A Closer Look at Syncany Windows and Ubuntu Clients' Residual Artefacts

In this paper, we seek to determine the residual artefacts of forensic value on Windows and Ubuntu client machines of using Syncany private cloud storage service. We demonstrate the types and the locations of the artefacts that can be forensically recovered (e.g. artefacts associated with the installation, uninstallation, log-in, log-off, and file synchronisation actions). Findings from this research contribute to an in-depth understanding of cloud-enabled big data storage forensics related to the collection of big data artefacts from a private cloud storage service, which have real-world implications and impacts (e.g. in criminal investigations and civil litigations). Echoing the observations of Ab Rahman et al. (2006), we reiterated the importance of forensic-by-design in future cloud-enabled big data storage solutions.

[1]  Tahar Kechadi,et al.  Survey on Cloud Forensics and Critical Criteria for Cloud Forensic Capability: A Preliminary Analysis , 2011 .

[2]  M. Tahar Kechadi,et al.  Cloud forensics definitions and critical criteria for cloud forensic capability: An overview of survey results , 2013, Digit. Investig..

[3]  Hans P. Reiser,et al.  Network Forensics for Cloud Computing , 2013, DAIS.

[4]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[5]  Ali Dehghantanha,et al.  Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices , 2016 .

[6]  Alan T. Sherman,et al.  Design and Implementation of FROST - Digital Forensic Tools for the OpenStack Cloud Computing Platform , 2016 .

[7]  Rabih Bashroush,et al.  Sufficiency of Windows Event Log as Evidence in Digital Forensics , 2011, ICGS3/e-Democracy.

[8]  Anthony Keane,et al.  Digital forensics investigations in the Cloud , 2014, 2014 IEEE International Advance Computing Conference (IACC).

[9]  Kim-Kwang Raymond Choo,et al.  A Forensically Sound Adversary Model for Mobile Devices , 2015, PloS one.

[10]  Kim-Kwang Raymond Choo,et al.  Windows Event Forensic Process , 2014, IFIP Int. Conf. Digital Forensics.

[11]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[12]  Ali Dehghantanha,et al.  Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms , 2016 .

[13]  Rodney McKemmish,et al.  What is forensic computing , 1999 .

[14]  M. Tahar Kechadi,et al.  BitTorrent Sync: First Impressions and Digital Forensic Implications , 2014, Digit. Investig..

[15]  M. Tahar Kechadi,et al.  Leveraging Decentralization to Extend the Digital Evidence Acquisition Window: Case Study on Bittorrent Sync , 2014, J. Digit. Forensics Secur. Law.

[16]  Ali Dehghantanha,et al.  A survey about impacts of cloud computing on digital forensics , 2013 .

[17]  Kim-Kwang Raymond Choo,et al.  Impacts of increasing volume of digital forensic data: A survey and future research challenges , 2014, Digit. Investig..

[18]  Ali Dehghantanha,et al.  A Survey on Digital Forensics Trends , 2014 .

[19]  Ali Dehghantanha,et al.  Digital forensics: the missing piece of the Internet of Things promise , 2016 .

[20]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[21]  Stefanos Gritzalis,et al.  Cloud Forensics: Identifying the Major Issues and Challenges , 2014, CAiSE.

[22]  Kim-Kwang Raymond Choo,et al.  Remote Programmatic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[23]  Kim-Kwang Raymond Choo,et al.  Cloud incident handling and forensic‐by‐design: cloud storage as a case study , 2017, Concurr. Comput. Pract. Exp..

[24]  Kim-Kwang Raymond Choo,et al.  Cloud computing and its implications for cybercrime investigations in Australia , 2013, Comput. Law Secur. Rev..

[25]  Ali Dehghantanha,et al.  Cloud storage forensics: MEGA as a case study , 2017 .

[26]  Kim-Kwang Raymond Choo,et al.  framework for digital forensic evidence : Storage , intelligence , review and archive , 2014 .

[27]  Kim-Kwang Raymond Choo,et al.  Cloud Forensic Technical Challenges and Solutions: A Snapshot , 2014, IEEE Cloud Computing.

[28]  Ali Dehghantanha,et al.  A review on impacts of cloud computing and digital forensics , 2014 .

[29]  Kim-Kwang Raymond Choo,et al.  An integrated conceptual digital forensic framework for cloud computing , 2012, Digit. Investig..

[30]  Kim-Kwang Raymond Choo,et al.  Big forensic data reduction: digital forensic images and electronic evidence , 2016, Cluster Computing.

[31]  Timothy Grance,et al.  Guide to Integrating Forensic Techniques into Incident Response , 2006 .

[32]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[33]  M. Tahar Kechadi,et al.  Overview of the Forensic Investigation of Cloud Services , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[34]  Ali Dehghantanha,et al.  Windows Instant Messaging App Forensics: Facebook and Skype as Case Studies , 2016, PloS one.

[35]  Steven Furnell,et al.  Challenges to digital forensics: A survey of researchers & practitioners attitudes and opinions , 2013, 2013 Information Security for South Africa.

[36]  Kim-Kwang Raymond Choo,et al.  Is the data on your wearable device secure? An Android Wear smartwatch case study , 2017, Softw. Pract. Exp..

[37]  Sieteng Soh,et al.  Cloud forensics: Technical challenges, solutions and comparative analysis , 2015, Digit. Investig..

[38]  Ali Dehghantanha,et al.  Forensics investigation challenges in cloud computing environments , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[39]  Hein S. Venter,et al.  Digital forensics in the Cloud: The state of the art , 2015, 2015 IST-Africa Conference.

[40]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[41]  M. Tahar Kechadi,et al.  BitTorrent Sync: Network Investigation Methodology , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[42]  Kim-Kwang Raymond Choo,et al.  Distributed filesystem forensics: XtreemFS as a case study , 2014, Digit. Investig..

[43]  Ali Dehghantanha,et al.  Advances of mobile forensic procedures in Firefox OS , 2014 .

[44]  Christoph Wegener,et al.  Technical Issues of Forensic Investigations in Cloud Computing Environments , 2011, 2011 Sixth IEEE International Workshop on Systematic Approaches to Digital Forensic Engineering.

[45]  John Haggerty,et al.  Forensic investigation of social networking applications , 2014, Netw. Secur..

[46]  Ophir Frieder,et al.  A system for the proactive, continuous, and efficient collection of digital forensic evidence , 2011, Digit. Investig..

[47]  Kim-Kwang Raymond Choo,et al.  Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? , 2013, Digit. Investig..

[48]  Ali Dehghantanha,et al.  Forensic Investigation of Cooperative Storage Cloud Service: Symform as a Case Study , 2017, Journal of forensic sciences.

[49]  Ali Dehghantanha,et al.  Performance measurement for mobile forensic data acquisition in Firefox OS , 2014 .

[50]  Ragib Hasan,et al.  Cloud Forensics: A Meta-Study of Challenges, Approaches, and Open Problems , 2013, ArXiv.

[51]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[52]  Raffael Marty,et al.  Cloud application logging for forensics , 2011, SAC.

[53]  Ali Dehghantanha,et al.  Cloud Storage Forensic: hubiC as a Case-Study , 2015, 2015 IEEE 7th International Conference on Cloud Computing Technology and Science (CloudCom).

[54]  Ali Dehghantanha,et al.  Forensic Investigation of P2P Cloud Storage: BitTorrent Sync as a Case Study , 2017, ArXiv.

[55]  Ali Dehghantanha,et al.  SugarSync forensic analysis , 2016 .

[56]  Jason S. Hale Amazon Cloud Drive forensic analysis , 2013, Digit. Investig..