Incident Response and Forensics In The Cloud
- Wednesday, February 27th, 2013 at 1:00 PM EST (18:00:00 UTC)
- Paul Henry
You can now attend the webcast using your mobile device!
The move to Private and Public Cloud changes many things including how we respond for IR and Forensics. As an example: Traditionally in a physical realm we relied upon imaging a servers hard drive as well as RAM to perform a thorough analysis. Today in the Cloud creating a forensically sound image of an "instance" of a server to capture the servers abstracted hard disk and an image of its RAM brings new technical and legal complications. An additional issue to consider is that some vendors platforms are simply not fully supported by our current IR & Forensics Tools; todays commercial tools lack the ability to perform any analysis at all on a VMware VMFS file system. Lastly, downloading a large server image may simply be cost prohibitive due to the high bandwidth costs associated with moving data out of the cloud environment.
The best course of action may be to perform your analysis within the cloud - however, the methods used in the analysis within the Cloud must be forensically sound and as always in computer forensics they must be repeatable and the result must be the same findings. In this session we will begin to explore the changes that simply must be made to your IR and Forensics procedures to properly address IR & Forensics in the Cloud.
Paul A. Henry
Paul Henry is a Senior Instructor with the SANS Institute and one of the world's foremost global information security and computer forensic experts with more than 20 years' experience managing security initiatives for Global 2000 enterprises and government organizations worldwide.
Paul is a principal at vNet Security, LLC and is keeping a finger on the pulse of network security as the security and forensic analyst at Lumension Security.
Throughout his career, Paul has played a key strategic role in launching new network security initiatives to meet our ever-changing threat landscape. Paul also advises and consults on some of the world's most challenging and high-risk information security projects, including the National Banking System in Saudi Arabia, the Reserve Bank of Australia, the Department of Defense's Satellite Data Project (USA), and both government as well as telecommunications projects throughout Southeast Asia.
Paul is frequently cited by major and trade print publications as an expert in computer forensics, technical security topics, and general security trends and serves as an expert commentator for network broadcast outlets, such as FOX, NBC, CNN, and CNBC. In addition, Paul regularly authors thought leadership articles on technical security issues, and his expertise and insight help shape the editorial direction of key security publications, such as the Information Security Management Handbook, where he is a consistent contributor. Paul serves as a featured and keynote speaker at seminars and conferences worldwide, delivering presentations on diverse topics including anti-forensics, network access control, cyber crime, DDoS attack risk mitigation, firewall architectures, security architectures, and managed security services.