Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m new to forensic and I\'m trying to do a simple research about forensic in t

ID: 656317 • Letter: I

Question

I'm new to forensic and I'm trying to do a simple research about forensic in the cloud.

let's assume that I have access to an EC2 instance (whether a private key for a Linux instance or the username and password for Windows instance), and I used a software like FTK Remote Agent to acquire an image. Isn't this image the same as if I was able to go to the data center and physically connect and acquire the image?

I'm asking this because I was reading a paper in which the researchers were evaluating current tools (like FTK and EnCase) in cloud environment.They wanted to know whether these tools can acquire forensic data. So they created an EC2 instance, downloaded Apache on that instance, made some web pages and compromised the machine using a web-based vulnerability. Then they acquired an image and checked if they can find the timeline of their activities.

My other question: is it considered acceptable to install a tool or a service on a remote machine in order to acquire a forensic image? or is it considered to be damaging to the integrity of the evidence? (for example connecting to an EC2 instance using remote desktop and installing a tool that would let me connect to acquire a remote image).

Thanks.

Explanation / Answer

You are correct yes using something like FTK remote age is the same however you do have the added fun that it is potentially a live system so things are changing as you're working.

In a real world environment you're correct they contaminated the evidence (a BIG no-no), and would most likely be inadmissible in a court room. The most likely scenario would involve getting the courts permission to ask amazon for a snapshot / clone of that particular VM which can then be examined.

The best way is probably to use some of the VM's snapshot-ing abilities their are some tools which can work with the likes of VMDK files (VMWare) quite easily to allow investigators to carry out their duties.

Related Questions

I\'m lost on this one. :/ An airplane is flying horizontally with speed 1000 km/
Question #2117154
I\'m lost with this. can anyone understand and complete this. Problem I Effects
Question #2542227
I\'m lost, need help please! Analysis of an unknown oxide of copper Mass of beak
Question #937144
I\'m lost. Company X sells on a 115, net 90. basis. Company Y buys goods with an
Question #2400882
I\'m lost... Consider the circuit of Figure 6.19. The AC supply has a peak volta
Question #2137304
I\'m made a small web service that gets urls, download them, and convert them fo
Question #662046
I\'m mainly having problems with B and C....I have marked which ones I have gott
Question #3369393
I\'m maintaining some legacy code of a physical simulation. The calculation obje
Question #655012
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m new to cryptography and have just encountered AES and SPN. I would like to
Next
I\'m new to java and my professor throws us into the dark with these projects. I

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.