To reduce the risk of digital forensic evidence being called into question in judicial proceedings, it is important to have a rigorous methodology and set of procedures for conducting digital forensic investigations and examinations. Digital forensic investigation in the cloud computing environment, however, is in infancy due to the comparatively recent prevalence of cloud computing.
Cloud Storage Forensics presents the first evidence-based cloud forensic framework. Using three popular cloud storage services and one private cloud storage service as case studies, the authors show you how their framework can be used to undertake research into the data remnants on both cloud storage servers and client devices when a user undertakes a variety of methods to store, upload, and access data in the cloud. By determining the data remnants on client devices, you gain a better understanding of the types of terrestrial artifacts that are likely to remain at the Identification stage of an investigation. Once it is determined that a cloud storage service account has potential evidence of relevance to an investigation, you can communicate this to legal liaison points within service providers to enable them to respond and secure evidence in a timely manner.
- Learn to use the methodology and tools from the first evidenced-based cloud forensic framework
- Case studies provide detailed tools for analysis of cloud storage devices using popular cloud storage services
- Includes coverage of the legal implications of cloud storage forensic investigations
- Discussion of the future evolution of cloud storage and its impact on digital forensics
Arvustused
"The authors discuss the challenges that the use of cloud computing presents for investigators, and propose a framework to support forensic investigations that involve cloud storageThis is a good, concise work on a subject of growing importance." --Computing Reviews,July 21 2014
"...excellently written and categorized for each facet of forensics and security issues...Rarely is a book a valuable addition to your collection from both research and industrial perspectives." --Computing Reviews,July 23 2014
Muu info
The most comprehensive coverage of cloud storage forensics available for researchers and field practitioners.
| Acknowledgments |
|
xiii | |
| About the Authors |
|
xv | |
| Forewords |
|
xvii | |
|
|
|
1 | (12) |
|
|
|
1 | (2) |
|
|
|
3 | (2) |
|
Challenges faced by law enforcement and government agencies |
|
|
5 | (2) |
|
|
|
7 | (1) |
|
Structure of book and contributions to knowledge |
|
|
8 | (5) |
|
|
|
9 | (4) |
|
Chapter 2 Cloud Storage Forensic Framework |
|
|
13 | (10) |
|
|
|
13 | (1) |
|
Cloud (storage) forensic framework |
|
|
13 | (7) |
|
|
|
15 | (1) |
|
|
|
15 | (1) |
|
Evidence source identification and preservation |
|
|
16 | (1) |
|
|
|
17 | (1) |
|
|
|
18 | (1) |
|
|
|
19 | (1) |
|
|
|
19 | (1) |
|
|
|
20 | (3) |
|
|
|
20 | (3) |
|
Chapter 3 Microsoft SkyDrive Cloud Storage Forensic Analysis |
|
|
23 | (40) |
|
|
|
23 | (1) |
|
SkyDrive forensics: Windows 7 PC |
|
|
24 | (27) |
|
|
|
24 | (1) |
|
|
|
25 | (1) |
|
Evidence source identification and preservation |
|
|
26 | (1) |
|
|
|
26 | (1) |
|
|
|
27 | (20) |
|
|
|
47 | (1) |
|
|
|
48 | (3) |
|
SkyDrive forensics: Apple iPhone 3G |
|
|
51 | (4) |
|
|
|
52 | (1) |
|
|
|
52 | (1) |
|
Evidence source identification and preservation |
|
|
52 | (1) |
|
|
|
52 | (1) |
|
|
|
53 | (1) |
|
|
|
53 | (2) |
|
|
|
55 | (1) |
|
|
|
55 | (8) |
|
|
|
55 | (1) |
|
|
|
56 | (1) |
|
Step 3 Evidence source identification and preservation |
|
|
56 | (1) |
|
|
|
56 | (1) |
|
Step 5 Examination and analysis |
|
|
56 | (1) |
|
|
|
57 | (2) |
|
|
|
59 | (1) |
|
|
|
59 | (1) |
|
|
|
60 | (3) |
|
Chapter 4 Dropbox Analysis: Data Remnants on User Machines |
|
|
63 | (32) |
|
|
|
63 | (1) |
|
Dropbox forensics: Windows 7 PC |
|
|
64 | (20) |
|
|
|
65 | (1) |
|
|
|
65 | (4) |
|
Evidence source identification and preservation |
|
|
69 | (1) |
|
|
|
69 | (1) |
|
|
|
70 | (9) |
|
|
|
79 | (4) |
|
|
|
83 | (1) |
|
Dropbox forensics: Apple iPhone 3G |
|
|
84 | (4) |
|
|
|
84 | (1) |
|
|
|
84 | (1) |
|
Evidence source identification and preservation |
|
|
84 | (1) |
|
|
|
84 | (1) |
|
|
|
85 | (1) |
|
|
|
86 | (2) |
|
|
|
88 | (1) |
|
|
|
88 | (7) |
|
|
|
88 | (1) |
|
|
|
88 | (1) |
|
Step 3 Evidence source identification and preservation |
|
|
89 | (1) |
|
|
|
89 | (1) |
|
Step 5 Examination and analysis |
|
|
89 | (1) |
|
|
|
90 | (1) |
|
|
|
90 | (1) |
|
|
|
90 | (2) |
|
|
|
92 | (3) |
|
Chapter 5 Google Drive: Forensic Analysis of Cloud Storage Data Remnants |
|
|
95 | (32) |
|
|
|
95 | (1) |
|
Google drive forensics: Windows 7 PC |
|
|
96 | (19) |
|
|
|
96 | (1) |
|
|
|
96 | (2) |
|
Evidence source identification and preservation |
|
|
98 | (1) |
|
|
|
98 | (1) |
|
|
|
98 | (13) |
|
|
|
111 | (4) |
|
|
|
115 | (1) |
|
Google drive forensics: Apple iPhone 3G |
|
|
115 | (3) |
|
|
|
116 | (1) |
|
|
|
116 | (1) |
|
Evidence source identification and preservation |
|
|
116 | (1) |
|
|
|
116 | (1) |
|
|
|
117 | (1) |
|
|
|
117 | (1) |
|
|
|
117 | (1) |
|
|
|
118 | (4) |
|
|
|
118 | (1) |
|
|
|
118 | (1) |
|
Step 3 Evidence source identification and preservation |
|
|
119 | (1) |
|
|
|
120 | (1) |
|
Step 5 Examination and analysis |
|
|
121 | (1) |
|
|
|
121 | (1) |
|
|
|
121 | (1) |
|
|
|
121 | (1) |
|
Summary of Microsoft SkyDrive, Dropbox, and Google Drive findings |
|
|
122 | (2) |
|
|
|
123 | (1) |
|
|
|
124 | (3) |
|
Chapter 6 Open Source Cloud Storage Forensics: ownCloud as a Case Study |
|
|
127 | (26) |
|
|
|
127 | (3) |
|
Cloud forensics framework |
|
|
129 | (1) |
|
|
|
130 | (1) |
|
|
|
130 | (2) |
|
|
|
130 | (1) |
|
Environment configuration |
|
|
131 | (1) |
|
|
|
132 | (21) |
|
|
|
132 | (1) |
|
Evidence source identification and preservation, and collection |
|
|
133 | (1) |
|
Examination and analysis of client devices |
|
|
134 | (4) |
|
Reporting and presentation |
|
|
138 | (1) |
|
|
|
138 | (1) |
|
Evidence source identification and preservation |
|
|
139 | (2) |
|
|
|
141 | (2) |
|
Server examination and analysis |
|
|
143 | (4) |
|
|
|
147 | (1) |
|
|
|
148 | (2) |
|
|
|
150 | (3) |
|
Chapter 7 Forensic Collection of Cloud Storage Data: Does the Act of Collection Result in Changes to the Data or its Metadata? |
|
|
153 | (22) |
|
|
|
153 | (1) |
|
|
|
154 | (2) |
|
|
|
154 | (1) |
|
|
|
155 | (1) |
|
|
|
156 | (1) |
|
Data collection via Internet access to a user account |
|
|
156 | (12) |
|
|
|
159 | (3) |
|
|
|
162 | (2) |
|
|
|
164 | (4) |
|
Research findings: discussion |
|
|
168 | (7) |
|
|
|
168 | (1) |
|
|
|
169 | (1) |
|
Client software dates and times |
|
|
169 | (1) |
|
|
|
169 | (1) |
|
|
|
170 | (1) |
|
|
|
171 | (1) |
|
|
|
172 | (1) |
|
|
|
173 | (2) |
|
Chapter 8 Conclusion and Future Work |
|
|
175 | (4) |
|
|
|
175 | (3) |
|
|
|
178 | (1) |
| Glossary |
|
179 | (4) |
| Index |
|
183 | |
Darren Quick is an Electronic Evidence Specialist with the South Australia Police, and a PhD Scholar at the Information Assurance Research Group, Advanced Computing Research Centre at the University of South Australia. He has undertaken over 550 forensic investigations involving thousands of digital evidence items including; computers, hard drives, mobile telephones, servers, and portable storage devices. He holds a Master of Science degree in Cyber Security and Forensic Computing, and has undertaken formal training in a range of forensic software and analysis techniques. In 2012 Darren was awarded membership of the Golden Key International Honour Society. Darren has co-authored a number of publications in relation to digital forensic analysis and cloud storage, and is a member of the Board of Referees for Digital Investigation - The International Journal of Digital Forensics & Incident Response. He still has his first computer, a VIC20 in the original box. Ben Martini is the Digital Forensics Research Administrator, a Course Coordinator and a PhD Scholar at the Information Assurance Research Group, Advanced Computing Research Centre at the University of South Australia. His PhD research focus is in the field of Digital Forensics looking at the implications of Cloud Computing. He has a broad range of research interests in the Information Technology sector with a focus on computer security and digital forensics issues. Ben has worked actively in the South Australian IT industry in sectors including government departments, education and electronics across various organisations and continues to deliver occasional invited presentations to industry organisations in his area of expertise. He holds a Masters degree in Business Information Systems and a Bachelor degree in Information Technology (Networking and Security). He is supported by scholarships from both the University of South Australia and the Defence Systems Innovation Centre. Dr Kim-Kwang Raymond Choo is a Fulbright Scholar and Senior Lecturer at the University of South Australia. He has (co)authored a number of publications in the areas of anti-money laundering, cyber and information security, and digital forensics including a book published in Springers Advances in Information Security” book series and six Australian Government Australian Institute of Criminology refereed monographs. He has been an invited speaker for a number of events (e.g. 2011 UNODC-ITU Asia-Pacific Regional Workshop on Fighting Cybercrime and 2011 KANZ Broadband Summit 2011), and delivered Keynote/Plenary Speeches at ECPAT Taiwan 2008 Conference on Criminal Problems and Intervention Strategy, 2010 International Conference on Applied Linguistics and 2011 Economic Crime Asia Conference, and Invited Lecture at the Bangladesh Institute of International and Strategic Studies. He was one of over 20 international (and one of two Australian) experts consulted by the research team preparing McAfee's commissioned report entitled Virtual Criminology Report 2009: Virtually Here: The Age of Cyber Warfare”; and his opinions on cyber crime and cyber security are regularly published in the media. In 2009, he was named one of 10 Emerging Leaders in the Innovation category of The Weekend Australian Magazine / Microsoft's Next 100 series. He is also the recipient of several awards including the 2010 Australian Capital Territory (ACT) Pearcey Award for Taking a risk and making a difference in the development of the Australian ICT industry”, 2008 Australia Day Achievement Medallion in recognition of my dedication and contribution to the Australian Institute of Criminology, and through it to the public service of the nation, British Computer Societys Wilkes Award for the best paper published in the 2007 volume of the Computer Journal, and the Best Student Paper Award by the 2005 Australasian Conference on Information Security and Privacy.
Lisainfo e-raamatute kohta