Session Schedule

Loading Events

« All Events

  • This event has passed.
Sep 30

Session: The Cloud: A Digital Crime Scene

September 30 @ 8:00 pm - 9:00 pm EDT

Presented By: Andy Joyce, British Columbia Securities Commission & Evan Lyons, Ontario Securities Commission


The concept of the digital crime scene has changed with the introduction of the cloud. Business have embraced cloud technologies moving their operations and infrastructure away from the premises to remote environments provided by cloud providers. This transition has been driven by the need and capability to expand and contract computing and storage as needs and requirements evolve. This, in combination with the vastly expanding suite of tools available to practitioners makes cloud migrations enticing.

This has introduced new issues for digital forensic practitioners who traditionally worked in a  hands on capacity with the computing devices and networks. Traditionally practitioners were able to use write blockers or boot disks to capture evidence into forensically sound image files. The adoption of the cloud had has moved the digital crime scene away from the physical world into the remote world. The information of interest no longer physically resides on premise, but instead is accessed through remote connectivity to a non-local cloud store.

This presentation is focused on introduction of Amazon Web Services and the forensic capture of an Elastic Compute Cloud (Amazon EC2) virtual computer hosted on Amazon Web Services (AWS).

AWS is the largest cloud provider with a market share of over 40%. AWS services include:

  • Virtual Private Computers and Virtual Workspaces
  • Networks and processing services(EC2, Lightsail, Kubernetes, Lambda)
  • SAAS software as a service
  • PAAS platform as a service
  • Machine Learning and Artificial Intelligence Tool Suites (SageMaker)
  • Blockchain capabilities (Managed Blockchain, Quantum Ledger Database)
  • Data Storage and ETL Procedures (Aurora, RDS, Redshift, S3, ElastiCache, DynamoDB)
  • Security and Compliance (IAM, Cognito, Certificate Manager, SSO, MFA)

It will introduce the forensic analyst to AWS, how to identify the target EC2, use a forensic EC2 to capture and process the target volume.


September 30
8:00 pm - 9:00 pm EDT