Barcelona, Spain
October 25-28, 2016

Event Details

Please note: All times listed below are in Central Time Zone


Digital Forensics vs. OpenStack

The growing popularity of cloud technologies with an increased degree of cloud-based virtualization creates new challenges for the investigation of cyber attacks and early incident response.

The modern cloud architecture dictates the requirements for the forensic investigation and incident response model should be:

  • Scalable
  • Elastic
  • Easy to integrate and manage (integration with data and control plane)

To address these requirements, the paradigm of Forensics-as-a-Service has been introduced in a number of scientific papers. And digital forensic tools for OpenStack (including the FROST project), have been created to provide trustworthy forensic acquisition of virtual disks, API logs, and guest firewall logs.

We will discuss:

  • Challenges to find digital evidence in a scalable cloud environment
  • Practices for incident response in clouds
  • Infrastructure solutions (network sniffers, IDS/IPS, malware sandbox)
  • How to avoid cloud service standstill during forensic investigation

What can I expect to learn?

Attendees will leave this session with a better understanding of the capabilities of OpenStack when it comes to forensic investigation and incident response, including solutions and best practices they can adopt to mitigate losses from cyber attacks by reducing investigation and incident response time and avoiding services standstill.

Thursday, October 27, 4:40pm-5:20pm (2:40pm - 3:20pm UTC)
Difficulty Level: Beginner
NioGuard Security Lab, CEO
Alexander is a founder and CEO of NioGuard Security Lab, which delivers vendor unlocked security solutions against targeted attacks and ransomware. He has 10+ years’ experience in the antivirus industry providing services to Kaspersky Lab, Lavasoft, Samsung, Mirantis, and Acronis. Alexander is also a university lecturer developing new courses for EU universities, giving lectures that... FULL PROFILE
Forensics Expert, Blekinge Institute of Technology
Anders Carlsson, a Swedish Navy officer in past, is an author of a course in forensics. He gives lectures in Blekinge Institute of Technology and takes a position of a general manager of the ENGENSEC (Educating the next generation of security experts) EU academic project aimed to develop security courses for the Master program. FULL PROFILE
Enter srl
After serving for several years as an enthusiast Linux system administrator in an ISP environment, Mariano became CTO at Enter.it and in 2011 started the company first Openstack based project running on Essex (cloudup.it and selfserver.it) On August 2013 the first italian region for EnterCloudSuite.com (ECS) was launched. It was the first public IAAS running in Italy on Openstack, one of... FULL PROFILE
City Network Hosting AB
Huge Open Source fan boy and developer. I have an extensive background in mobility, and especially Symbian and Android. I am a really geeky dude that was forced to handle security and compliance, so the only coding I do is on my spare time. Luckily that's also what I like to do in my spare time, work. Real work, and not just a lot of compliance and regulations. Something that is actually for... FULL PROFILE