Forensic analysis in the cloud: current state, technical obstacles & challenges
School of Science and Technology, MSc in Communications and Cybersecurity
Cloud is a new challenge which must be faced by forensic investigators. There are various types of cloud services, with each type having a different potential use in criminal activity. The difficulty lies in identifying and acquiring (or retaining) potential data when disparate services are used. The communication and cooperation with the service providers, for retrieving the stored files, is a time consuming process. For this reason, investigators must know where are the application data locally stored. There is a need for a framework of digital forensic investigations that is adapted to the requirements and special features of these services. In this thesis, we are proposing a framework based on existing methodologies. By using popular cloud services like Box, we will apply the proposed framework of forensic investigation on a computer with Windows 7. We will examine a variety of scenarios, including a number of file handling methods and access to this service. This research contributes to a better understanding of the artifacts that are likely to be encountered by investigators at the identification stage, by defining the data remnants in the computer system. Such possible sources of information are the application files, the browser history and RAM. Despite the fact that the use and sharing of software, hosted on the Internet, is the next step in exploitation of World Wide Web, it could be a challenge for the researchers of digital forensics. The dependency of individuals and businesses from various providers of cloud services (SaaS, PaaS, IaaS), may hinder the procedure of forensic investigations.