Greening Cloud-Enabled Big Data Storage Forensics: Syncany as a Case Study

The pervasive nature of cloud-enabled big data storage solutions introduces new challenges in the identification, collection, analysis, preservation, and archiving of digital evidences. Investigation of such complex platforms to locate and recover traces of criminal activities is a time-consuming process. Hence, cyber forensics researchers are moving towards streamlining the investigation process by locating and documenting residual artefacts (evidences) of forensic value of users’ activities on cloud-enabled big data platforms in order to reduce the investigation time and resources involved in a real-world investigation. In this paper, we seek to determine the data remnants of forensic value from Syncany private cloud storage service, a popular storage engine for big data platforms. We demonstrate the types and the locations of the artifacts that can be forensically recovered. Findings from this research contribute to an in-depth understanding of cloud-enabled big data storage forensics, which can result in reduced time and resources spent in real-world investigations involving Syncany-based cloud platforms.

[1]  Kim-Kwang Raymond Choo,et al.  Cloud based data sharing with fine-grained proxy re-encryption , 2016, Pervasive Mob. Comput..

[2]  Ali Dehghantanha,et al.  Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study , 2017, Journal of forensic sciences.

[3]  Kim-Kwang Raymond Choo,et al.  Is the data on your wearable device secure? An Android Wear smartwatch case study , 2017, Softw. Pract. Exp..

[4]  Ali Dehghantanha,et al.  Network Traffic Forensics on Firefox Mobile OS: Facebook, Twitter and Telegram as Case Studies , 2017, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[5]  Kim-Kwang Raymond Choo,et al.  Using Multimedia Presentations to Enhance the Judiciary's Technical Understanding of Digital Forensic Concepts: An Indonesian Case Study , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[6]  Ophir Frieder,et al.  A system for the proactive, continuous, and efficient collection of digital forensic evidence , 2011, Digit. Investig..

[7]  Kim-Kwang Raymond Choo,et al.  Mobile cloud forensics: An analysis of seven popular Android apps , 2015, The Cloud Security Ecosystem.

[8]  Ali Dehghantanha,et al.  A Closer Look at Syncany Windows and Ubuntu Clients' Residual Artefacts , 2016, SpaCCS Workshops.

[9]  Ali Dehghantanha,et al.  Privacy-respecting digital investigation , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[10]  Ali Dehghantanha,et al.  Ubuntu One investigation: Detecting evidences on client machines , 2015, The Cloud Security Ecosystem.

[11]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[12]  Ali Dehghantanha,et al.  Forensics investigation challenges in cloud computing environments , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[13]  Kim-Kwang Raymond Choo,et al.  Cloud Forensic Technical Challenges and Solutions: A Snapshot , 2014, IEEE Cloud Computing.

[14]  Kim-Kwang Raymond Choo,et al.  Big forensic data reduction: digital forensic images and electronic evidence , 2016, Cluster Computing.

[15]  Ali Dehghantanha,et al.  Windows Instant Messaging App Forensics: Facebook and Skype as Case Studies , 2016, PloS one.

[16]  Ali Dehghantanha,et al.  Volatile memory acquisition using backup for forensic investigation , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[17]  Kim-Kwang Raymond Choo Organised crime groups in cyberspace: a typology , 2008 .

[18]  Kim-Kwang Raymond Choo,et al.  Impacts of increasing volume of digital forensic data: A survey and future research challenges , 2014, Digit. Investig..

[19]  Kim-Kwang Raymond Choo,et al.  Effectiveness of multimedia presentations in improving understanding of technical terminologies and concepts: a pilot study , 2017 .

[20]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[21]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[22]  Ali Dehghantanha,et al.  Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices , 2016 .

[23]  Kim-Kwang Raymond Choo,et al.  Achieving high performance and privacy-preserving query over encrypted multidimensional big metering data , 2018, Future Gener. Comput. Syst..

[24]  Alan T. Sherman,et al.  Design and Implementation of FROST - Digital Forensic Tools for the OpenStack Cloud Computing Platform , 2016 .

[25]  Kim-Kwang Raymond Choo,et al.  A Forensically Sound Adversary Model for Mobile Devices , 2015, PloS one.

[26]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[27]  Anthony Keane,et al.  Digital forensics investigations in the Cloud , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[28]  Robert H. Deng,et al.  Efficient and Privacy-Preserving Outsourced Calculation of Rational Numbers , 2018, IEEE Transactions on Dependable and Secure Computing.

[29]  Kim-Kwang Raymond Choo Cloud computing: Challenges and future directions , 2010 .

[30]  Kim-Kwang Raymond Choo,et al.  Balancing Privacy with Legitimate Surveillance and Lawful Data Access , 2015, IEEE Cloud Comput..

[31]  Kim-Kwang Raymond Choo,et al.  Remote Programmatic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[32]  Kim-Kwang Raymond Choo,et al.  A survey of information security incident handling in the cloud , 2015, Comput. Secur..

[33]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[34]  Ali Dehghantanha,et al.  A review on impacts of cloud computing and digital forensics , 2014 .

[35]  Raffael Marty,et al.  Cloud application logging for forensics , 2011, SAC.

[36]  Ali Dehghantanha,et al.  Cloud Storage Forensic: hubiC as a Case-Study , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[37]  Kim-Kwang Raymond Choo,et al.  An integrated conceptual digital forensic framework for cloud computing , 2012, Digit. Investig..

[38]  Rajiv Ranjan,et al.  Trustworthy Processing of Healthcare Big Data in Hybrid Clouds , 2015, IEEE Cloud Computing.

[39]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[40]  Kim-Kwang Raymond Choo,et al.  PEDAL: a dynamic analysis tool for efficient concurrency bug reproduction in big data environment , 2016, Cluster Computing.

[41]  Kim-Kwang Raymond Choo,et al.  Visualizing Digital Forensic Datasets: A Proof of Concept , 2017, Journal of forensic sciences.

[42]  Kim-Kwang Raymond Choo,et al.  Privacy-Preserving-Outsourced Association Rule Mining on Vertically Partitioned Databases , 2016, IEEE Transactions on Information Forensics and Security.

[43]  Kim-Kwang Raymond Choo,et al.  Cloud incident handling and forensic‐by‐design: cloud storage as a case study , 2017, Concurr. Comput. Pract. Exp..

[44]  Kim-Kwang Raymond Choo,et al.  Cloud computing and its implications for cybercrime investigations in Australia , 2013, Comput. Law Secur. Rev..

[45]  Kim-Kwang Raymond Choo,et al.  Android mobile VoIP apps: a survey and examination of their security and privacy , 2016, Electron. Commer. Res..

[46]  Kim-Kwang Raymond Choo,et al.  Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? , 2013, Digit. Investig..

[47]  M. P. F. C. A. J. Sammes BSc,et al.  Forensic Computing , 2000, Practitioner Series.

[48]  M. Tahar Kechadi,et al.  Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on Bittorrent Sync , 2014, J. Digit. Forensics Secur. Law.

[49]  Ali Dehghantanha,et al.  Forensic Investigation of P2P Cloud Storage: BitTorrent Sync as a Case Study , 2017, ArXiv.

[50]  Ali Dehghantanha,et al.  SugarSync forensic analysis , 2016 .

[51]  Jason S. Hale Amazon Cloud Drive forensic analysis , 2013, Digit. Investig..

[52]  Kim-Kwang Raymond Choo,et al.  Forensic data acquisition from cloud‐of‐things devices: windows Smartphones as a case study , 2017, Concurr. Comput. Pract. Exp..

[53]  Rajiv Ranjan,et al.  Geographical information system parallelization for spatial big data processing: a review , 2016, Cluster Computing.

[54]  Ali Dehghantanha,et al.  Greening Digital Forensics: Opportunities and Challenges , 2011, SPIT/IPC.

[55]  Kim-Kwang Raymond Choo,et al.  framework for digital forensic evidence : Storage , intelligence , review and archive , 2014 .

[56]  M. Tahar Kechadi,et al.  BitTorrent Sync: First Impressions and Digital Forensic Implications , 2014, Digit. Investig..

[57]  E. James Whitehead,et al.  HTTP Extensions for Distributed Authoring - WEBDAV , 1999, RFC.

[58]  Hans P. Reiser,et al.  Network Forensics for Cloud Computing , 2013, DAIS.

[59]  M. Tahar Kechadi,et al.  BitTorrent Sync: Network Investigation Methodology , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[60]  Kim-Kwang Raymond Choo,et al.  Distributed filesystem forensics: XtreemFS as a case study , 2014, Digit. Investig..