Investigation Model for Locating Data Remnants on Cloud Storage

Cloud storage services allow users to store their data online and remotely access, maintain, manage, and back up their data from anywhere through the Internet. Although this storage is helpful, it challenges digital forensic investigators and practitioners in collecting, identifying, acquiring, and preserving evidential data. This research proposes an investigation scheme for analyzing data remnants and determining probative artefacts in a cloud environment. Using the Box cloud as a case study, we collect the data remnants available on end-user device storage following the accessing, uploading, and storing of data in the cloud storage. The data remnants are collected from several sources, such as client software files, Prefetch, directory listings, registries, browsers, network PCAP, and memory and link files. Results indicate that the collected data remnants are helpful in determining a sufficient number of artefacts about investigated cybercrimes.

[1]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[2]  Abdulghani Ali,et al.  MICIE: A Model for Identifying and Collecting Intrusion Evidences , 2016, 2016 12th International Conference on Signal-Image Technology & Internet-Based Systems (SITIS).

[3]  Abdulghani Ali Ahmed,et al.  Analyzing Data Remnant Remains on User Devices to Determine Probative Artifacts in Cloud Environment , 2018, Journal of forensic sciences.

[4]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[5]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[6]  Mark Taylor,et al.  Digital evidence in cloud computing systems , 2010, Comput. Law Secur. Rev..

[7]  Abdulghani Ali Ahmed Investigation Approach for Network Attack Intention Recognition , 2020, Digital Forensics and Forensic Investigations.

[8]  Abdulghani Ali Ahmed,et al.  Securing user credentials in web browser: Review and suggestion , 2017, 2017 IEEE Conference on Big Data and Analytics (ICBDA).

[9]  Abdulghani Ali Ahmed,et al.  Locating and Collecting Cybercrime Evidences on Cloud Storage: Review , 2016, 2016 International Conference on Information Science and Security (ICISS).