Professional Documents
Culture Documents
ETAKECS064
Contents
Issues in a Cloud
Digital Forensics
Examples of Computer Crimes
Digital Forensic Readiness
Ten Steps of DFR
Twelve Phases of an Investigation
Limitations of Digital Forensics
Proposed Model Host Selection Model
Example KDD99
Conclusion
Issues in a Cloud
Technical Issues
Power Outages
Network Problems
Security
Prone to attacks and threats
Identifying attackers
Digital Forensics
The collection, preservation, analysis, and
Digital Forensic
Readiness
Making of digital evidence readily available at
Digital Forensic
Readiness
Effective against:
Threats and extortion
Accidents and negligence
Disagreements, deceptions, and malpractice
Property rights infringement
Economic crime e.g. fraud, money laundering
Privacy invasion and identity theft
Employee disciplinary issues
12 Phases of an Investigation
First response
Planning
Preparation
Incident scene
Documentation
Potential evidence
Potential evidence
Potential evidence
Potential evidence
Potential evidence
Presentation
Conclusion
identification
collection
transportation
storage
analysis
C = { ci | ci is a network connection, i N }
Algorithm - Flowchart
Example KDD99
Anomaly detection used to overcome
I = { ik | ik is an incident type, 1 i 4, i N }
Set of network connection attributes:
41 network connection attributes
A = {ai | ai is a connection attribute, 1 i 41, i
N}
C = { ci | ci is a network connection,
1 i 409021, i N }
Set of initial hosts:
Hinit = { Is Id | Is Id = }
Is is the set of source IP addresses
Id is the set of destination IP addresses
address,
|H| =
n-1-|hi|, if hk H hi=hk
n-1, if ! hk H hi=hk
where n = |Hinit|
Assuming no duplicate entries,
|H|= 409020
Conclusion - Advantages
of the Proposed System
Reduced effort in finding evidence
Investigation of less number of hosts
Reduced cost in finding evidence
References
George Sibiya, Thomas Fogwill, H.S. Venter, Selection and
THANK YOU!