Virtualising Computer Forensics Dr. Jianming Cai (j.cai@londonmet.ac.uk) Mr. Ayoola Afonja (AYA0230@londonmet.ac.uk) Faculty of Computing London Metropolitan University

About This Presentation

Title:

Virtualising Computer Forensics Dr. Jianming Cai (j.cai@londonmet.ac.uk) Mr. Ayoola Afonja (AYA0230@londonmet.ac.uk) Faculty of Computing London Metropolitan University

Description:

Title: Linux+ Guide to Linux Certification Subject: Chapter Two Last modified by: Karen Fraser Created Date: 9/27/2002 11:29:22 PM Document presentation format – PowerPoint PPT presentation

Number of Views:832

Avg rating:3.0/5.0

Slides: 15

Provided by: icsHeaca

Category:

more less

Transcript and Presenter's Notes

Title: Virtualising Computer Forensics Dr. Jianming Cai (j.cai@londonmet.ac.uk) Mr. Ayoola Afonja (AYA0230@londonmet.ac.uk) Faculty of Computing London Metropolitan University

1
Virtualising Computer ForensicsDr. Jianming
Cai (j.cai_at_londonmet.ac.uk)Mr. Ayoola Afonja
(AYA0230_at_londonmet.ac.uk)Faculty of
ComputingLondon Metropolitan University
2
Topics

Problems with Teaching Computer Forensics
Introduction to Virtualisation Technology
Moving towards the Virtual Environment
A Case Study
Summary

3
Problems with Teaching Computer Forensics

Digital evidence from different hard/software
platforms
University labs normally equipped with PCs and Ms
Windows O.S.
Specialised Computer Forensic Labs needed
What kind of labs we can afford?

4
Introduction to Virtualisation Technology

Virtualisation - the current trend reshaping the
software technology industry
Multiple Virtual Machines (VMs) run concurrently
on a physical machine.
Supported by the powerful processors and very
large storages
VMware the leading software, 100 Fortune
companies deployed its software

5
The VM Layer Structure
6
Moving towards the Virtual Environment

The desktop VMware installed on each PC
Both virtual Windows XP and virtual Linux then
installed on top of this VMware layer
Students have admin access to each virtual
machine.
Both Windows-based and Linux-based Computer
Forensics toolkits are running concurrently.

7
The Virtual Windows XP Running EnCase
8
The Virtual Linux Running Autopsy
9
A Case Study

A network incident investigation
Evidence collected from Linux O.S.
Not intended to show Network Forensics techniques
Rather to demonstrate the viability of Forensic
Analysis based on VMs

10
Snort HTTP Packet Inspection Results
11
Nmap Attack Identification
12
Inspecting Grouped Snort Log
13
Summary

Teaching Computer Forensics is not only demanding
but also expensive.
The Virtual Environment is one of the low cost
and efficient solutions.
Its full benefit is being exploited as the
Virtualisation Technology advances.
Are we prepared for the Virtualisation era?

14
Reference

1 Virtualize Your Business Infrastructure,
http//www.vmware.com/, viewed on 10/11/2009
2 http//www.vmware.com/technology/virtualisati
on.html viewed on 27/10/09
3 http//en.wikipedia.org/wiki/Computer_forensi
cs , viewed on 05/05/2009
4 http//www.guidancesoftware.com/, viewed on
10/11/2009
5 http//www.sleuthkit.org/autopsy/, viewed on
10/11/2009
6 Keith J. Jones et al (2006), Real Digital
Forensics Computer Security and Incident
response, Addison-Wesley, USA.
7 http//www.remote-exploit.org/backtrack.html,
viewed on 10/11/2009
8 Dan Farmer and Wietse Venema (2005)
Forensic Discovery, Addison-Wesley, ISBN
0-201-63497-X
9 Intrusion Detection Level Analysis of Nmap
and Queso, http//www.securityfocus.com/infocus/1
225, viewed on 28-08-09
10 http//en.wikipedia.org/wiki/Nikto_Web_Scann
er, viewed on 10/11/2009