?

I have a large library on cloud forensics. The type of research mentioned at 2/3 (above) that I am referring, is as follows. The list below is a small sample I compiled from my library based upon the description of the MSc thesis that you gave

Cloud network forensic (2011)
Cloud-Based-Cyber-Physical-Systems-in-Manufacturing (2018)
Cloud-Computing-and-Security-Third-International-Conference-ICCCS-2017-Nanjing-China-June-16-18-2017-Revised-Selected-Papers-Part-I.pdf
Cloud-Computing-and-Security-Third-International-Conference-ICCCS-2017-Nanjing-China-June-16-18-2017-Revised-Selected-Papers-Part-II.pdf
Cloud-Storage-Forensics (2014)
Contemporary-Digital-Forensic-Investigations-of-Cloud-and-Mobile-Applications (2017)
Digital-Forensics-for-Network-Internet-and-Cloud-Computing-A-Forensic-Evidence-Guide-for-Moving-Targets-and-Data (2010)
Security, privacy and digital forensics in the cloud (2019)
VMSSS A Proposed Model for Cloud Forensic in Cloud Computing Using VM Snapshot Server (2019)
An Advanced Forensic Readiness Model for the Cloud Environment (2016)
Cloud Forensics A Meta-Study of Challenges, Approaches, and Open Problems (2013)

ETSI TR 102 997 V1.1.1 (2010-04)
Initial analysis of standardization requirements for Cloud services

ETSI TR 103 690 V1.1.1 (2012-02)
Lawful Interception (LI); eWarrant Interface

Draft ETSI DTR 101 567 V0.1.0 (2012-05)
Lawful Interception (LI); Cloud/Virtual Services (CLI)

ISO/IEC 177882014 1st Information technology – Cloud computing – Overview and vocabulary JTC1/SC38

 
Posted : 18/07/2019 9:30 pm
(@ibernato)
Posts: 28
Eminent Member
Topic starter
 

I changed my thesis.
You can close this thread.

 
Posted : 20/07/2019 1:14 pm
Page 1 / 2
Share: