Description

To reduce the risk of digital forensic evidence being called into question in judicial proceedings, it is important to have a rigorous methodology and set of procedures for conducting digital forensic investigations and examinations. Digital forensic investigation in the cloud computing environment, however, is in infancy due to the comparatively recent prevalence of cloud computing.

Cloud Storage Forensics presents the first evidence-based cloud forensic framework. Using three popular cloud storage services and one private cloud storage service as case studies, the authors show you how their framework can be used to undertake research into the data remnants on both cloud storage servers and client devices when a user undertakes a variety of methods to store, upload, and access data in the cloud. By determining the data remnants on client devices, you gain a better understanding of the types of terrestrial artifacts that are likely to remain at the Identification stage of an investigation. Once it is determined that a cloud storage service account has potential evidence of relevance to an investigation, you can communicate this to legal liaison points within service providers to enable them to respond and secure evidence in a timely manner.

Key Features

  • Learn to use the methodology and tools from the first evidenced-based cloud forensic framework
  • Case studies provide detailed tools for analysis of cloud storage devices using popular cloud storage services
  • Includes coverage of the legal implications of cloud storage forensic investigations
  • Discussion of the future evolution of cloud storage and its impact on digital forensics

Readership

Information Security professionals of all levels, digital forensic and e-discovery researchers and practitioners, law enforcement agencies, and an academic audience among postgraduate and undergraduate students studying digital forensics and e-discovery.

Table of Contents

Dedication

Acknowledgments

About the Authors

Forewords

Chapter 1. Introduction

Information in this chapter

Introduction

Structure of book and contributions to knowledge

References

Chapter 2. Cloud Storage Forensic Framework

Information in this chapter

Introduction

Cloud (storage) forensic framework

Framework summary

References

Chapter 3. Microsoft SkyDrive Cloud Storage Forensic Analysis

Information in this chapter

Introduction

SkyDrive forensics: Windows 7 PC

SkyDrive forensics: Apple iPhone 3G

Case study

Conclusion

References

Chapter 4. Dropbox Analysis: Data Remnants on User Machines

Information in this chapter

Introduction

Dropbox forensics: Windows 7 PC

Dropbox forensics: Apple iPhone 3G

Case study

Conclusion

References

Chapter 5. Google Drive: Forensic Analysis of Cloud Storage Data Remnants

Information in this chapter

Introduction

Google drive forensics: Windows 7 PC

Google drive forensics: Apple iPhone 3G

Google drive case study

Conclusion

Summary of Microsoft SkyDrive, Dropbox, and Google Drive findings

References

Appendix A

Chapter 6. Open Source Cloud Storage Forensics: ownCloud as a Case Study

Information in this chapter

Introduction

Experiment setup

Findings

Conclusion

References

Chapter 7. Forensic Collection of Cloud Storage Data: Does the Act of Collection Result in Changes to the Data or its Metadata?

Information in this chapter

Introduction

Cloud storage providers

Data collection via Internet access to a user account

Research findings: discussion

Conclusion

References

Chapter 8. Conclusion and Future Work<

Details

No. of pages:
208
Language:
English
Copyright:
© 2014
Published:
Imprint:
Syngress
Electronic ISBN:
9780124199910
Print ISBN:
9780124199705

About the authors

Darren Quick

Darren Quick is an Electronic Evidence Specialist with the South Australia Police, and a PhD Scholar at the Information Assurance Research Group, Advanced Computing Research Centre at the University of South Australia. He has undertaken over 550 forensic investigations involving thousands of digital evidence items including; computers, hard drives, mobile telephones, servers, and portable storage devices. He holds a Master of Science degree in Cyber Security and Forensic Computing, and has undertaken formal training in a range of forensic software and analysis techniques. In 2012 Darren was awarded membership of the Golden Key International Honour Society. Darren has co-authored a number of publications in relation to digital forensic analysis and cloud storage, and is a member of the Board of Referees for Digital Investigation - The International Journal of Digital Forensics & Incident Response. He still has his first computer, a VIC20 in the original box.

Ben Martini

Ben Martini is the Digital Forensics Research Administrator, a Course Coordinator and a PhD Scholar at the Information Assurance Research Group, Advanced Computing Research Centre at the University of South Australia. His PhD research focus is in the field of Digital Forensics looking at the implications of Cloud Computing. He has a broad range of research interests in the Information Technology sector with a focus on computer security and digital forensics issues. Ben has worked actively in the South Australian IT industry in sectors including government departments, education and electronics across various organisations and continues to deliver occasional invited presentations to industry organisations in his area of expertise. He holds a Masters degree in Business Information Systems and a Bachelor degree in Information Technology (Networking and Security). He is supported by scholarships from both the University of South Australia and the Defence Systems Innovation Centre.

Raymond Choo

Dr Kim-Kwang Raymond Choo is a Fulbright Scholar and Senior Lecturer at the University of South Australia. He has (co)authored a number of publications in the areas of anti-money laundering, cyber and information security, and digital forensics including a book published in Springer’s “Advances in Information Security” book series and six Australian Government Australian Institute of Criminology refereed monographs. He has been an invited speaker for a number of events (e.g. 2011 UNODC-ITU Asia-Pacific Regional Workshop on Fighting Cybercrime and 2011 KANZ Broadband Summit 2011), and delivered Keynote/Plenary Speeches at ECPAT Taiwan 2008 Conference on Criminal Problems and Intervention Strategy, 2010 International Conference on Applied Linguistics and 2011 Economic Crime Asia Conference, and Invited Lecture at the Bangladesh Institute of International and Strategic Studies. He was one of over 20 international (and one of two Australian) experts consulted by the research team preparing McAfee's commissioned report entitled “Virtual Criminology Report 2009: Virtually Here: The Age of Cyber Warfare”; and his opinions on cyber crime and cyber security are regularly published in the media. In 2009, he was named one of 10 Emerging Leaders in the Innovation category of The Weekend Australian Magazine / Microsoft's Next 100 series. He is also the recipient of several awards including the 2010 Australian Capital Territory (ACT) Pearcey Award for “Taking a risk and making a difference in the development of the Australian ICT industry”, 2008 Australia Day Achievement Medallion in recognition of my dedication and contribution to the Australian Institute of Criminology, and through it to the public service of the nation, British Computer Society’s Wilkes Award for the best paper published in the 2007 volume of the Computer Journal, and the Best Student Paper Award by the 2005 Australasian Conference on Information Security and Privacy.

Reviews

"The authors discuss the challenges that the use of cloud computing presents for investigators, and propose a framework to support forensic investigations that involve cloud storage…This is a good, concise work on a subject of growing importance."--Computing Reviews,July 21 2014

"...excellently written and categorized for each facet of forensics and security issues...Rarely is a book a valuable addition to your collection from both research and industrial perspectives."--Computing Reviews,July 23 2014