scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

Digital forensic evidence collection of cloud storage data for investigation

TL;DR: Two popular public cloud service providers (Microsoft One Drive and Amazon cloud drive) are used to perform forensics evidence collection procedure through browser and service providers software on a Windows 7 computer to provide a clear idea about type of evidences are exist in machine for forensics practitioners.
Abstract: In recent days Cloud services such as storage is more familiar to business and Individuals. This storage services are found as a problem to examiners and researchers in the field of forensics. There are many kind of storage services available in cloud and every service face a diverse issues in illegitimate action. The evidence identification, preservation, and collection are hard when dissimilar services are utilized by offenders. Lack of knowledge regarding location of evidence data can also affect investigation and it take more time to meet every cloud storage providers to decide where the evidence is saved within their infrastructure. In this study two popular public cloud service providers (Microsoft One Drive and Amazon cloud drive) are used to perform forensics evidence collection procedure through browser and service providers software on a Windows 7 computer. By identifying the evidence data on a client device, provide a clear idea about type of evidences are exist in machine for forensics practitioners. Possible evidence determined throughout this study include file timestamps, file hashes, client software log files, memory captures, link files and other evidences are also obtainable to different cloud service providers.
Citations
More filters
01 Jan 2020
TL;DR: The challenges in conducting a forensic investigation on cloud computing are reviewed and the challenges are described according to cloud forensic investigation phase, which are identification, collection, examination and analysis, and lastly reporting and presentation.
Abstract: Cloud computing becomes more popular since the emergence of the Fourth Industrial Revolution (IR 4.0) as almost all internet services are highly dependent on high-end networks of server computers. The large-scale used on the internet around the world may cause the cloud server to be highly exposed to cyber threats and it is very difficult to apply forensic method specifically in conducting cloud forensic investigation. Subsequently, the lack of digital investigation may increase the threats towards cloud environment. Consequently, the cloud forensic investigation needs to be recognized for any incident happened in cloud services. Thus, this paper will review the the challenges in conducting a forensic investigation on cloud computing and the challenges are described according to cloud forensic investigation phase, which are identification, collection, examination and analysis, and lastly reporting and presentation. Moreover, recommendation to overcome current cloud forensic challenges which were specified by previous researches also being provided. This review will be beneficial to the community in order to overcome the challenges of cloud forensic investigation in the future.

9 citations


Cites background from "Digital forensic evidence collectio..."

  • ...TABLE 2: Number of Phases in Cloud Forensic Author & Year Research Title Number of Phases (Alex and Kishore, 2017) [5] Forensics framework for cloud computing 4 Phases (Martini and Choo, 2012) [14] An integrated conceptual digital 4 Phases Author & Year Research Title Number of Phases forensic framework for cloud computing, Digital Investigation (Raju and Geethakumari, 2017) [15] An advanced forensic readiness model for the cloud environment 4 phases (Martini and Choo, 2013) [14] Cloud storage forensics: OwnCloud as a case study 4 Phases (Quick and Choo, 2013) [17] Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata?...

    [...]

  • ...…and Choo, 2014b) [20] Google drive: Forensic analysis of data remnants Prepare Identify & Collect Preserve (Forensic Copy) Analysis (Easwaramoorthy et al., 2016) [22] Digital forensic evidence collection of cloud storage data for investigation Identification & Preservation…...

    [...]

  • ...…analysis of data remnants 4 Phases (Pichan et al., 2015) [21] Cloud forensics: Technical challenges, solutions and comparative analysis 6 Phases (Easwaramoorthy et al., 2016) [22] Digital forensic evidence collection of cloud storage data for investigation 4 Phases (Khan et al., 2016) [23] A…...

    [...]

  • ...5 Phases (Shah and Malik, 2014) [18] An approach towards digital forensic framework for cloud 4 Phases (Rani and Geethakumari, 2015) [19] An efficient approach to forensic investigation in cloud using VM snapshots 4 Phases (Martini and Choo, 2012) [14] An integrated conceptual digital forensic framework for cloud computing 4 Phases (Quick and Choo, 2014b) [20] Google drive: Forensic analysis of data remnants 4 Phases (Pichan et al., 2015) [21] Cloud forensics: Technical challenges, solutions and comparative analysis 6 Phases (Easwaramoorthy et al., 2016) [22] Digital forensic evidence collection of cloud storage data for investigation 4 Phases (Khan et al., 2016) [23] A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing 4 Phases (Ahmed Khan and Ullah, 2017) [24] A log aggregation forensic analysis framework for cloud computing environments 5 Phases (Almulla et al., 2014) [25] a State-of-the-Art Review of Cloud 6 Phases Author & Year Research Title Number of Phases (Delport et al., 2011) [26] Isolating a cloud instance for a digital forensic investigation 7 Phases (Damshenas et al., 2012) [27] Forensics investigation challenges in cloud computing environments 4 Phases (Birk and Wegener, 2011) [9] Technical Issues of Forensic Investigations in Cloud Computing Environments 3 Phases (Simou et al., 2016) [28] A survey on cloud forensics challenges and solutions 4 Phases (Horsman, 2018) [29] Framework for Reliable Experimental Design (FRED): A research framework to ensure the dependable interpretation of digital data for digital forensics 3 Phases (Ho et al., 2018) [30] Following the breadcrumbs: Timestamp pattern identification for cloud forensics 3 Phases (Quick and Choo, 2014a) [20] Impacts of increasing volume of digital forensic data: A survey and future research challenges 10 Phases (Zhao, 2017) [31] Study and Realization of Digital Forensics Key Technology Based on Cloud Computing 5 Phases Based on the table above, there are different numbers of phases proposed by the authors....

    [...]

  • ..., 2016) [22] Digital forensic evidence collection of cloud storage data for investigation 4 Phases...

    [...]

Journal ArticleDOI
TL;DR: The proposed DPCA-SM framework that detects suspected activity in shopping malls in real-time uses the publicly accessible CAVIAR data collection to validate the proposed approach for monitoring occlusions and is evaluated on naturalism, private datasets, demonstrating that in a shopping mall setting, the professional surveillance cameras strategy can efficiently detect unusual activity.
Abstract: Video surveillance devices are a valuable tool in various contexts to automate different danger conditions and enable security guards to make effective decisions to improve asset safety. This article suggests detecting and preventing criminal activities in shopping malls (DPCA-SM) framework that detects suspected activity in shopping malls in real-time. The video monitoring approach makes some suggestions that create a comprehensive application capable of effectively tracking people's pathways and detecting measures in a shop setting. The proposed system utilizes the publicly accessible CAVIAR data collection to validate the proposed approach for monitoring occlusions with a performance of nearly 92% to assess the accuracy of the principal inputs of the proposed initiative. The alerts provided by the proposed framework are also evaluated on naturalism, private datasets, demonstrating that in a shopping mall setting, the professional surveillance cameras strategy can efficiently detect unusual activity.

8 citations

Journal ArticleDOI
TL;DR: A framework termed Predicate Based Access Control (PBAC) is proposed to render fine grained access control to Swift storage, an object storage service in open source cloud named OpenStack that makes the Swift storage and retrieval more secure.
Abstract: Storage in cloud computing is the fundamental service which is widely used by consumers of cloud. Cloud offer many advantages such as flexibility, elasticity, scalability and sharing of data among users. However, cloud storage throws many privacy and security challenges. Especially, the most significant problem is access control mechanism which ensures sharing of dataonly to authorized users. Most of the cloud service providers offer Role Based Access Control (RBAC) where users are grouped into roles and access is given to resources based on roles. The problem with this scheme is that once a role gets access to a resource, further restrictions are not possible, where there are security limitations for which data owner needs to restrict access to a part of an object but not entire object. This work proposes to useSwift, an object storage service in open source cloud named OpenStack. Swift restricts access to objects using Access Control Lists (ACLs). As per ACL, users can gain access to an object. However, once access is given, users can access the complete object without further restrictions. The proposed work is evaluated in real cloud environment Amazon cloud, Microsoft Azure, and Open stack cloud. A framework termed Predicate Based Access Control (PBAC) is proposed to render fine grained access control to Swift storage. Access is provided to predicates that are part of an object. Instead of following an “all or nothing” approach, an access control mechanism that makes the Swift storage and retrieval more secure is preferred.

8 citations

Book ChapterDOI
19 Aug 2020
TL;DR: The retrieval of the possible data remnants on this cloud application is the first step in introducing the indicator of cloud usage that can assist the forensic investigation at the early phase.
Abstract: Cloud computing is widely used but with an undefined term for a multitude of different resources that are automatically distributed. Cloud computing can be called a double edge weapon from law enforcement and forensic investigation standpoint. Digital evidence collected from cloud sources, on the one hand, can present complex technical and cross-jurisdictional legal issues. This study explores the ability to retrieve possible data remnants for pCloud applications that can be applied in the preliminary analysis for forensic investigation. It is based on volatile memory analysis. The experiment on the retrieval involves three scenarios on pCloud; download, upload, and view the files on the cloud. The retrieval of the possible data remnants on this cloud application is the first step in introducing the indicator of cloud usage that can assist the forensic investigation at the early phase.

6 citations

Journal ArticleDOI
TL;DR: In this paper , an end-to-end deep learning model is proposed which is based on Bi-directional gated recurrent unit (BiGRU) and Convolutional neural network (CNN) to detect and prevent criminal activities.

6 citations

References
More filters
Journal ArticleDOI
TL;DR: An integrated (iterative) conceptual digital forensic framework is proposed, which emphasises the differences in the preservation of forensic data and the collection of cloud computing data for forensic purposes, and discusses cloud computing digital forensic issues.

236 citations


"Digital forensic evidence collectio..." refers background in this paper

  • ...In a cloud infrastructure, data is partitioned and stored in distributed computing systems usually spanning different jurisdictions [3]....

    [...]

Journal ArticleDOI
TL;DR: In this article, the authors proposed a new procedure for investigating and analyzing the artifacts of all accessible devices, such as Windows system, Mac system, iPhone, and Android smartphone, for forensic investigation of cloud storage services.

182 citations

Journal ArticleDOI
TL;DR: By determining the data remnants on client devices, research contributes to a better understanding of the types of terrestrial artifacts that are likely to remain for digital forensics practitioners and examiners.

182 citations


"Digital forensic evidence collectio..." refers background in this paper

  • ...[4] have developed an approach in the paper....

    [...]

Journal ArticleDOI
TL;DR: The researcher presents the results and analysis of a survey that was widely circulated among digital forensic experts and practitioners internationally on cloud forensics and critical criteria for cloud forensic capability in order to better understand the key fundamental issues of cloud forensic such as its definition, scope, challenges, opportunities and missing capabilities.

175 citations

Journal ArticleDOI
TL;DR: A series of digital forensic experiments are documented with the aim of providing forensic researchers and practitioners with an in-depth understanding of the artefacts required to undertake cloud storage forensics.

166 citations