±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 35535
New Yesterday: 1 Visitors: 148

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

Anti-Forensic attack in cloud environment

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Page 1, 2  Next 
  

Fatin
Newbie
 

Anti-Forensic attack in cloud environment

Post Posted: Apr 30, 18 20:54

Hi, I need help. My organization preparing confidential data in cloud storage with comprehensive approach. Is there any possibility someone can break into my confidential data in cloud storage and get away without someone able to detect? Since we know even the cloud have a strong security, it is still can be attack by any tool of anti forensic? If yes, can you suggest me technique for detecting that kind of anti-forensic attack?  
 
  

keydet89
Senior Member
 

Re: Anti-Forensic attack in cloud environment

Post Posted: Apr 30, 18 23:40

- Fatin
Is there any possibility someone can break into my confidential data in cloud storage and get away without someone able to detect?


Most definitely.


- Fatin
Since we know even the cloud have a strong security, it is still can be attack by any tool of anti forensic?


What makes you think "the cloud" has strong security?

- Fatin
If yes, can you suggest me technique for detecting that kind of anti-forensic attack?


What kind of anti-forensic attack? There are many.  
 
  

kastajamah
Senior Member
 

Re: Anti-Forensic attack in cloud environment

Post Posted: May 01, 18 13:32

Bottom line is data is not 100% safe any where. User error could give away vital passwords that can give someone the ability to obtain the data. There are anti-forensic tools out there that will make it difficult for any investigator to track down the culprit. A high degree of research on the part of the company that is going to host your data is paramount. Questions to consider are:

Do you support/require 2 factor authentication when someone logs in to access my data?

Is my data stored in an unencrypted state?

Are the servers that store my data (really the cloud is just a series of physical servers) in one geographical location or spread out throughout the country that I am in or throughout the world?

Are the passwords to access my data stored in your system as plain text or as a hash or encrypted?

Is there IP monitoring to see which IP addresses are trying to log into my data?

These are basic questions that any reputable cloud service should be able to answer, and give you a sense of confidence that your data, albeit not 100% safe, is relatively safe.  
 
  

MDCR
Senior Member
 

Re: Anti-Forensic attack in cloud environment

Post Posted: May 01, 18 14:26

- Fatin
Since we know even the cloud have a strong security


Oh - you know do you?

When cloud providers talk about security, they talk about their infrastructure like VM hosts, backup, net ops and stuff like that. They do not talk about whatever circus your virtual machines are running.

Logging is generally crap in the cloud and there are plenty of problems associated with it, since it is built to scale the amount of information can easily take a big jump up quickly, so you need to configure it properly. This video goes into it (AWS) in detail, if you're on Azure, it's slightly different but the problems are generally the same:

www.youtube.com/watch?v=SZVbSsRNC74  
 
  

UnallocatedClusters
Senior Member
 

Re: Anti-Forensic attack in cloud environment

Post Posted: May 01, 18 15:09

Your organization could use AccessData's FTK Imager tool (free to use) to make encrypted forensic images of the data you wish to store in the cloud.  
 
  

passcodeunlock
Senior Member
 

Re: Anti-Forensic attack in cloud environment

Post Posted: May 01, 18 16:58

If your data is important, self-owned storage and VPN is the good way to go.

Forget all these "our cloud is safe" things, clouds are very useful for mostly public things, like traditional web hosting, etc. - but not for storing sensitive forensics data.

@UnallocatedClusters: encrypted or not, if in a forensic case any data leaking is proven, the case is dead.
_________________
Apple passcode unlock + decrypted filesystem dump, Android user locks unlock + physical dump with decrypted userdata partition. We provide our services world-wide, but we reserve the right for choosing which tasks we take and which we deny! 
 
  

questnz
Member
 

Re: Anti-Forensic attack in cloud environment

Post Posted: May 03, 18 21:00

Originally designed by Kim Dotcom Mega maybe your ticket. You can check Mega is fully encrypted with NO back door access available. We use since its conception for storing sensitive stuff, Originally because huge free 50 GB storage allocation. Obvious not enough for Forensic Images but there are other options available for some extra $$$$

ps I have no vested interest in Mega, just a happy user

Chris  
 

Page 1 of 2
Page 1, 2  Next