Speaker: Robert Rounssavall
Cloud computing is a buzzword that has many meanings and ramifications. Platforms are getting faster and faster and forensics is becoming more challenging as memory sizes increase into the hundreds of gigs on a single server, networks all run at 10 Gbps and servers are almost directly connected to multi-terabyte and even petabyte storage area networks. The 3 main things you need to do effective IR are network traffic, physical memory, and access to disk. If you have an incident response team and walk into one of these environments, how can you obtain those 3 items to begin to do analysis? This talk looks at the new Cisco UCS platform which has been getting a lot of attention from very large organizations and service providers from an IR perspective and shows some of the challenges that you will face on these platforms and how you can overcome them and acquire that type of evidence if you find yourself as an incident responder walking into this type of environment.