CloudMe forensics: A case of big data forensic investigation

The significant increase in the volume, variety, and velocity of data complicates cloud forensic efforts, and such (big) evidential data will, at some point, become too (computationally) expensive to be fully identified, collected, and analysed in a timely manner. Thus, it is important for digital forensic practitioners to have an up‐to‐date knowledge of relevant data artefacts that could be forensically recovered from the cloud product under investigation. In this paper, CloudMe, a popular cloud storage service, is studied. The types and locations of the artefacts relating to the installation and uninstallation of CloudMe client application, logging in and out, and file synchronization events from the computer desktop and mobile clients are described. Findings from this research will also help inform future development of tools and techniques (e.g., data mining techniques) for cloud‐enabled big data endpoint forensics investigation.

[1]  M. Tahar Kechadi,et al.  BitTorrent Sync: Network Investigation Methodology , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[2]  Ali Dehghantanha,et al.  Network Traffic Forensics on Firefox Mobile OS: Facebook, Twitter and Telegram as Case Studies , 2017, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[3]  John Haggerty,et al.  Forensic investigation of social networking applications , 2014, Netw. Secur..

[4]  Ophir Frieder,et al.  A system for the proactive, continuous, and efficient collection of digital forensic evidence , 2011, Digit. Investig..

[5]  Kim-Kwang Raymond Choo Cloud computing: Challenges and future directions , 2010 .

[6]  Kim-Kwang Raymond Choo,et al.  Cloud Forensic Technical Challenges and Solutions: A Snapshot , 2014, IEEE Cloud Computing.

[7]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[8]  Michael Cooke Contemporary Digital Forensic Investigations of Cloud and Mobile Applications , 2017 .

[9]  Ali Dehghantanha,et al.  Volatile memory acquisition using backup for forensic investigation , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[10]  Ali Dehghantanha,et al.  A review on impacts of cloud computing and digital forensics , 2014 .

[11]  Raffael Marty,et al.  Cloud application logging for forensics , 2011, SAC.

[12]  Ali Dehghantanha,et al.  Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study , 2017, Journal of forensic sciences.

[13]  Ragib Hasan,et al.  Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems , 2013, ArXiv.

[14]  Kim-Kwang Raymond Choo,et al.  Mobile device forensics: a snapshot , 2013 .

[15]  Ali Dehghantanha,et al.  Ubuntu One investigation: Detecting evidences on client machines , 2015, The Cloud Security Ecosystem.

[16]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[17]  Kim-Kwang Raymond Choo,et al.  An integrated conceptual digital forensic framework for cloud computing , 2012, Digit. Investig..

[18]  Rajiv Ranjan,et al.  Trustworthy Processing of Healthcare Big Data in Hybrid Clouds , 2015, IEEE Cloud Computing.

[19]  Roberto Di Pietro,et al.  Windows Mobile LiveSD Forensics , 2013, J. Netw. Comput. Appl..

[20]  Ali Dehghantanha,et al.  Cloud storage forensics: MEGA as a case study , 2017 .

[21]  Ali Dehghantanha,et al.  Cloud Storage Forensic: hubiC as a Case-Study , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[22]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[23]  Kim-Kwang Raymond Choo,et al.  Distributed filesystem forensics: XtreemFS as a case study , 2014, Digit. Investig..

[24]  Ali Dehghantanha,et al.  Windows Instant Messaging App Forensics: Facebook and Skype as Case Studies , 2016, PloS one.

[25]  Steven Furnell,et al.  Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions , 2013, 2013 Information Security for South Africa.

[26]  Kim-Kwang Raymond Choo,et al.  Cloud Storage Forensics , 2013, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[27]  Ali Dehghantanha,et al.  Forensic Investigation of P2P Cloud Storage: BitTorrent Sync as a Case Study , 2017, ArXiv.

[28]  Ali Dehghantanha,et al.  SugarSync forensic analysis , 2016 .

[29]  Jason S. Hale Amazon Cloud Drive forensic analysis , 2013, Digit. Investig..

[30]  S. H. Mohtasebi,et al.  Chapter 13 – Cloud Storage Forensics: Analysis of Data Remnants on SpiderOak, JustCloud, and pCloud , 2017 .

[31]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[32]  Kim-Kwang Raymond Choo,et al.  Impacts of increasing volume of digital forensic data: A survey and future research challenges , 2014, Digit. Investig..

[33]  M. Tahar Kechadi,et al.  Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on Bittorrent Sync , 2014, J. Digit. Forensics Secur. Law.

[34]  Ali Dehghantanha,et al.  Investigating America Online Instant Messaging Application: Data Remnants on Windows 8.1 Client Machine , 2017, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[35]  Kim-Kwang Raymond Choo,et al.  Remote Programmatic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[36]  Ali Dehghantanha,et al.  Digital forensics: the missing piece of the Internet of Things promise , 2016 .

[37]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[38]  Stefanos Gritzalis,et al.  Cloud Forensics: Identifying the Major Issues and Challenges , 2014, CAiSE.

[39]  Ali Dehghantanha,et al.  Residual Cloud Forensics: CloudMe and 360Yunpan as Case Studies , 2017, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[40]  M. Tahar Kechadi,et al.  BitTorrent Sync: First Impressions and Digital Forensic Implications , 2014, Digit. Investig..

[41]  Kim-Kwang Raymond Choo,et al.  Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? , 2013, Digit. Investig..

[42]  Ali Dehghantanha,et al.  Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study , 2018, IEEE Transactions on Sustainable Computing.

[43]  M. Tahar Kechadi,et al.  Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results , 2013, Digit. Investig..

[44]  Hans P. Reiser,et al.  Network Forensics for Cloud Computing , 2013, DAIS.

[45]  Sieteng Soh,et al.  Cloud forensics: Technical challenges, solutions and comparative analysis , 2015, Digit. Investig..

[46]  Ali Dehghantanha,et al.  Forensics investigation challenges in cloud computing environments , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[47]  Hein S. Venter,et al.  Digital forensics in the Cloud: The state of the art , 2015, 2015 IST-Africa Conference.

[48]  Ali Dehghantanha,et al.  Forensic Investigation of Social Media and Instant Messaging Services in Firefox OS: Facebook, Twitter, Google+, Telegram, OpenWapp and Line as Case Studies , 2017, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[49]  Ali Dehghantanha,et al.  M0Droid: An Android Behavioral-Based Malware Detection Model , 2015 .

[50]  Ali Dehghantanha,et al.  Analysis of virtual honeynet and VLAN-based virtual networks , 2011, 2011 International Symposium on Humanities, Science and Engineering Research.

[51]  Rodney McKemmish,et al.  What is forensic computing , 1999 .

[52]  Amirullah Amirullah,et al.  Forensics Analysis from Cloud Storage Client Application on Proprietary Operating System , 2016 .

[53]  Kim-Kwang Raymond Choo,et al.  Cloud incident handling and forensic‐by‐design: cloud storage as a case study , 2017, Concurr. Comput. Pract. Exp..

[54]  Ali Dehghantanha,et al.  A Survey on Digital Forensics Trends , 2014 .

[55]  Kim-Kwang Raymond Choo,et al.  Big forensic data reduction: digital forensic images and electronic evidence , 2016, Cluster Computing.

[56]  Kim-Kwang Raymond Choo Organised crime groups in cyberspace: a typology , 2008 .

[57]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[58]  M. Tahar Kechadi,et al.  Overview of the Forensic Investigation of Cloud Services , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[59]  Alan T. Sherman,et al.  Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques , 2012, Digit. Investig..

[60]  Kim-Kwang Raymond Choo,et al.  Cloud computing and its implications for cybercrime investigations in Australia , 2013, Comput. Law Secur. Rev..

[61]  Kim-Kwang Raymond Choo,et al.  Android mobile VoIP apps: a survey and examination of their security and privacy , 2016, Electron. Commer. Res..

[62]  Kim-Kwang Raymond Choo,et al.  A survey of information security incident handling in the cloud , 2015, Comput. Secur..

[63]  Kim-Kwang Raymond Choo,et al.  Is the data on your wearable device secure? An Android Wear smartwatch case study , 2017, Softw. Pract. Exp..

[64]  Ali Dehghantanha,et al.  A Closer Look at Syncany Windows and Ubuntu Clients' Residual Artefacts , 2016, SpaCCS Workshops.

[65]  Ali Dehghantanha,et al.  Privacy-respecting digital investigation , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[66]  Kim-Kwang Raymond Choo,et al.  Mobile cloud forensics: An analysis of seven popular Android apps , 2015, The Cloud Security Ecosystem.

[67]  Martin Herman,et al.  NIST Cloud Computing Forensic Science Challenges , 2020 .

[68]  Anthony Keane,et al.  Digital forensics investigations in the Cloud , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[69]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[70]  Ali Dehghantanha,et al.  Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms , 2016 .

[71]  Tahar Kechadi,et al.  Survey on Cloud Forensics and Critical Criteria for Cloud Forensic Capability: A Preliminary Analysis , 2011 .

[72]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[73]  Lin Liu,et al.  DIGITAL & MULTIMEDIA SCIENCES , 2016 .

[74]  Ali Dehghantanha,et al.  Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices , 2016 .

[75]  Alan T. Sherman,et al.  Design and Implementation of FROST - Digital Forensic Tools for the OpenStack Cloud Computing Platform , 2016 .

[76]  Kim-Kwang Raymond Choo,et al.  A Forensically Sound Adversary Model for Mobile Devices , 2015, PloS one.

[77]  Matthew A. Russell,et al.  Mining the Social Web: Data Mining Facebook, Twitter, LinkedIn, Google+, GitHub, and More , 2018 .

[78]  Kim-Kwang Raymond Choo,et al.  Forensic data acquisition from cloud‐of‐things devices: windows Smartphones as a case study , 2017, Concurr. Comput. Pract. Exp..

[79]  Kim-Kwang Raymond Choo,et al.  framework for digital forensic evidence : Storage , intelligence , review and archive , 2014 .