Buffer Overflow

Before delving into cloud forensics there are some concepts that need to be explained. The cloud consisted of two entities, provider (companies that host cloud technologies) and tenants (companies that use cloud technologies from the providers). The cloud generally consists of three service models:  Infrastructure-as-a-Service (IaaS) where the provider provides the hardware and network. Platform-as-a-Service (PaaS) where the provider provides all the components to a tenant's application. Software-as-a-Service (SaaS) where the provider supplies the software and the components to run it and the tenant uses and at most configures the application. Chris Brenton gives a great overview of the cloud and the challenges it poses in the link below: https://www.sans.org/blog/pen-testing-in-the-cloud/ Surprisingly there is not a lot of coverage out on the web for cloud forensics and this makes sense. Cloud forensics analysts, especially for tenants, may be somewhat limited on acc

No matter what you do as a hacker, at some point you are going to traverse memory. Computers can almost be thought of as recording devices; anything a user does gets recorded somewhere and memory is a good place to start forensic investigations. This may sound like it is therefore impossible to completely avoid leaving a footprint of some kind on a computer and while that may be true to at least some extent, there are ways to avoid detection from memory acquisition tools. But before understanding these methods it is first necessary to understand how these memory acquisition tools work. Volatility is an open source framework written in python. It contains numerous plugins to analyze a memory dump. Memory dumps can be obtained from tools such as AccessData FTK Imager which is nothing more than loading the program and then choosing File >> Capture Memory and then choosing where to save the .mem file. Once the memory is acquisitioned it can be analyzed with volatility comma