Forensic Acquisition of Cloud Drives
نویسندگان
چکیده
Cloud computing and cloud storage services, in particular, pose a new challenge to digital forensic investigations. Currently, evidence acquisition for such services still follows the traditional method of collecting artifacts on a client device. This approach requires labor-intensive reverse engineering efforts, and ultimately result in an acquisition that is inherently incomplete. Specifically, it makes the incorrect assumption that all storage content for an account is fully replicated on the client; further, there are no means to acquire historical data in the form of document revisions, nor is there a way to acquire cloud-native artifacts, such as Google Docs. In this work, we introduce the concept of API-based evidence acquisition for cloud services, which addresses these concerns by utilizing the officially supported API of the service. To demonstrate the utility of this approach, we present a proof-of-concept acquisition tool, kumodd, which can acquire evidence from four major cloud drive providers: Google Drive, Microsoft OneDrive, Dropbox, and Box. The implementation provides both command-line and web user interfaces, and can be readily incorporated into established forensic processes.
منابع مشابه
Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques
We expose and explore technical and trust issues that arise in acquiring forensic evidence from infrastructure-as-aservice cloud computing and analyze some strategies for addressing these challenges. First, we create a model to show the layers of trust required in the cloud. Second, we present the overarching context for a cloud forensic exam and analyze choices available to an examiner. Third,...
متن کاملData Recovery Strategies for Cloud Environments
Data acquisition and data recovery are essential to any e-discovery or digital forensic process. However, these two aspects seem to be considerably difficult in a cloud-computing environment. The very nature of the Cloud raises a number of technical and organizational challenges, which renders traditional approaches and tools inapplicable. Resource pooling, rapid elasticity, and geographical di...
متن کاملAn Experimental Survey towards Engaging Trustable Hypervisor Log Evidence within a Cloud Forensic Environment
In this survey paper the author explores the technical as well as high level conceptual trust issues that arise in acquiring log forensic evidence from the virtual machine (VM) hosted operating systems within the data clouds. This specific survey work is done at the University of Technology [UTECH], Jamaica, which currently functions as its own independent private data cloud provider. The data ...
متن کاملUnderstanding Issues in Cloud Forensics: Two Hypothetical Case Studies
The inevitable vulnerabilities and criminal targeting of cloud environments demand an understanding of how digital forensic investigations of the cloud can be accomplished. We present two hypothetical case studies of cloud crimes; child pornography being hosted in the cloud, and a compromised cloud-based website. Our cases highlight shortcomings of current forensic practices and laws. We descri...
متن کاملDesign and implementation of FROST: Digital forensic tools for the OpenStack cloud computing platform
We describe the design, implementation, and evaluation of FROSTdthree new forensic tools for the OpenStack cloud platform. Our implementation for the OpenStack cloud platform supports an Infrastructure-as-a-Service (IaaS) cloud and provides trustworthy forensic acquisition of virtual disks, API logs, and guest firewall logs. Unlike traditional acquisition tools, FROST works at the cloud managem...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1603.06542 شماره
صفحات -
تاریخ انتشار 2016