Cloud Storage Forensics: Survey

  IJETT-book-cover  International Journal of Engineering Trends and Technology (IJETT)          
© 2017 by IJETT Journal
Volume-52 Number-1
Year of Publication : 2017
Authors : Sara Abdel Razek, Dr.Heba El-Fiqi, Prof. Dr. Ibrahim Mahmoud
DOI :  10.14445/22315381/IJETT-V52P205


Sara Abdel Razek, Dr.Heba El-Fiqi, Prof. Dr. Ibrahim Mahmoud "Cloud Storage Forensics: Survey", International Journal of Engineering Trends and Technology (IJETT), V52(1),22-35 October 2017. ISSN:2231-5381. published by seventh sense research group

Businesses, individuals and government nowadays are looking to use cloud storage services to store their data in favor of having access to them anyplace they are. Increasing usageof cloud storage platforms make the investigation becomemuch more important and difficult.Shortage of knowledge on digital evidence location, privacy issues, and legal boundaries make the digital evidence retrieval from cloud storage services a challenge. Most of the research studies in the literaturefocus on determining the artifactsresult from usingcloud storage applications. Theseapplicationsrunning on various devices and operating systems suggested that artifacts related to install, uninstall, log-in, logoff and others. In this paper, a survey of different researches that investigate cloud storage service is presented. This survey was introduced to give a better understanding of some of the important open key questions of the cloud forensics storagefield to identify promising future research.

[1] Mell, P., & Grance, T. (2011). The NIST definition of cloud computing. ISO 690
[2] Voorsluys, W., Broberg, J., & Buyya, R. (2011). Introduction to cloud computing. Cloud computing: Principles and paradigms, 1-41.
[3] H. Chung, J. Park, S. Lee, and C. Kang, “Digital forensic investigation of cloud storage services,” Digit. Investig., vol. 9, no. 2, pp. 81–95, 2012.
[4] M. K. Rogers and K. Seigfried, “The future of computer forensics : a needs analysis survey,” pp. 12–16, 2004.
[5] A. Pichan, M. Lazarescu, and S. T. Soh, “Cloud forensics: Technical challenges, solutions and comparative analysis,” Digit. Investig., vol. 13, pp. 38–57, 2015.
[6] S. Mukkamala and A. H. Sung, “Identifying Significant Features for Network Forensic Analysis Using Artificial Intelligent Techniques,” vol. 1, no. 4, pp. 1–17, 2003.
[7] E. S. Pilli, R. C. Joshi, and R. Niyogi, “Network forensic frameworks : Survey and research challenges,” Digit. Investig., vol. 7, no. 1–2, pp. 14–27, 2010.
[8] M. S. Olivier, “On metadata context in Database Forensics,” Digit. Investig., vol. 5, no. 3–4, pp. 115–123, 2009.
[9] E. Casey, M. Bann, and J. Doyle, “Introduction to Windows Mobile Forensics,” Digit. Investig., vol. 6, no. 3–4, pp. 136– 146, 2010.
[10] Yates, I. I. (2010, October). Practical investigations of digital forensics tools for mobile devices. In 2010 information security curriculum development conference (pp. 156-162). ACM.
[11] K. Ruan, J. Carthy, T. Kechadi, and I. Baggili, “Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results,” Digit. Investig., vol. 10, no. 1, pp. 34–43, 2013.
[12] NIST Cloud Computing Forensic Science Working Group. (2014). NIST Cloud Computing Forensic Science Challenges.
[13] B. Carrier, “Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers,” vol. 1, no. 4, pp. 1–12, 2003.
[14] R. Fernando et al., “Digital Forensics Tools,” vol. 11, no. 19, pp. 9754–9762, 2016.
[15] L. Adhianto et al., “HPCTOOLKIT: Tools for performance analysis of optimized parallel programs,” Concurr. Comput. Pract. Exp., vol. 22, no. 6, pp. 685–701, 2010.
[16] J. Dykstra and A. T. Sherman, “Design and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform,” Digit. Investig., vol. 10, no. SUPPL., pp. S87–S95, 2013.
[17] M. Geiger, “Evaluating Commercial Counter-Forensic Tools,” pp. 1–12, 2005.
[18] Harnik, D., Pinkas, B., & Shulman-Peleg, A. (2010). Side channels in cloud services: Deduplication in cloud storage. IEEE Security & Privacy, 8(6), 40-47.
[19] D. Hutchison and J. C. Mitchell, Lecture Notes in Computer Science.
[20] Mell, P., &Grance, T. (2011). The NIST definition of cloud computing.
[21] A. K. Mishra, P. Matta, E. S. Pilli, and R. C. Joshi, “Cloud Forensics : State-of-the-Art and Research Challenges,” 2012.
[22] Birk, D., & Wegener, C. (2011, May). Technical issues of forensic investigations in cloud computing environments. In Systematic Approaches to Digital Forensic Engineering (SADFE), 2011 IEEE Sixth International Workshop on (pp. 1-10). IEEE.
[23] McKemmish, R. (1999). What is forensic computing?. Canberra: Australian Institute of Criminology.
[24] J. Dykstra and A. T. Sherman, “UNDERSTANDING ISSUES IN CLOUD FORENSICS : TWO HYPOTHETICAL CASE STUDIES,” no. 45, p. 2011, 2011.
[25] S. Mason and E. George, “Digital evidence and „ cloud ? computing,” Comput. Law Secur. Rev., vol. 27, no. 5, pp. 524–528, 2011.
[26] S. Biggs and S. Vidalis, “Cloud Computing : The Impact on Digital Forensic Investigations,” 2009.
[27] B. Martini and K. K. R. Choo, “Cloud storage forensics: OwnCloud as a case study,” Digit. Investig., vol. 10, no. 4, pp. 287–299, 2013.
[28] S. Easwaramoorthy, S. Thamburasa, G. Samy, S. B. Bhushan, and K. Aravind, “Digital forensic evidence collection of cloud storage data for investigation,” 2016 Int. Conf. Recent Trends Inf. Technol. ICRTIT 2016, 2016.
[29] Y. Teing, B. Sc, A. Dehghantanha, D. Ph, K. R. Choo, and D. Ph, “DIGITAL & MULTIMEDIA SCIENCES Forensic Investigation of Cooperative Storage Cloud Service : Symform as a Case Study,” no. May, 2016.
[30] D. Quick and K. K. R. Choo, “Digital droplets: Microsoft SkyDrive forensic data remnants,” Futur. Gener. Comput. Syst., vol. 29, no. 6, pp. 1378–1394, 2013.
[31] D. Quick and K. K. R. Choo, “Google drive: Forensic analysis of data remnants,” J. Netw. Comput. Appl., vol. 40, no. 1, pp. 179–193, 2014.
[32] S. Mehreen and B. Aslam, “Windows 8 cloud storage analysis: Dropbox forensics,” Proc. 2015 12th Int. Bhurban Conf. Appl. Sci. Technol. IBCAST 2015, pp. 312–317, 2015.
[33] D. Quick and K. K. R. Choo, “Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata?,” Digit. Investig., vol. 10, no. 3, pp. 266–277, 2013.
[34] D. Quick and K. K. R. Choo, “Dropbox analysis: Data remnants on user machines,” Digit. Investig., vol. 10, no. 1, pp. 3–18, 2013.
[35] K. Oestreicher, “A forensically robust method for acquisition of iCloud data,” Digit. Investig., vol. 11, no. SUPPL. 2, pp. S106–S113, 2014.
[36] R. Malik, N. Shashidhar, and L. Chen, “Cloud Storage Client Application Analysis,” Lei Chen Int. J. Secur., no. 91, pp. 2015–1, 2015.
[37] R. Malik, N. Shashidhar, and L. Chen, “Cloud Storage Client Application Analysis on UNIX/Linux,” Lei Chen Int. J. Secur., no. 91, pp. 2015–1.
[38] R. Malik, N. Shashidhar, and L. Chen, “Analysis of Evidence in Cloud Storage Client Applications on the Windows Platform,” p. 15.
[39] M. Shariati, A. Dehghantanha, and K. Raymond, “Australian Journal of Forensic Sciences SugarSync forensic analysis,” no. April 2015, pp. 37–41.
[40] V. Roussev, A. Barreto, and I. Ahmed, “API-based forensic acquisition of cloud drives,” IFIP Adv. Inf. Commun. Technol., vol. 484, pp. 213–235, 2016.
[41] Kiruthu, G. M. (2012). Digital forensic investigation of a Dropbox cloud-hosted shared folder (Doctoral dissertation, Purdue University).
[42] “Running head : GOOGLE DRIVE FORENSIC ANALYSIS VIA API Google Drive Forensic Analysis via Application Programming Interface A Thesis Presented to the Faculty of Jackson College of Graduate Studies University of Central Oklahoma In Partial Fulfillment of the Requirements of the Degree of MASTER OF SCIENCE in FORENSIC SCIENCE by Shujian Yang,” 2015.
[43] Y. Teing, A. Dehghantanha, and K. R. Choo, “Forensic investigation of P2P cloud storage services and backbone for IoT networks : BitTorrent Sync as a case study,” Comput. Electr. Eng., vol. 0, pp. 1–14, 2016.
[44] B. Blakeley, C. Cooney, A. Dehghantanha, and R. Aspin, “Cloud Storage Forensic : hubiC as a Case-Study,” vol. 1, 2015.
[45] J. S. Hale, “Amazon Cloud Drive forensic analysis,” Digit. Investig., vol. 10, no. 3, pp. 259–265, 2013.

Digital forensics, Cloud forensics, Cloud storage, Cloud storage forensics, Digital evidence.