Cloud Storage Forensics: Survey
Citation
Sara Abdel Razek, Dr.Heba El-Fiqi, Prof. Dr. Ibrahim Mahmoud "Cloud Storage Forensics: Survey", International Journal of Engineering Trends and Technology (IJETT), V52(1),22-35 October 2017. ISSN:2231-5381. www.ijettjournal.org. published by seventh sense research group
Abstract
Businesses, individuals and government
nowadays are looking to use cloud storage services
to store their data in favor of having access to them
anyplace they are. Increasing usageof cloud storage
platforms make the investigation becomemuch more
important and difficult.Shortage of knowledge on
digital evidence location, privacy issues, and legal
boundaries make the digital evidence retrieval from
cloud storage services a challenge. Most of the
research studies in the literaturefocus on
determining the artifactsresult from usingcloud
storage applications. Theseapplicationsrunning on
various devices and operating systems suggested
that artifacts related to install, uninstall, log-in, logoff
and others. In this paper, a survey of different
researches that investigate cloud storage service is
presented. This survey was introduced to give a
better understanding of some of the important open
key questions of the cloud forensics storagefield to
identify promising future research.
Reference
[1] Mell, P., & Grance, T. (2011). The NIST definition of cloud
computing. ISO 690
[2] Voorsluys, W., Broberg, J., & Buyya, R. (2011).
Introduction to cloud computing. Cloud computing:
Principles and paradigms, 1-41.
[3] H. Chung, J. Park, S. Lee, and C. Kang, “Digital forensic
investigation of cloud storage services,” Digit. Investig., vol.
9, no. 2, pp. 81–95, 2012.
[4] M. K. Rogers and K. Seigfried, “The future of computer
forensics : a needs analysis survey,” pp. 12–16, 2004.
[5] A. Pichan, M. Lazarescu, and S. T. Soh, “Cloud forensics:
Technical challenges, solutions and comparative analysis,”
Digit. Investig., vol. 13, pp. 38–57, 2015.
[6] S. Mukkamala and A. H. Sung, “Identifying Significant
Features for Network Forensic Analysis Using Artificial
Intelligent Techniques,” vol. 1, no. 4, pp. 1–17, 2003.
[7] E. S. Pilli, R. C. Joshi, and R. Niyogi, “Network forensic
frameworks : Survey and research challenges,” Digit.
Investig., vol. 7, no. 1–2, pp. 14–27, 2010.
[8] M. S. Olivier, “On metadata context in Database Forensics,”
Digit. Investig., vol. 5, no. 3–4, pp. 115–123, 2009.
[9] E. Casey, M. Bann, and J. Doyle, “Introduction to Windows
Mobile Forensics,” Digit. Investig., vol. 6, no. 3–4, pp. 136–
146, 2010.
[10] Yates, I. I. (2010, October). Practical investigations of
digital forensics tools for mobile devices. In 2010
information security curriculum development
conference (pp. 156-162). ACM.
[11] K. Ruan, J. Carthy, T. Kechadi, and I. Baggili, “Cloud
forensics definitions and critical criteria for cloud forensic
capability: An overview of survey results,” Digit. Investig.,
vol. 10, no. 1, pp. 34–43, 2013.
[12] NIST Cloud Computing Forensic Science Working Group.
(2014). NIST Cloud Computing Forensic Science
Challenges.
[13] B. Carrier, “Defining Digital Forensic Examination and
Analysis Tools Using Abstraction Layers,” vol. 1, no. 4, pp.
1–12, 2003.
[14] R. Fernando et al., “Digital Forensics Tools,” vol. 11, no.
19, pp. 9754–9762, 2016.
[15] L. Adhianto et al., “HPCTOOLKIT: Tools for performance
analysis of optimized parallel programs,” Concurr. Comput.
Pract. Exp., vol. 22, no. 6, pp. 685–701, 2010.
[16] J. Dykstra and A. T. Sherman, “Design and implementation
of FROST: Digital forensic tools for the OpenStack cloud
computing platform,” Digit. Investig., vol. 10, no. SUPPL.,
pp. S87–S95, 2013.
[17] M. Geiger, “Evaluating Commercial Counter-Forensic
Tools,” pp. 1–12, 2005.
[18] Harnik, D., Pinkas, B., & Shulman-Peleg, A. (2010). Side
channels in cloud services: Deduplication in cloud
storage. IEEE Security & Privacy, 8(6), 40-47.
[19] D. Hutchison and J. C. Mitchell, Lecture Notes in Computer
Science.
[20] Mell, P., &Grance, T. (2011). The NIST definition of cloud
computing.
[21] A. K. Mishra, P. Matta, E. S. Pilli, and R. C. Joshi, “Cloud
Forensics : State-of-the-Art and Research Challenges,”
2012.
[22] Birk, D., & Wegener, C. (2011, May). Technical issues of
forensic investigations in cloud computing environments.
In Systematic Approaches to Digital Forensic Engineering
(SADFE), 2011 IEEE Sixth International Workshop on (pp.
1-10). IEEE.
[23] McKemmish, R. (1999). What is forensic computing?.
Canberra: Australian Institute of Criminology.
[24] J. Dykstra and A. T. Sherman, “UNDERSTANDING
ISSUES IN CLOUD FORENSICS : TWO
HYPOTHETICAL CASE STUDIES,” no. 45, p. 2011,
2011.
[25] S. Mason and E. George, “Digital evidence and „ cloud ?
computing,” Comput. Law Secur. Rev., vol. 27, no. 5, pp.
524–528, 2011.
[26] S. Biggs and S. Vidalis, “Cloud Computing : The Impact on
Digital Forensic Investigations,” 2009.
[27] B. Martini and K. K. R. Choo, “Cloud storage forensics:
OwnCloud as a case study,” Digit. Investig., vol. 10, no. 4,
pp. 287–299, 2013.
[28] S. Easwaramoorthy, S. Thamburasa, G. Samy, S. B.
Bhushan, and K. Aravind, “Digital forensic evidence
collection of cloud storage data for investigation,” 2016 Int.
Conf. Recent Trends Inf. Technol. ICRTIT 2016, 2016.
[29] Y. Teing, B. Sc, A. Dehghantanha, D. Ph, K. R. Choo, and
D. Ph, “DIGITAL & MULTIMEDIA SCIENCES Forensic
Investigation of Cooperative Storage Cloud Service :
Symform as a Case Study,” no. May, 2016.
[30] D. Quick and K. K. R. Choo, “Digital droplets: Microsoft
SkyDrive forensic data remnants,” Futur. Gener. Comput.
Syst., vol. 29, no. 6, pp. 1378–1394, 2013.
[31] D. Quick and K. K. R. Choo, “Google drive: Forensic
analysis of data remnants,” J. Netw. Comput. Appl., vol. 40,
no. 1, pp. 179–193, 2014.
[32] S. Mehreen and B. Aslam, “Windows 8 cloud storage
analysis: Dropbox forensics,” Proc. 2015 12th Int. Bhurban
Conf. Appl. Sci. Technol. IBCAST 2015, pp. 312–317, 2015.
[33] D. Quick and K. K. R. Choo, “Forensic collection of cloud
storage data: Does the act of collection result in changes to
the data or its metadata?,” Digit. Investig., vol. 10, no. 3, pp.
266–277, 2013.
[34] D. Quick and K. K. R. Choo, “Dropbox analysis: Data
remnants on user machines,” Digit. Investig., vol. 10, no. 1,
pp. 3–18, 2013.
[35] K. Oestreicher, “A forensically robust method for acquisition of iCloud data,” Digit. Investig., vol. 11, no.
SUPPL. 2, pp. S106–S113, 2014.
[36] R. Malik, N. Shashidhar, and L. Chen, “Cloud Storage
Client Application Analysis,” Lei Chen Int. J. Secur., no.
91, pp. 2015–1, 2015.
[37] R. Malik, N. Shashidhar, and L. Chen, “Cloud Storage
Client Application Analysis on UNIX/Linux,” Lei Chen Int.
J. Secur., no. 91, pp. 2015–1.
[38] R. Malik, N. Shashidhar, and L. Chen, “Analysis of
Evidence in Cloud Storage Client Applications on the
Windows Platform,” p. 15.
[39] M. Shariati, A. Dehghantanha, and K. Raymond,
“Australian Journal of Forensic Sciences SugarSync
forensic analysis,” no. April 2015, pp. 37–41.
[40] V. Roussev, A. Barreto, and I. Ahmed, “API-based forensic
acquisition of cloud drives,” IFIP Adv. Inf. Commun.
Technol., vol. 484, pp. 213–235, 2016.
[41] Kiruthu, G. M. (2012). Digital forensic investigation of a
Dropbox cloud-hosted shared folder (Doctoral dissertation,
Purdue University).
[42] “Running head : GOOGLE DRIVE FORENSIC
ANALYSIS VIA API Google Drive Forensic Analysis via
Application Programming Interface A Thesis Presented to
the Faculty of Jackson College of Graduate Studies
University of Central Oklahoma In Partial Fulfillment of the
Requirements of the Degree of MASTER OF SCIENCE in
FORENSIC SCIENCE by Shujian Yang,” 2015.
[43] Y. Teing, A. Dehghantanha, and K. R. Choo, “Forensic
investigation of P2P cloud storage services and backbone
for IoT networks : BitTorrent Sync as a case study,”
Comput. Electr. Eng., vol. 0, pp. 1–14, 2016.
[44] B. Blakeley, C. Cooney, A. Dehghantanha, and R. Aspin,
“Cloud Storage Forensic : hubiC as a Case-Study,” vol. 1,
2015.
[45] J. S. Hale, “Amazon Cloud Drive forensic analysis,” Digit.
Investig., vol. 10, no. 3, pp. 259–265, 2013.
Keywords
Digital forensics, Cloud forensics, Cloud storage,
Cloud storage forensics, Digital evidence.