Please note: All times listed below are in Central Time Zone
The growing popularity of cloud technologies with an increased degree of cloud-based virtualization creates new challenges for the investigation of cyber attacks and early incident response.
The modern cloud architecture dictates the requirements for the forensic investigation and incident response model should be:
- Easy to integrate and manage (integration with data and control plane)
To address these requirements, the paradigm of Forensics-as-a-Service has been introduced in a number of scientific papers. And digital forensic tools for OpenStack (including the FROST project), have been created to provide trustworthy forensic acquisition of virtual disks, API logs, and guest firewall logs.
We will discuss:
- Challenges to find digital evidence in a scalable cloud environment
- Practices for incident response in clouds
- Infrastructure solutions (network sniffers, IDS/IPS, malware sandbox)
- How to avoid cloud service standstill during forensic investigation
Attendees will leave this session with a better understanding of the capabilities of OpenStack when it comes to forensic investigation and incident response, including solutions and best practices they can adopt to mitigate losses from cyber attacks by reducing investigation and incident response time and avoiding services standstill.