Barcelona, Spain
October 25-28, 2016

Event Details

Please note: All times listed below are in Central Time Zone

Digital Forensics vs. OpenStack

The growing popularity of cloud technologies with an increased degree of cloud-based virtualization creates new challenges for the investigation of cyber attacks and early incident response.

The modern cloud architecture dictates the requirements for the forensic investigation and incident response model should be:

  • Scalable
  • Elastic
  • Easy to integrate and manage (integration with data and control plane)

To address these requirements, the paradigm of Forensics-as-a-Service has been introduced in a number of scientific papers. And digital forensic tools for OpenStack (including the FROST project), have been created to provide trustworthy forensic acquisition of virtual disks, API logs, and guest firewall logs.

We will discuss:

  • Challenges to find digital evidence in a scalable cloud environment
  • Practices for incident response in clouds
  • Infrastructure solutions (network sniffers, IDS/IPS, malware sandbox)
  • How to avoid cloud service standstill during forensic investigation

What can I expect to learn?

Attendees will leave this session with a better understanding of the capabilities of OpenStack when it comes to forensic investigation and incident response, including solutions and best practices they can adopt to mitigate losses from cyber attacks by reducing investigation and incident response time and avoiding services standstill.

Thursday, October 27, 4:40pm-5:20pm (2:40pm - 3:20pm UTC)
Difficulty Level: Beginner
CEO, NioGuard Security Lab
Alexander is a founder and CEO of NioGuard Security Lab, which delivers vendor unlocked security solutions against targeted attacks and ransomware. He has 10+ years’ experience in the antivirus industry providing services to Kaspersky Lab, Lavasoft, Samsung, Mirantis, and Acronis. Alexander is also a university lecturer developing new courses for EU universities, giving lectures that... FULL PROFILE
Forensics Expert, Blekinge Institute of Technology
Anders Carlsson, a Swedish Navy officer in past, is an author of a course in forensics. He gives lectures in Blekinge Institute of Technology and takes a position of a general manager of the ENGENSEC (Educating the next generation of security experts) EU academic project aimed to develop security courses for the Master program. FULL PROFILE
Enter srl
After serving for several years as an enthusiast Linux system administrator in an ISP environment, Mariano became CTO at and in 2011 started the company first Openstack based project running on Essex ( and On August 2013 the first italian region for (ECS) was launched. It was the first public IAAS running in Italy on Openstack, one of... FULL PROFILE
Data Protection Officer at City Network International AB
Hello, fellow sentient beings! I am a specialist in implementing cybersecurity and regulatory compliance in cloud environments. For the last seven years, my focus has been designing innovative solutions that meet the highest security demands and the strictest compliance demands based on open-source software.  I have a background as a developer that happened to be interested in regulatory... FULL PROFILE