Cloud storage forensics: MEGA as a case study

The increasing use of smartphones and cloud storage apps allows users to access their data anywhere, anytime. Due to the potential of mobile devices being used and/or targeted by criminals, such devices are an important source of evidence in investigations of both cybercrime and traditional crimes, such as drug trafficking. In this paper, we study the MEGA cloud client app, an increasingly popular alternative to Google Drive, Dropbox and OneDrive, on both Android and iOS platforms. In our study, we identify a range of artefacts arising from user activities, such as login, uploading, downloading, deletion, and the sharing of files, which could be forensically recovered, as well as findings such as modification of files’ timestamps. Our findings contribute to an up-to-date understanding of cloud storage forensics.

[1]  Ali Dehghantanha,et al.  Towards secure model for SCADA systems , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[2]  Ali Dehghantanha,et al.  Performance measurement for mobile forensic data acquisition in Firefox OS , 2014 .

[3]  Jianliang Wei,et al.  Study of Network Public Opinion Monitoring Based on Social Tagging , 2013 .

[4]  Ali Dehghantanha,et al.  Cyber warfare trends and future , 2013 .

[5]  Kim-Kwang Raymond Choo,et al.  Dropbox analysis: Data remnants on user machines , 2013, Digit. Investig..

[6]  Ali Dehghantanha,et al.  A SURVEY ON PRIVACY ISSUES IN DIGITAL FORENSICS , 2014 .

[7]  Gianluigi Me,et al.  A Case Study on Digital Forensics in the Cloud , 2012, 2012 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery.

[8]  Tim Storer,et al.  Using Smartphones as a Proxy for Forensic Evidence Contained in Cloud Storage Services , 2013, 2013 46th Hawaii International Conference on System Sciences.

[9]  Corrado Federici,et al.  Cloud Data Imager: A unified answer to remote acquisition of cloud storage areas , 2014, Digit. Investig..

[10]  Alan T. Sherman,et al.  Acquiring forensic evidence from infrastructure-as-a-service cloud computing: Exploring and evaluating tools, trust, and techniques , 2012, Digit. Investig..

[11]  Ali Dehghantanha,et al.  A survey on privacy impacts of digital investigation , 2013 .

[12]  Ali Dehghantanha,et al.  Privacy-respecting digital investigation , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[13]  Kim-Kwang Raymond Choo,et al.  Remote Programmatic vCloud Forensics: A Six-Step Collection Process and a Proof of Concept , 2014, 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications.

[14]  Kim-Kwang Raymond Choo,et al.  Forensic collection of cloud storage data: Does the act of collection result in changes to the data or its metadata? , 2013, Digit. Investig..

[15]  Ali Dehghantanha,et al.  MODELLING BASED APPROACH FOR RECONSTRUCTING EVIDENCE OF VOIP MALICIOUS ATTACKS , 2012 .

[16]  SeyedHossein Mohtasebi,et al.  SMARTPHONE FORENSICS: A CASE STUDY WITH NOKIA E5-00 MOBILE PHONE , 2011 .

[17]  Kim-Kwang Raymond Choo,et al.  Cloud Storage Forensics , 2013, Contemporary Digital Forensic Investigations of Cloud and Mobile Applications.

[18]  Kim-Kwang Raymond Choo,et al.  Cloud Forensic Technical Challenges and Solutions: A Snapshot , 2014, IEEE Cloud Computing.

[19]  Ali Dehghantanha,et al.  A review on impacts of cloud computing and digital forensics , 2014 .

[20]  Kim-Kwang Raymond Choo,et al.  An integrated conceptual digital forensic framework for cloud computing , 2012, Digit. Investig..

[21]  Ali Dehghantanha,et al.  UPM: User-Centered Privacy Model in Pervasive Computing Systems , 2009, 2009 International Conference on Future Computer and Communication.

[22]  Ali Dehghantanha,et al.  Trends In Android Malware Detection , 2013, J. Digit. Forensics Secur. Law.

[23]  Kim-Kwang Raymond Choo,et al.  Cloud security ecosystem , 2015, The Cloud Security Ecosystem.

[24]  Kim-Kwang Raymond Choo,et al.  Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users , 2014, Behav. Inf. Technol..

[25]  Kim-Kwang Raymond Choo,et al.  Cloud storage forensics: ownCloud as a case study , 2013, Digit. Investig..

[26]  Kurt Oestreicher,et al.  A forensically robust method for acquisition of iCloud data , 2014, Digit. Investig..

[27]  Sangjin Lee,et al.  Digital forensic investigation of cloud storage services , 2012, Digit. Investig..

[28]  Ali Dehghantanha,et al.  Cloud computing and conflicts with digital forensic investigation , 2013 .

[29]  Sieteng Soh,et al.  Cloud forensics: Technical challenges, solutions and comparative analysis , 2015, Digit. Investig..

[30]  Tim Storer,et al.  Recovering residual forensic data from smartphone interactions with cloud storage providers , 2015, The Cloud Security Ecosystem.

[31]  Ali Dehghantanha,et al.  Forensics investigation challenges in cloud computing environments , 2012, Proceedings Title: 2012 International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec).

[32]  Kim-Kwang Raymond Choo,et al.  Conceptual evidence collection and analysis methodology for Android devices , 2015, The Cloud Security Ecosystem.

[33]  Ali Dehghantanha,et al.  Investigation of bypassing malware defences and malware detections , 2011, 2011 7th International Conference on Information Assurance and Security (IAS).

[34]  Ali Dehghantanha,et al.  Investigating Social Networking applications on smartphones detecting Facebook, Twitter, LinkedIn and Google+ artefacts on Android and iOS platforms , 2016 .

[35]  Kim-Kwang Raymond Choo,et al.  Distributed filesystem forensics: XtreemFS as a case study , 2014, Digit. Investig..

[36]  Ali Dehghantanha,et al.  Advances of mobile forensic procedures in Firefox OS , 2014 .

[37]  Ali Dehghantanha,et al.  Towards a Unified Forensic Investigation Framework of Smartphones , 2013 .

[38]  Kim-Kwang Raymond Choo,et al.  Digital droplets: Microsoft SkyDrive forensic data remnants , 2013, Future Gener. Comput. Syst..

[39]  Raffael Marty,et al.  Cloud application logging for forensics , 2011, SAC.

[40]  Ali Dehghantanha,et al.  Cloud Forensics Issues and Opportunities , 2013 .

[41]  Ali Selamat,et al.  A survey on malware propagation, analysis, and detection , 2013 .

[42]  Ali Dehghantanha,et al.  SugarSync forensic analysis , 2016 .

[43]  Jason S. Hale Amazon Cloud Drive forensic analysis , 2013, Digit. Investig..

[44]  Kim-Kwang Raymond Choo,et al.  Google Drive: Forensic analysis of data remnants , 2014, J. Netw. Comput. Appl..

[45]  Kim-Kwang Raymond Choo,et al.  Mobile cloud forensics: An analysis of seven popular Android apps , 2015, The Cloud Security Ecosystem.

[46]  Kim-Kwang Raymond Choo,et al.  Cloud Storage Forensic Framework , 2014 .