Cloud Busting: Cloud Forensics Workshop and Challenge

Training Session: Cloud Busting: Cloud Forensics Workshop and Challenge

What, exactly, is “the Cloud”? Is it a network of machines connected via the Internet scattered all over the globe? Is it a data center environment located in the United States or anywhere in the world? Is it really just “someone else’s computer”? Or, is there more to it that needs to be understood by the Information Security professional, to arm him or her with enough knowledge to answer the tough question that inevitably will be asked by their employer, “Why should we take the risk to move our most sensitive data into the cloud?” To take it one step further, should in the event of a data breach that same employer should say, “We need to investigate how this happened;” what exactly will the Information Security professional need to know to successfully conduct a digital forensic investigation, especially if he or she doesn’t have direct access to the server or hardware? The Cloud Forensics Challenge team (@Cloud4n6) is excited to come to HOU.SEC.CON for 2019 and bring our workshop with us. We have presented this training at both the 2017 BSides DC and the 2018 BSides Charm events, and seats have sold out both times. The focus of our workshop is two-fold: first, to explore key concepts of Cloud computing and understanding the procedures and processes of conducting a digital forensics investigation in the Cloud; and second, a half-day challenge to test students' comprehension of the material and their skill sets by investigating a digital image of a Cloud-based server and searching for various "flags" to be turned in as part of a team competition. Prizes will be up for grabs and we look forward to sharing our knowledge with attendees!

What to expect:

Everything including the kitchen sink. Come get a 10,000-foot view on cloud computing and how it changes the way a digital forensics investigation is conducted. Come test your skills and knowledge on log analysis, file carving, packet analysis, memory analysis, reverse engineering, steganography, cryptography, and other areas as you conduct your investigation accordingly.

What to bring:

A laptop capable of running the latest version of Kali Linux. Don’t like it nor don’t care for it? Have the following tools pre-loaded and ready to go:

  • TSK/Autopsy
  • Wireshark
  • Volatility or other memory forensics software
  • OpenStego or other steganography software
  • Ida Pro (trial version is fine), Ollydbg, or other reverse engineering tool
  • Decrypter or other decryption software
  • Cipher tools

Chief Instructor Bio: Kerry Hazelton

Kerry Hazelton's career between Information Technology and Security has spanned the course of over twenty years, and with it he has developed considerable experience with systems and network support, data center operations, and information security. As such, he considers himself a "cybersecurity enthusiast" due to his desire and motivation to read up on the latest trends within the industry, to learn about a new exploit or tool, or his willingness to teach and share with others his experiences over the years. He also has presented technical workshops on the tools and procedures often used in security analysis and cloud-based digital forensics at prior conferences including B-Sides Charm, DC, and NoVA; which helped to form the basis for the Cloud Forensics Challenge he currently runs. Additionally, he recently gave a talk at his hometown inaugural B-Sides Idaho Falls conference about his experiences as an instructor, and the importance of mentoring the next generation of hackers. Mr. Hazelton is currently employed as a Senior Cloud Security Engineer with Tenable.