1 / 14

Topics

Virtualising Computer Forensics Dr. Jianming Cai ( j.cai@londonmet.ac.uk ) Mr. Ayoola Afonja ( AYA0230@londonmet.ac.uk ) Faculty of Computing London Metropolitan University. Topics. Problems with Teaching Computer Forensics Introduction to Virtualisation Technology

tova
Download Presentation

Topics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Virtualising Computer ForensicsDr. JianmingCai(j.cai@londonmet.ac.uk)Mr. AyoolaAfonja (AYA0230@londonmet.ac.uk)Faculty of ComputingLondon Metropolitan University

  2. Topics • Problems with Teaching Computer Forensics • Introduction to Virtualisation Technology • Moving towards the Virtual Environment • A Case Study • Summary

  3. Problems with Teaching Computer Forensics • Digital evidence from different hard/software platforms • University labs normally equipped with PCs and Ms Windows O.S. • Specialised Computer Forensic Labs needed • What kind of labs we can afford?

  4. Introduction to Virtualisation Technology • Virtualisation - the current trend reshaping the software technology industry • Multiple Virtual Machines (VMs) run concurrently on a physical machine. • Supported by the powerful processors and very large storages • VMware –the leading software, 100% Fortune companies deployed its software

  5. The VM Layer Structure

  6. Moving towards the Virtual Environment • The desktop VMware installed on each PC • Both virtual Windows XP and virtual Linux then installed on top of this VMware layer • Students have admin access to each virtual machine. • Both Windows-based and Linux-based Computer Forensics toolkits are running concurrently.

  7. The Virtual Windows XP Running EnCase

  8. The Virtual Linux Running Autopsy

  9. A Case Study • A network incident investigation • Evidence collected from Linux O.S. • Not intended to show Network Forensics techniques • Rather to demonstrate the viability of Forensic Analysis based on VMs

  10. Snort HTTP Packet Inspection Results

  11. Nmap Attack Identification

  12. Inspecting Grouped Snort Log

  13. Summary • Teaching Computer Forensics is not only demanding but also expensive. • The Virtual Environment is one of the low cost and efficient solutions. • Its full benefit is being exploited as the Virtualisation Technology advances. • Are we prepared for the Virtualisation era?

  14. Reference [1] Virtualize Your Business Infrastructure, http://www.vmware.com/, viewed on 10/11/2009 [2] http://www.vmware.com/technology/virtualisation.html viewed on 27/10/09 [3] http://en.wikipedia.org/wiki/Computer_forensics , viewed on 05/05/2009 [4] http://www.guidancesoftware.com/, viewed on 10/11/2009 [5] http://www.sleuthkit.org/autopsy/, viewed on 10/11/2009 [6] Keith J. Jones et al (2006), Real Digital Forensics Computer Security and Incident response, Addison-Wesley, USA. [7] http://www.remote-exploit.org/backtrack.html, viewed on 10/11/2009 [8] Dan Farmer and Wietse Venema (2005) Forensic Discovery, Addison-Wesley, ISBN 0-201-63497-X [9] Intrusion Detection Level Analysis of Nmap and Queso, http://www.securityfocus.com/infocus/1225, viewed on 28-08-09 [10] http://en.wikipedia.org/wiki/Nikto_Web_Scanner, viewed on 10/11/2009

More Related