Forensics with the Cloud Part 2

00:01

Hey, everyone, welcome back to the course. So in the last video, we talked about different types of cloud computing and different types of cloud attacks.

00:08

And this video, we're gonna go over different types of cloud crime.

00:14

So we've got cloud. It's a subject club. Wanna know these for the exam? We'll talk about each one.

00:19

So Claude is a subject. So basically, the attacker tries to compromise the security of the cloud environment. So the cloud itself is the S O. The goal here is to steal data, inject Mauer, even delete data.

00:34

Cloud is an object. So this is where the attacker tries to commit the crime against the cloud service provider.

00:39

So things like your de dos attack right? They want to keep that cloud service provider from being able to, you know, is up and running.

00:47

So again, with our CIA triage going back to the availability of the information

00:53

cloud as a tool so the attacker uses compromised in a compromised cloud account, do then attack other accounts. So, for example, in like a community cloud environment, they attack won't organization. They take over that session and then they try to attack the other accounts as well.

01:10

So different challenges and cloud forensics. So sometimes we can't get all the logs right, or there's insufficient locks, large scale data. So think about the cloud. Right. So we're using a lot of data in their stored stored in these huge data centers. So we have a forensic investigator may not be able to, um,

01:26

realistically get all that information, right, Because it could be terabytes and terabytes of data.

01:32

Um, and we just can't handle that, right?

01:34

Also, some challenges. You know, the different I ot device is in place. So, like, mobile devices, you know, it could be also information from, like, CCTV cameras that are there are going into the cloud of being stored and then legal aspects. Right? So think about the cloud. Or I think about Amazon, for example. And I It's popular ones. Um,

01:53

you know, they're storing the data in other countries, right? So we've got to understand that there may be jurisdictional issues that Yeah, we know the date is there, but we can actually can't go get it, you know, because that company that they're storing it in, uh, they don't have any type of, you know law in place that allows us to go give the information

02:12

or there's too many hurdles to go through

02:15

service level agreements. So, you know, here Ah, the main things that an investigator wants to focus on are the restrictions on the customer by the cloud service provider, as well as different security measures that the cloud service providers using for the customer account. That's gonna be valuable information for you to understand

02:31

what kind of information you can get if you get a warrant or subpoena

02:36

for the suspects stuff from the cloud service provider. What kind information you might actually get back from. That

02:45

s L. A. Is also covered things like availability, support, etcetera, etcetera. But the main thing is to remember from this our security measures and the restrictions on the customer by the Cloud Service provider.

02:57

So let's talk about Dropbox. So you just want to kind of memorize these different paths here. Ah, and you want to do that for Google Drive as well that we'll talk about it just a little bit. So in Dropbox, the file cash dot D. B X file stores information on share directories as well as file transfers you'll definitely want to memorize that for the exam.

03:15

You'll also want to know that's dropbox. Pre French is stored in, you know, windows pre fresh and then drop box that e x e

03:23

a zealous. Some other information is going to be stored in a user name backward, slice dropbox and then use your name backwards slash app data roaming backward size dropbox again. That very last one there you'll just want to memorize for the exam.

03:38

And then we have Google Drive. So Google Drive does add some registry keys here. So you just want to kind of memorize these passes. Well, so soft for Microsoft Windows Current version installer for folder. So just remember, rise that last part of that. The current version backward slash installer backward slash fuller.

03:58

Also, you'll wanna memorize the other one on here You'll probably wanna memorize is gonna be the one that starts nt user on. So basically it ends in current version Backward slash Run backwards slash Google Dr Sink. So again, just memorize that for the exam

04:13

and some other past for you as well. So you do have some studying here to just try to memorize the different past and really just kind of tuck him in your head. So that way you you are familiar with them. If you see him on the exam and ending any capacity so the sink underscore config dot d b file.

04:29

Um, you're gonna find that in this path here, But just memorize that particular file

04:33

name on and then also, you know, the snapshot of the database is gonna be stored. Our, you know, snapshot, that D B file is gonna be stored at that path as well.

04:44

So the snapshot that d be shows each file access. So things like, you know, as the name of plus snapshot right shows that you are lpf created, modified time and date. You know, the empty five hash, etcetera, etcetera. Just memorized that what that entails for the exam and then the sink underscore. Log dot log file

05:03

contains the user's cloud transaction. So that's another one you just want to memorize for the exam.

05:11

So some post assessment questions here. So the sink underscore logged that log file and Google Drive shows a listing of the user's cloud transactions. Is that true or false?

05:21

All right, so that one is true

05:23

it definitely does that. And we talked about it that just a moment ago.

05:27

Question number two here. This path right here. So the software backwards slash Microsoft backwards slash Windows backwards slash current version backward slash installer, backward slash folder. That's a whole lot to say right now is a registry key. Adam I Google Drive. Is that true or false?

05:44

All right, so that's true as well, right? So that's one of the registry keys we had seen again. You'll just want to memorize that current version backwards Session, Staller Backwards Last folder for your exam.

05:54

And then finally our last question here the file cash dot D b X file stores information on share directories and file transfers and that true or false?

06:03

All right, so that one was true as well. So kind of an easy quiz there, all of whom were true,

06:09

are So in this video, we talked about cloud crimes, and we wrapped up our discussion on the cloud