• PDF / 795,465 Bytes
• 23 Pages / 439.37 x 666.142 pts Page_size
• 8 Downloads / 223 Views

DOWNLOAD

REPORT

Cloud computing and cloud storage services, in particular, pose new challenges to digital forensic investigations. Currently, evidence acquisition for these services follows the traditional method of collecting artifacts residing on client devices. This approach requires labor-intensive reverse engineering effort and ultimately results in an acquisition that is inherently incomplete. Specifically, it makes the incorrect assumption that all the storage content associated with an account is fully replicated on the client. Additionally, there is no current method for acquiring historical data in the form of document revisions, nor is there a way to acquire cloud-native artifacts from targets such as Google Docs. This chapter introduces the concept of API-based evidence acquisition for cloud services, which addresses the limitations of traditional acquisition techniques by utilizing the officially-supported APIs of the services. To demonstrate the utility of this approach, a proof-of-concept acquisition tool, kumodd, is presented. The kumodd tool can acquire evidence from four major cloud drive providers: Google Drive, Microsoft OneDrive, Dropbox and Box. The implementation provides commandline and web user interfaces, and can be readily incorporated in established forensic processes.

Keywords: Cloud forensics, cloud drives, API-based acquisition

1.

Introduction

Cloud computing is emerging as the primary model for delivering information technology services to Internet-connected devices. It abstracts away the physical computing and communications infrastructure, and enables customers to effectively rent (instead of own and maintain) as much infrastructure as needed. According to NIST [14], cloud computing has five essential characteristics that distinguish it from previous c IFIP International Federation for Information Processing 2016  Published by Springer International Publishing AG 2016. All Rights Reserved G. Peterson and S. Shenoi (Eds.): Advances in Digital Forensics XII, IFIP AICT 484, pp. 213–235, 2016. DOI: 10.1007/978-3-319-46279-0 11

214

ADVANCES IN DIGITAL FORENSICS XII

service models: (i) on-demand self service; (ii) broad network access; (iii) resource pooling; (iv) rapid elasticity; and (v) measured service. The underpinning technological development that has made the cloud possible is the massive adoption of virtualization on commodity hardware systems. Ultimately, this allows for a large pool of resources, such as a data center, to be provisioned and load-balanced at a fine granularity, and for the computations of different users (and uses) to be strongly isolated. The first public cloud services – Amazon Web Services (AWS) – were introduced by Amazon in 2006. According to a 2015 report by RightScale [18], cloud adoption has become ubiquitous: 93% of businesses are experimenting with cloud deployments, with 82% adopting a hybrid strategy that combines the use of multiple providers (usually in a public-private configuration). Nonetheless, much of the technology transition is still ahead, as 68% of enterp

Recommend Documents

Forensic Analysis of Advanced Persistent Threat Attacks in Cloud Environments

240 106 7MB

Cloud Forensic Analysis on pCloud: From Volatile Memory Perspectives

136 65 41MB

Drives

187 16 13MB

A Critical Evaluation of Validation Practices in the Forensic Acquisition of Digital Evidence in South Africa

146 85 11MB

Forensic

191 43 47MB

Fundamentals of Electrical Drives

180 31 16MB

Fundamentals of Electrical Drives

210 38 12MB

Principles of Forensic Toxicology

2,702 373 16MB

Earprints, Forensic Evidence of

176 7 2MB

Voice, Forensic Evidence of

157 104 47MB

Skull, Forensic Evidence of

144 19 47MB

Forensic Photography

273 47 50MB