Cloud Storage Forensics
Format: PDF / Kindle (mobi) / ePub
To reduce the risk of digital forensic evidence being called into question in judicial proceedings, it is important to have a rigorous methodology and set of procedures for conducting digital forensic investigations and examinations. Digital forensic investigation in the cloud computing environment, however, is in infancy due to the comparatively recent prevalence of cloud computing.
Cloud Storage Forensics presents the first evidence-based cloud forensic framework. Using three popular cloud storage services and one private cloud storage service as case studies, the authors show you how their framework can be used to undertake research into the data remnants on both cloud storage servers and client devices when a user undertakes a variety of methods to store, upload, and access data in the cloud. By determining the data remnants on client devices, you gain a better understanding of the types of terrestrial artifacts that are likely to remain at the Identification stage of an investigation. Once it is determined that a cloud storage service account has potential evidence of relevance to an investigation, you can communicate this to legal liaison points within service providers to enable them to respond and secure evidence in a timely manner.
- Learn to use the methodology and tools from the first evidenced-based cloud forensic framework
- Case studies provide detailed tools for analysis of cloud storage devices using popular cloud storage services
- Includes coverage of the legal implications of cloud storage forensic investigations
- Discussion of the future evolution of cloud storage and its impact on digital forensics
challenges to forensic practitioners and methodologies for a number of reasons, such as the technical differences between the devices and the increase in the use of cloud storage. The variety and difference between operating systems and file systems among portable devices present technical difficulties for practitioners (Taylor, Haggerty, Gresty, & Lamb, 2011). Since its launch in 2007, Apple has sold over 42 million iPhones, making it one of the most successful mobile phone products (Laugesen &
Control—Base-VMs Analysis of the control Base-VM hard drives confirmed there was no data originally present relating to the Enron sample test data and Dropbox files. References were found for the term “Dropbox” in “index.dat” files, “msjint40.dll.mui,” “pagefile.sys,” and unallocated clusters. This should be borne in mind, as this indicates the presence of the keyword term “dropbox” on a hard drive does not necessarily indicate that Dropbox has been used. As is usual for a digital forensic
Google Drive Dataset folder deleted from the default Google Drive sync location (Table 5.2). Also located in the Recycle Bin were the file contents files (beginning with $R), which contained the original folder and file contents. In the scope of this research, this included the files synchronized from Google Drive account using the client software. Data carve Data carving is the process of searching through allocated or unallocated data to locate files based on known headers and footers, such as
zipped files were unzipped using the in-built program in Windows 7. Different unzipping software may produce different results in relation to the timestamps. Verification of findings To verify our findings, we conducted analysis using other widely used commercial forensic tools, namely X-Ways 16.5 and AccessData Forensic Toolkit 1.81.6 (demo version). Differences were noted with the terms used for the file timestamps in comparison with Encase 6.19.4. When comparing the files created for this
Crime and Criminal Justice, Australian Institute of Criminology, 118, 1À6. Microsoft. (2013). Services agreement, Retrieved 17 February 2013, Available from ,http://windows.microsoft.com/en-US/windows-live/microsoft-services-agreement.. NIJ. (2004). Forensic examination of digital evidence: A guide for law enforcement, Available from ,http://nij.gov/nij/pubs-sum/199408.htm.. NIJ. (2008). Electronic crime scene investigation: A guide for first responders (2nd ed.), Available from