Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010329095 | HV8079.C65 Q85 2014 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
To reduce the risk of digital forensic evidence being called into question in judicial proceedings, it is important to have a rigorous methodology and set of procedures for conducting digital forensic investigations and examinations. Digital forensic investigation in the cloud computing environment, however, is in infancy due to the comparatively recent prevalence of cloud computing.
Cloud Storage Forensics presents the first evidence-based cloud forensic framework. Using three popular cloud storage services and one private cloud storage service as case studies, the authors show you how their framework can be used to undertake research into the data remnants on both cloud storage servers and client devices when a user undertakes a variety of methods to store, upload, and access data in the cloud. By determining the data remnants on client devices, you gain a better understanding of the types of terrestrial artifacts that are likely to remain at the Identification stage of an investigation. Once it is determined that a cloud storage service account has potential evidence of relevance to an investigation, you can communicate this to legal liaison points within service providers to enable them to respond and secure evidence in a timely manner.
Author Notes
Darren Quick is an Electronic Evidence Specialist in the Electronic Crime Section of the South Australia Police, and a PhD Scholar at the University of South Australia.
Ben Martini is the Digital Forensics Research Administrator in the Information Assurance Research Group and PhD Scholar at the University of South Australia.
Kim-Kwang Raymond Choo is a Fulbright Scholar and Senior Lecturer at the University of South Australia. He currently serves as the Research Director at Cloud Security Alliance, Australia Chapter.
Table of Contents
| Acknowledgments | p. xiii |
| About the Authors | p. xv |
| Forewords | p. xvii |
| Chapter 1 Introduction | p. 1 |
| Introduction | p. 1 |
| Cybercrime and the cloud | p. 3 |
| Challenges faced by law enforcement and government agencies | p. 5 |
| Summary | p. 7 |
| Structure of book and contributions to knowledge | p. 8 |
| References | p. 9 |
| Chapter 2 Cloud Storage Forensic Framework | p. 13 |
| Introduction | p. 13 |
| Cloud (storage) forensic framework | p. 13 |
| Commence (Scope) | p. 15 |
| Preparation | p. 15 |
| Evidence source identification and preservation | p. 16 |
| Collection | p. 17 |
| Examination and analysis | p. 18 |
| Presentation | p. 19 |
| Complete | p. 19 |
| Framework summary | p. 20 |
| References | p. 20 |
| Chapter 3 Microsoft SkyDrive Cloud Storage Forensic Analysis | p. 23 |
| Introduction | p. 23 |
| SkyDrive forensics: Windows 7 PC | p. 24 |
| Commence (Scope) | p. 24 |
| Preparation | p. 25 |
| Evidence source identification and preservation | p. 26 |
| Collection | p. 26 |
| Examination and analysis | p. 27 |
| Presentation | p. 47 |
| Complete | p. 48 |
| SkyDrive forensics: Apple iPhone 3G | p. 51 |
| Commence (Scope) | p. 52 |
| Preparation | p. 52 |
| Evidence source identification and preservation | p. 52 |
| Collection | p. 52 |
| Examination and analysis | p. 53 |
| Presentation | p. 53 |
| Complete | p. 55 |
| Case study | p. 55 |
| Step 1 Commence (Scope) | p. 55 |
| Step 2 Preparation | p. 56 |
| Step 3 Evidence source identification and preservation | p. 56 |
| Step 4 Collection | p. 56 |
| Step 5 Examination and analysis | p. 56 |
| Step 6 Presentation | p. 57 |
| Step 7 Complete | p. 59 |
| Conclusion | p. 59 |
| References | p. 60 |
| Chapter 4 Dropbox Analysis: Data Remnants on User Machines | p. 63 |
| Introduction | p. 63 |
| Dropbox forensics: Windows 7 PC | p. 64 |
| Commence (Scope) | p. 65 |
| Preparation | p. 65 |
| Evidence source identification and preservation | p. 69 |
| Collection | p. 69 |
| Examination and analysis | p. 70 |
| Presentation | p. 79 |
| Complete | p. 83 |
| Dropbox forensics: Apple iPhone 3G | p. 84 |
| Commence (Scope) | p. 84 |
| Preparation | p. 84 |
| Evidence source identification and preservation | p. 84 |
| Collection | p. 84 |
| Examination and analysis | p. 85 |
| Presentation | p. 86 |
| Complete | p. 88 |
| Case study | p. 88 |
| Step 1 Commence (Scope) | p. 88 |
| Step 2 Preparation | p. 88 |
| Step 3 Evidence source identification and preservation | p. 89 |
| Step 4 Collection | p. 89 |
| Step 5 Examination and analysis | p. 89 |
| Step 6 Presentation | p. 90 |
| Step 7 Complete | p. 90 |
| Conclusion | p. 90 |
| References | p. 92 |
| Chapter 5 Google Drive: Forensic Analysis of Cloud Storage Data Remnants | p. 95 |
| Introduction | p. 95 |
| Google drive forensics: Windows 7 PC | p. 96 |
| Commence (Scope) | p. 96 |
| Preparation | p. 96 |
| Evidence source identification and preservation | p. 98 |
| Collection | p. 98 |
| Examination and analysis | p. 98 |
| Presentation | p. 111 |
| Complete | p. 115 |
| Google drive forensics: Apple iPhone 3G | p. 115 |
| Commence (Scope) | p. 116 |
| Preparation | p. 116 |
| Evidence source identification and preservation | p. 116 |
| Collection | p. 116 |
| Examination and analysis | p. 117 |
| Presentation | p. 117 |
| Complete | p. 117 |
| Google drive case study | p. 118 |
| Step 1 Commence (Scope) | p. 118 |
| Step 2 Preparation | p. 118 |
| Step 3 Evidence source identification and preservation | p. 119 |
| Step 4 Collection | p. 120 |
| Step 5 Examination and analysis | p. 121 |
| Step 6 Presentation | p. 121 |
| Step 7 Complete | p. 121 |
| Conclusion | p. 121 |
| Summary of Microsoft SkyDrive, Dropbox, and Google Drive findings | p. 122 |
| References | p. 123 |
| Appendix A | p. 124 |
| Chapter 6 Open Source Cloud Storage Forensics: ownCloud as a Case Study | p. 127 |
| Introduction | p. 127 |
| Cloud forensics framework | p. 129 |
| Outline | p. 130 |
| Experiment setup | p. 130 |
| ownCloud overview | p. 130 |
| Environment configuration | p. 131 |
| Findings | p. 132 |
| Client forensics | p. 132 |
| Evidence source identification and preservation, and collection | p. 133 |
| Examination and analysis of client devices | p. 134 |
| Reporting and presentation | p. 138 |
| Server forensics | p. 138 |
| Evidence source identification and preservation | p. 139 |
| Collection | p. 141 |
| Server examination and analysis | p. 143 |
| Summary of findings | p. 147 |
| Conclusion | p. 148 |
| References | p. 150 |
| Chapter 7 Forensic Collection of Cloud Storage Data: Does the Act of Collection Result in Changes to the Data or its Metadata? | p. 153 |
| Introduction | p. 153 |
| Cloud storage providers | p. 154 |
| Dropbox | p. 154 |
| Google Drive | p. 155 |
| Microsoft SkyDrive | p. 156 |
| Data collection via Internet access to a user account | p. 156 |
| Dropbox | p. 159 |
| Google Drive | p. 162 |
| Microsoft SkyDrive | p. 164 |
| Research findings: discussion | p. 168 |
| File contents | p. 168 |
| Dates and times | p. 169 |
| Client software dates and times | p. 169 |
| Browser dates and times | p. 169 |
| Verification of findings | p. 170 |
| Summary | p. 171 |
| Conclusion | p. 172 |
| References | p. 173 |
| Chapter 8 Conclusion and Future Work | p. 175 |
| Research summary | p. 175 |
| Future work | p. 178 |
| Glossary | p. 179 |
| Index | p. 183 |
