Investigation Model for Locating Data Remnants on Cloud Storage
Cloud storage services allow users to store their data online and remotely access, maintain, manage, and back up their data from anywhere through the Internet. Although this storage is helpful, it challenges digital forensic investigators and practitioners in collecting, identifying, acquiring, and preserving evidential data. This research proposes an investigation scheme for analyzing data remnants and determining probative artefacts in a cloud environment. Using the Box cloud as a case study, we collect the data remnants available on end-user device storage following the accessing, uploading, and storing of data in the cloud storage. The data remnants are collected from several sources, such as client software files, Prefetch, directory listings, registries, browsers, network PCAP, and memory and link files. Results indicate that the collected data remnants are helpful in determining a sufficient number of artefacts about investigated cybercrimes.
KeywordsForensic science Digital forensic Cloud storage Cybercrime investigation Box cloud Evidence collection Data remnants Artefacts
Funding support provided by the Ministry of Higher Education in Malaysia (No. RDU160106).
- 1.Messmer, E.: Cloud forensics: in a lawsuit, can your cloud provider get key evidence you need? Netw. World (2013). Last Accessed from http://www.networkworld.com/news/2013/030613-cloud-forensics-267447.html
- 2.Montelbano, M.K.: Cloud Forensics. Champlain College (2013)Google Scholar
- 4.Ahmed, A.A., Khay, L.M.: Securing user credentials in web browser: review and suggestion. In: 2017 IEEE Conference on Big Data and Analytics (ICBDA). IEEE, pp. 67–71 (2017)Google Scholar
- 5.Ahmed, A.A., Kit, Y.W.: MICIE: a model for identifying and collecting intrusion evidences. In: 2016 12th International Conference on Signal-Image Technology and Internet-Based Systems (SITIS). IEEE, pp. 288–294Google Scholar
- 6.Ahmed, A.A., Li, C.X.: Locating and collecting cybercrime evidences on cloud storage. In: 2016 International Conference on Information Science and Security (ICISS). IEEE, pp. 1–5 (2016)Google Scholar