Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study

Researchers envisioned Storage as a Service (StaaS) as an effective solution to the distributed management of digital data. Cooperative storage cloud forensic is relatively new and is an under‐explored area of research. Using Symform as a case study, we seek to determine the data remnants from the use of cooperative cloud storage services. In particular, we consider both mobile devices and personal computers running various popular operating systems, namely Windows 8.1, Mac OS X Mavericks 10.9.5, Ubuntu 14.04.1 LTS, iOS 7.1.2, and Android KitKat 4.4.4. Potential artefacts recovered during the research include data relating to the installation and uninstallation of the cloud applications, log‐in to and log‐out from Symform account using the client application, file synchronization as well as their time stamp information. This research contributes to an in‐depth understanding of the types of terrestrial artifacts that are likely to remain after the use of cooperative storage cloud on client devices.

[1]  John Haggerty,et al.  Forensic investigation of social networking applications , 2014, Netw. Secur..

[2]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[3]  Kim-Kwang Raymond Choo Cloud computing: Challenges and future directions , 2010 .

[4]  Kim-Kwang Raymond Choo,et al.  Remote Programmatic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[5]  Derrick J. Farmer A FORENSIC ANALYSIS OF THE WINDOWS REGISTRY , 2007 .

[6]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[7]  Alan T. Sherman,et al.  Design and Implementation of FROST - Digital Forensic Tools for the OpenStack Cloud Computing Platform , 2016 .

[8]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[9]  Kim-Kwang Raymond Choo,et al.  Is the data on your wearable device secure? An Android Wear smartwatch case study , 2017, Softw. Pract. Exp..

[10]  Kim-Kwang Raymond Choo,et al.  Cloud incident handling and forensic‐by‐design: cloud storage as a case study , 2017, Concurr. Comput. Pract. Exp..

[11]  Kim-Kwang Raymond Choo,et al.  A Forensically Sound Adversary Model for Mobile Devices , 2015, PloS one.

[12]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[13]  Harlan Carvey Instant messaging investigations on a live Windows XP system , 2004, Digit. Investig..

[14]  Stefanos Gritzalis,et al.  Cloud Forensics: Identifying the Major Issues and Challenges , 2014, CAiSE.

[15]  Ragib Hasan,et al.  Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems , 2013, ArXiv.

[16]  Kurt Oestreicher,et al.  A forensically robust method for acquisition of iCloud data , 2014, Digit. Investig..

[17]  Kim-Kwang Raymond Choo,et al.  Mobile device forensics: a snapshot , 2013 .

[18]  Ragib Hasan,et al.  SecLaaS: secure logging-as-a-service for cloud forensics , 2013, ASIA CCS '13.

[19]  Kim-Kwang Raymond Choo,et al.  Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework , 2016, J. Netw. Comput. Appl..

[20]  Kim-Kwang Raymond Choo,et al.  Forensic data acquisition from cloud‐of‐things devices: windows Smartphones as a case study , 2017, Concurr. Comput. Pract. Exp..

[21]  Samuel B. Williams,et al.  ASSOCIATION FOR COMPUTING MACHINERY , 2000 .

[22]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[23]  Ali Dehghantanha,et al.  SugarSync forensic analysis , 2016 .

[24]  Jason S. Hale Amazon Cloud Drive forensic analysis , 2013, Digit. Investig..

[25]  Roberto Di Pietro,et al.  Windows Mobile LiveSD Forensics , 2013, J. Netw. Comput. Appl..

[26]  Stephen Mason,et al.  Digital evidence and 'cloud' computing , 2011, Comput. Law Secur. Rev..

[27]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[28]  Raffael Marty,et al.  Cloud application logging for forensics , 2011, SAC.

[29]  Kim-Kwang Raymond Choo,et al.  Mobile cloud forensics: An analysis of seven popular Android apps , 2015, The Cloud Security Ecosystem.

[30]  Kim-Kwang Raymond Choo,et al.  A survey of information security incident handling in the cloud , 2015, Comput. Secur..

[31]  ChooKim-Kwang Raymond,et al.  A survey of information security incident handling in the cloud , 2015 .

[32]  Kim-Kwang Raymond Choo,et al.  Windows Event Forensic Process , 2014, IFIP Int. Conf. Digital Forensics.

[33]  Anthony Keane,et al.  Digital forensics investigations in the Cloud , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[34]  Kim-Kwang Raymond Choo,et al.  Forensic Analysis of Windows Thumbcache files , 2014, AMCIS.

[35]  Ali Dehghantanha,et al.  Ubuntu One investigation: Detecting evidences on client machines , 2015, The Cloud Security Ecosystem.

[36]  Dongsong Zhang,et al.  Challenges, Methodologies, and Issues in the Usability Testing of Mobile Applications , 2005, Int. J. Hum. Comput. Interact..

[37]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[38]  M. Tahar Kechadi,et al.  BitTorrent Sync: Network Investigation Methodology , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[39]  Kim-Kwang Raymond Choo,et al.  Distributed filesystem forensics: XtreemFS as a case study , 2014, Digit. Investig..

[40]  Hans P. Reiser,et al.  Network Forensics for Cloud Computing , 2013, DAIS.

[41]  Kim-Kwang Raymond Choo,et al.  Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? , 2013, Digit. Investig..

[42]  Ali Dehghantanha,et al.  Forensics investigation challenges in cloud computing environments , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[43]  M. Tahar Kechadi,et al.  BitTorrent Sync: First Impressions and Digital Forensic Implications , 2014, Digit. Investig..

[44]  Kim-Kwang Raymond Choo,et al.  Cloud Forensic Technical Challenges and Solutions: A Snapshot , 2014, IEEE Cloud Computing.

[45]  Ali Dehghantanha,et al.  A review on impacts of cloud computing and digital forensics , 2014 .

[46]  Kim-Kwang Raymond Choo,et al.  An integrated conceptual digital forensic framework for cloud computing , 2012, Digit. Investig..

[47]  Kim-Kwang Raymond Choo Organised crime groups in cyberspace: a typology , 2008 .

[48]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[49]  Ali Dehghantanha,et al.  Windows Instant Messaging App Forensics: Facebook and Skype as Case Studies , 2016, PloS one.

[50]  M. P. F. C. A. J. Sammes BSc,et al.  Forensic Computing , 2000, Practitioner Series.

[51]  M. Tahar Kechadi,et al.  Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on Bittorrent Sync , 2014, J. Digit. Forensics Secur. Law.

[52]  Mohand Tahar Kechadi,et al.  Cloud Forensics , 2011, IFIP Int. Conf. Digital Forensics.

[53]  Tim Storer,et al.  Calm Before the Storm: The Challenges of Cloud Computing in Digital Forensics , 2014, Int. J. Digit. Crime Forensics.

[54]  Kim-Kwang Raymond Choo,et al.  Forensic-by-Design Framework for Cyber-Physical Cloud Systems , 2016, IEEE Cloud Computing.

[55]  Harlan Carvey Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7 , 2012 .

[56]  Harjinder Singh Lallie,et al.  Windows 7 registry forensic evidence created by three popular BitTorrent clients , 2011, Digit. Investig..

[57]  Alan T. Sherman,et al.  Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques , 2012, Digit. Investig..

[58]  Kim-Kwang Raymond Choo,et al.  Cloud computing and its implications for cybercrime investigations in Australia , 2013, Comput. Law Secur. Rev..