Index
a
- abstract digital forensic model (ADFM) 242
- abuse of services 293
- access control, cloud IaaS
- access control lists (ACLs) 36
- Access Control model with SID extension (AWSAC‐SID) 94
- AccessData Forensic Toolkit (FTK) 213
- acquisition of the gmail account 252
- Address Resolution Protocol (ARP) 38
- Administrative Azure‐AC‐SID Model 105–107
- Advanced Encryption Standard (AES) 34
- Advanced Encryption Standard (AES‐256) encryption 16
- Advanced Forensics Format (AFF) 324
- Advanced Imager (AIMAGE) 324
- Advanced Research Projects Agency Network (ARPANET) 283
- Air Force Research Laboratory (AFRL) 172
- Amazon Cloud Drive (ACD) 264
- Amazon, DoS attack 137
- Amazon Elastic Block Store (EBS) 14
- Amazon Elastic Compute Cloud (EC2) 177, 213
- Amazon Machine Images (AMIs) 38
- Amazon S3 14, 213
- Amazon SimpleDB 14
- Amazon Simple Storage Service (AS3) 264, 274–275
- Amazon Virtual Private Cloud (VPC) 37
- Amazon Web Services (AWS) 14, 52, 94, 163, 227, 275, 302
- American Institute of Certified Public Accountants (AICPA) 18, 173
- antivirus (AV) storms 131
- Apache Hadoop project 212
- API‐centric acquisition and processing 314–315
- application programming interfaces (API) 11, 24, 131, 264, 288
- application scenario 223
- application service providers (ASPs) 52
- APT28/Pawn Storm 229
- asymmetric encryption 25
- attack‐centric metrics 144
- attacks‐as‐a‐service 322
- audit‐centric forensic services 315–316
- Auditing Standards Board (ASB) 18
- auxiliary information 63
- auxiliary repository (AuxRep) 63
- AWS access‐control (AWS‐AC) model
- Azure access control, cloud IaaS
- Azure Active Directory User (AADU) 101
b
c
- cardholder data environment (CDE) 182
- card verification value (CVV) 17
- central processing unit (CPU) 164
- Certified Accountable Tamper‐evident Storage (CATS) 13
- chain‐of‐custody subsystem 289
- Chief Information Officers (CIOs) 171
- Chief Information Security Officers (CISOs) 175
- 2000 Children’s Internet Protection Act 230
- chunk 65
- classless inter‐domain routing (CIDR) 273
- Clean IT 228
- client data reduction (CDR) 59
- cloud auditing
- cloud auditor 4
- cloud‐based dependency graph 150–153
- cloud‐based forensics‐as‐a‐service (FaaS) 332–334
- CloudBerry Drive 276, 279
- cloud broker 4
- cloud carrier 4
- cloud compliance
- cloud components 5
- cloud computing 3, 189, 204–206
- cloud consumer 4
- Cloud Controls Matrix (CCM) 115, 173
- cloud digital evidence
- adapting to the new landscape 304–305
- API‐centric acquisition and processing 314–315
- audit‐centric forensic services 315–316
- cloud forensics as a reactive technology 301–302
- cloud service models 306
- hardware 305
- infrastructure‐as‐a‐service 307
- middleware 305
- new forensics landscape 302–304
- operating system 305
- PaaS/IaaS forensics 312
- platform‐as‐a‐service 307
- procedural expansion of existing forensic practices 313
- runtime 305
- SaaS forensics 308–311
- software‐as‐a‐service 306–307
- virtualization 305
- cloud‐distributed systems 168
- cloud drive forensics 310–311
- Cloudera 330
- cloud federation 160, 172
- CloudFence 315
- cloud forensic readiness for SLA management (SLACFR) formal model 295
- cloud forensics
- cloud computing 204–206
- digital evidence collection and extraction 208–209
- digital forensics 206–207
- dynamic cloud forensics model 210–211
- evidence analysis and fixation 210
- forensics moving into the cloud 208
- methods and approaches 211–213
- process and model
- Access Data’s Forensic Tool Kit 244
- data identification 243
- depth of knowledge 246
- digital forensic procedures 245
- Guidance Software’s Encase 244
- IaaS 243
- law enforcement agencies 245
- model 246–247
- non‐law enforcement bodies 245
- PaaS 243
- post‐search investigation stage 250–251
- pre‐search stage 248
- SaaS 243
- search stage 248–250
- transformative computing technologies 243
- cloud forensics readiness 287–288
- cloud forensics readiness system (CFRS) 288
- cloud identity and access management (IdAM) 14
- cloud infrastructure security
- hypervisor security 28–31
- infrastructure protection
- network‐level mitigation 26
- cloud‐native application forensics 308–310
- Cloudopsy 315
- cloud provider 4
- cloud risk assessment and disaster recovery
- cloud security 7
- cloud security alliance (CSA) 35, 115, 132, 158, 159, 192
- Cloud Security Alliance Cloud Controls Matrix (CSA CCM) 17
- cloud security and privacy management
- security practices and recommendation 117–118
- Cloud Select Industry Group, Subgroup on Service Level Agreement (C‐SIG‐SLA) 182
- Cloud Service Level Agreement Standardization (Cloud SLAS) Guideline 181
- cloud service provider (CSP) 23, 81
- cloud specific tools 304
- cloud storage forensics 264–265
- cloud storage systems
- costs reduction, data‐reduction techniques 57–59
- cryptographic solutions
- Cloud Trust Protocol (CTP) 173
- Cockatoo workflow 116
- Common Criteria (CC) 164
- communication threat 134
- community cloud 5, 206
- compound annual growth rate (CAGR) 158
- compression algorithms 60
- computation breaches 3
- computer emergency response team (CERT) 164
- computer forensics 240
- computer forensics tool testing (CFTT) 333
- Computer Security Incident Response Team (CSIRT) 34
- conceptual reference model 110
- conditional probability table (CPT) 150, 152
- configuration‐management software 39
- Consensus Assessments Initiative Questionnaire (CAIQ) 173
- consequence‐centric security assessment
- consequence tree (CT)
- Control Objectives for Information and related Technology (COBIT) 19
- convergent encryption 61
- coordinator module (CoMod) 64
- core project (CP)
- countermeasure 129
- crimeware‐as‐a‐service (CaaS) 322
- Criminal Justice Information Services (CJIS) 35
- critical module (CritMod) 64
- cross‐site scripting (XSS) 28, 225
- cryptographic attack 160
- cryptographic module 64
- cuckoo attack 69
- curious cloud administrators 54
- customer guest OS 28
- customer relationship management (CRM) 32
- CyberCaliphate 229
- cybercrime‐as‐a‐service (CaaS) 322
- cyberlaw 227–230
- cyberterrorism
- benefits of cloud 225–227
- 2000 Children’s Internet Protection Act 230
- cloud context 222–223
- cyberlaw 227–230
- cyber‐specific laws 230
- defining 220–221
- EU Council Framework Decision on Combating Terrorism 231
- 2001 European Convention on Cybercrime 231
- 2014 Protecting Canadians from Online Crime Act in Canada 231
- terrorism 218–220
- vs. terrorist use of cyberspace 221–222
- UN‐sponsored Comprehensive Convention on International Terrorism 231
- usage of cloud 223–225
d
- data acquisition
- Amazon simple storage service 274–281
- business models 261
- cloud storage forensics 264–265
- data center as a source of evidence 259–260
- data‐dense environment 258, 265–274
- Dropbox account 257
- inside the internet 258–259
- law enforcement interventions in cybercrime 259
- legal environment of operations 261–263
- non‐law‐enforcement‐friendly ISPs 258
- data availability 178–179
- database encryption key (DEK) 44
- data breach/loss 3, 293
- data center as a source of evidence 259–260
- data confidentiality 177–178
- in cloud storage systems
- data‐driven acquisition 328
- data‐efficiency module 64
- dataflows 180–181
- data gathering 267–268
- data governance 3
- data integrity 11, 176–177
- data privacy 179–180
- data protection authorities (DPAs) 179
- Data Protection Heat Index (DPHI) 175
- data‐protection measures 165
- data‐recovery vulnerability 8
- data‐reduction techniques 57–59
- data remanence 10
- Data security Standard (DSS) certificates 163
- data storage provider (DSP) 178
- deduplication 58
- defense‐centric approaches 144
- denial of service (DoS) 37, 131, 293
- attack by Sony 136
- dependency graph (DG) 150
- system‐call interception 151
- digital evidence collection and extraction 208–209
- digital forensic readiness (DFR) 284–287
- digital forensic research workshop (DFRWS) 240–242
- digital forensics 206–207
- digital forensics as a service (DFaaS) successor to XIRAF 327–328
- digital forensics investigation (DFI) 291
- digital investigation action classes 241
- distributed denial of service (DDoS) attacks 8, 38, 129, 160, 224, 293
- distributed file system (DFS) 44
- distributed state‐monitoring 168
- domain 81
- domain name system (DNS) 24, 258
- Dropbox account 257
- dynamic cloud forensics model 210–211
- dynamic pipelining 328
- dynamite 242
e
- Eclipse‐based integrated development environment (IDE) 32
- electronic authentication 10
- EnCase 213
- EnCase Portable 253
- encryption/decryption provider (EDP) 178
- end‐to‐end encryption 56–57
- enhanced integrated digital investigation process (EIDIP) 242–243
- ETag 276
- EU Council Framework Decision on Combating Terrorism 228, 231
- European Commission (EC) 180
- European Economic Area (EEA) 180
- European Network and Information Security Agency (ENISA) 45
- European Union (EU) 12, 180
- European Union’s General Data Protection Regulation (GDPR) 53
- EVault SaaS 15
- evidence analysis and fixation 210
- expert users (EU)
- exploit‐as‐a‐service 322
- Extensible Markup Language (XML) 131
- external adversaries 54
- External Certificate Authority 34
f
- Family Educational Rights and Privacy Act (FERPA) 35, 332
- fault tolerance 13
- fear, uncertainty, and doubt (FUD) 24
- Federal Information Processing Standard (FIPS) 37
- Federal Information Processing Standard (FIPS) Publication 140‐2 20
- Federal Information Security Management Act (FISMA) 17
- Federal Risk and Authorization Management Program (FedRAMP) 161
- fight against terrorism 219
- file carving 303
- file‐encryption key (FK) 65
- file‐to‐process dependency 150
- flooding attacks 3, 8
- Force.com 15, 31–34
- forensic cloud 212, 324
- forensic database 288
- forensics artifacts subsystem 288
- forensics‐as‐a‐service (FaaS) 209
- chapter road map 323
- cloud‐based 332–334
- cloud computing 322
- digital forensic analysis 321
- GPU‐based distributed forensic analysis 325–331
- limitations in state‐of‐the‐art research and tools 331–332
- limitations of traditional computer forensics 323–324
- MPI MapReduce 334
- potential of looking up to the cloud 324
- forensics readiness system constraints 290
- forensic triage 211
- F‐Response 213
- FROST 287
- FTK Imager v 3.4.26 276
- functionally encryptable data 177
g
- General Service Administration (GSA) 172
- generic distributed framework (GDF) 326
- geo‐redundant storage (GRS) 44
- getInfoByIdResponse 265
- Gibbs sampler 153
- GoGrid 15
- Google App Engine 15, 40–42
- Google Cloud Storage 315
- governance, risk management, and compliance (GRC) 173, 183
- GPU‐based distributed forensic analysis
- Bluepipe architecture 325
- central processing units 325
- data deduplication driven acceleration of forensic analysis 330–331
- forensics‐as‐a‐service 330
- generic distributed framework 326
- graphics processing units 325
- GRR rapid response framework 328–329
- Hansken 327–328
- limitations in state‐of‐the‐art research and tools 331–332
- MPI MapReduce 328
- scalable file‐based data store for forensic analysis 329–330
- XML information retrieval approach to digital forensics 326–327
- Gramm‐Leach‐Bliley Act (GLBA) 53
- graphics processing unit (GPU) 164
- GRR rapid response framework 328–329
h
- Hansken 327–328
- hard disk drive (HDD) 57
- hardware‐based isolation (HBI) 71
- Health Insurance Portability and Accountability Act (HIPAA) 17, 35, 53, 332
- hierarchical multitenancy (HMT) 83
- highavailability and integrity layer (HAIL) 176
- hijacking 293
- hop analysis 267, 272–273
- host firewalls 205
- host‐hopping attacks 168
- hybrid cloud 6, 206
- Hypertext Transfer Protocol Secure (HTTPS) 41
- Hyper‐V hypervisor 42
- hypervisor security
i
- 19‐inch‐wide server system 260
- indicator of compromise (IOC) 125
- indirectly critical assets 147
- Information and Communication Technology (ICT) 19
- information rights management (IRM) 9
- information security 8
- Information Security Management System (ISMS) standards 17, 193
- information system (IS) 10
- Information Systems Audit and Control Association (ISACA) 19
- information technology (IT) communities 189
- Information Technology Infrastructure Library (ITIL) 18
- Information Technology Operation Support (ITOS) 171
- infrastructure‐as‐a‐service (IaaS) 4, 23, 82, 130, 204, 223, 307
- infrastructure security 9
- initialization vector (IV) 65
- insecure APIs 293
- integrated digital investigation process (IDIP) 242
- integrity 11
- International Association of Privacy Professionals (IAPP) 175
- International Auditing and Assurance Standards Board (IAASB) 18
- International Electrotechnical Commission (IEC) 193
- International Federation of Accountants (IFAC) 18
- International Organization for Standardization (ISO) 193
- International Standards for Assurance Engagements (ISAE) No. 3402 18
- Internet of Everything (IoE) 190
- Internet of Things (IoT) 138
- Internet Protocol (IP) 158
- Internet service provider (ISP) 37, 258
- Internet technology (IT) 52
- intrusion detection systems (IDS) 34, 135, 136, 143, 165, 205
- ISO/IEC 27001:2005 19
- IT Governance Institute (ITGI) 19
j
k
l
- lack of transparency 293
- law enforcement 54
- law‐enforcement adversary 70
- law enforcement interventions in cybercrime 259
- layered interleaving 176
- legal environment of operations 261–263
- local area network (LAN) 6
- logical block addresses (LBAs) 65
- “lone wolf” terrorism 228
m
- Magnet Forensics’ Internet Evidence Finder (IEF) 213
- malicious insiders 132, 293
- and abuse of privileges 168
- malicious tenants 54
- malware‐as‐a‐service 227, 322
- malware propagation 132
- managed storage providers (MSPs) 52
- Man‐in‐the‐cloud attack 136
- MapReduce processing model 328
- master encryption keys (MK) 65
- MD5 hash value 276
- memory‐cache isolation 164
- Message Passing Interface (MPI) 328
- Microsoft Azure 16, 42–45, 227
- Microsoft Office 365, use case 118–124
- Microsoft’s Hyper‐V, DDoS attack 137
- mission assurance 196
- Mission Assurance Analysis Protocol (MAAP) 194
- monitored data subsystem 288
- monitoring‐as‐a‐service 322
- Motion Picture Association of America (MPAA) 35
- MPI MapReduce (MMR) 328
- multitenancy 8, 10
- multitenant model 163
- Mutual Legal Assistance Treaty (MLAT) 179
n
- National Institute of Standards and Technology (NIST) 109, 130
- National Software Reference Library (NSRL) 329
- Nemesis architecture 119
- on‐demand web application 115
- Netherlands Network Operators Group (NLNOG) Ring 270
- network‐level mitigation 26
- NIST Cloud Computing Security Reference Architecture (NCC‐SRA) 171
- NIST Cloud Computing Security Working Group (NCC‐SWG) 171
- NIST Special Publication 800‐53 standard 19–20
- Non‐Azure Active Directory User (NAADU) 101
- non‐disclosure agreement (NDA) 27
- non‐law‐enforcement‐friendly ISPs 258, 260
- nonrepudiation 13–14
o
- on‐demand computing 3
- online open source intelligence (OSINT) 268, 272
- Open Certification Framework (OCF) 180
- open project (OP) 86
- open source intelligence 267
- OpenStack 287
- OSAC model
- OpenStack access control (OSAC) model
- OpenStack Access Control Model with Secure Isolated Domain extension (OSAC‐HMT‐SID model) 86
- OpenStack Cloud Files 213
- Open Systems Interconnection (OSI) network model 209
- open virtualization format (OVF) standard language 289
- operating systems (OS) 23, 130
- Organisation for Economic Co‐operation and Development (OECD) 12, 175
- Organization accounts 104
- OS‐level virtualization 28
p
- PaaS/IaaS forensics 312
- Packet sniffing, by other tenants 38
- pay‐as‐you‐go 6
- Payment Card Industry (PCI) 163
- Payment Card Industry Data Security Standard (PCI DSS) 17
- peer‐to‐peer (P2P) networks 61
- perimeter monitoring 34
- permissibility of encryption and expectation of privacy 263
- personally identifiable information (PII) 14, 176
- pertinent network data 252
- petabytes (PB) 178
- phishing attacks 226
- Phoenix shared‐memory implementation 328
- physical block address (PBA) 65
- plan, do, check, act (PDCA) model 193
- PlanetLab 271
- platform‐as‐a‐service (PaaS) 4–5, 23, 82, 130, 204, 223, 307
- port scanning 38
- Post Office Protocol (POP) 252
- Privacy Certification Module (PCM) 180
- Privacy Level Agreement (PLA) Working Group 179
- private cloud 5, 190, 206, 239
- proofs of ownership (PoWs) 60
- Proofs of Retrievability (POR) 176
- 2014 Protecting Canadians from Online Crime Act in Canada 231
q
- quality assurance (QA) 40
r
- Rackspace 16
- random access memory (RAM) 249–250
- readiness core module 289
- redundant array of independent disks (RAID) 15, 57
- reference architecture 288–289
- repository scenario 223
- Representational State Transfer (REST) 31, 131, 213
- resource pooling 6
- RIPE Atlas 271
- RIPEstat 271
- risk management and disaster recovery
- consequence‐centric security assessment
- in future 154–155
- Rivest–Shamir–Adleman (RSA) 15
- role‐based access control (RBAC) model 193
- root of trust and isolation platform 64
- routing analysis 267
- Routing and Remote Access Service (RRAS) 43
s
- Safe harbor 18
- Salesforce.com 32
- s3.amazonaws.com.lnk 212
- Sarbanes‐Oxley Act (SOX) 15
- SAS 70 18
- scalable file‐based data store for forensic analysis 329–330
- scanning‐as‐a‐service 322
- scene/onsite infrastructural questionnaire 251–252
- Seclius framework 147
- secure isolated domain (SID)
- secure isolated project (SIP)
- secure logging services (SecLaaS) 317
- secure offboarding 54
- secure sockets layer (SSL) 15, 33, 37, 55, 131, 192
- secure telephone unit (STU) 24
- Security and Risk Management (S&RM) 171
- security‐as‐a‐service (SECaaS)
- flowchart 197
- framework
- security implications 191
- Security Content Automation Protocol (SCAP) standards 169
- Security Development Lifecycle (SDL) 16
- security event management (SEM) 34
- security information and event management (SIEM) 192
- security project (SP) 86
- Semantic Natural Language Processor (SNLP) 112
- service‐engine attacks 168
- service‐level agreement (SLA) 9, 24, 159, 193, 291–292
- service‐level objectives (SLOs) 292
- Service Organization Control 2 (SOC 2) 17
- service‐oriented architecture (SOA) 165
- Service Oriented Architecture and Web Services (SOA‐WS) 283
- service provider interface (SPI) 23
- Shared Access Signatures (SAS) 43
- silverline 177
- Simple Object Access Protocol (SOAP) 31, 131
- small and medium‐sized enterprises (SMEs) 177
- small to medium‐size businesses (SMBs) 26
- social terrorism 218
- software‐as‐a‐service (SaaS) 5, 23, 82, 130, 204, 223, 306–307
- application configurations 111
- forensics
- and PaaS host security 27
- software confidentiality 11
- software‐defined networks (SDNs) 225
- software development life cycle (SDLC) 33
- Software Guard Extensions (SGX) 71
- software integrity 11
- software interfaces 11
- solid state disk (SSD) 55
- stage encryption 55–56
- standards development organizations (SDOs) 126
- Statement on Auditing Standards (SAS) 173
- Statement on Standards for Attestation Engagements (SSAE) No. 16 18
- storage‐access adversary 70
- storage application (SA) 63
- storage scaling 330
- storage service providers (SSPs) 52
- Stuxnet worm 221
- symmetric cryptosystem 64
- Syrian state terrorism 219
- SysAdmin, Audit, Network, Security (SANS) 9, 164
- SysTrust 15, 27
t
- tenant 81
- tenant offboarding 54
- terabytes (TB) 178
- terrorism 218–220
- terrorist use of cyberspace 221–222
- theft attacks 168
- third‐party auditor (TPA) 170
- threat monitoring 34
- threshold cryptosystem 61
- Tier standard 18
- token 85
- tokenization 192
- topological vulnerability analysis (TVA) 144
- traceback 242
- traceroute 266
- track‐shingling technique 303
- transborder dataflow 180
- Transmission Control Protocol/Internet Protocol (TCP/IP) network model 209
- transparent data encryption (TDE) 44
- transport layer security (TLS) 8, 33
- triple data encryption algorithm (3DES) 44
- trusted code base (TCB) 71
- Trusted Computer Security Evaluation Criteria (TCSEC) 29
- Trusted Computing Group (TCG) 169, 193
- trusted decrypter (TD) 59
- trusted execution environments (TEEs) 69
- Trusted Network Communications (TNC) 192
- trusted platform module (TPM) 176, 192
u
- ubiquitous network access 7
- UN Convention for the Suppression of Acts of Nuclear Terrorism 229
- uninterruptible power supply (UPS) 33
- United States Government (USG) 171
- unlawful combatants 219
- UN‐sponsored Comprehensive Convention on International Terrorism 231
- U.S. Department of Defense (DoD) 14, 24
- User (U) 104
- User Datagram Protocol (UDP) 72
- U.S. National Institute of Standards and Technology (NIST) 4, 189
v
- virtual computer system (VCS) 29
- virtual hard disk (VHD) 43
- virtualization 129
- virtualizedbased isolation (VBI) 71
- virtual machine (VM) 8, 25, 131
- virtual‐machine based rootkit (VMBR) 30
- virtual machine manager (VMM) 28, 284
- virtual private network (VPN) 37
- virtual server security 28
- VULCAN framework 113, 116, 119
- vulnerability assessment 111–112
- vulnerability diagnostic trees (VDTs) 170
w
x
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.