Cloud Storage Forensics
By Darren Quick, Ben Martini and Raymond Choo
4.5/5
()
About this ebook
To reduce the risk of digital forensic evidence being called into question in judicial proceedings, it is important to have a rigorous methodology and set of procedures for conducting digital forensic investigations and examinations. Digital forensic investigation in the cloud computing environment, however, is in infancy due to the comparatively recent prevalence of cloud computing.
Cloud Storage Forensics presents the first evidence-based cloud forensic framework. Using three popular cloud storage services and one private cloud storage service as case studies, the authors show you how their framework can be used to undertake research into the data remnants on both cloud storage servers and client devices when a user undertakes a variety of methods to store, upload, and access data in the cloud. By determining the data remnants on client devices, you gain a better understanding of the types of terrestrial artifacts that are likely to remain at the Identification stage of an investigation. Once it is determined that a cloud storage service account has potential evidence of relevance to an investigation, you can communicate this to legal liaison points within service providers to enable them to respond and secure evidence in a timely manner.
- Learn to use the methodology and tools from the first evidenced-based cloud forensic framework
- Case studies provide detailed tools for analysis of cloud storage devices using popular cloud storage services
- Includes coverage of the legal implications of cloud storage forensic investigations
- Discussion of the future evolution of cloud storage and its impact on digital forensics
Darren Quick
Darren Quick is an Electronic Evidence Specialist with the South Australia Police, and a PhD Scholar at the Information Assurance Research Group, Advanced Computing Research Centre at the University of South Australia. He has undertaken over 550 forensic investigations involving thousands of digital evidence items including; computers, hard drives, mobile telephones, servers, and portable storage devices. He holds a Master of Science degree in Cyber Security and Forensic Computing, and has undertaken formal training in a range of forensic software and analysis techniques. In 2012 Darren was awarded membership of the Golden Key International Honour Society. Darren has co-authored a number of publications in relation to digital forensic analysis and cloud storage, and is a member of the Board of Referees for Digital Investigation - The International Journal of Digital Forensics & Incident Response. He still has his first computer, a VIC20 in the original box.
Related to Cloud Storage Forensics
Related ebooks
Implementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsMalware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Data Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols Rating: 5 out of 5 stars5/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet Rating: 4 out of 5 stars4/5Hands-on Incident Response and Digital Forensics Rating: 0 out of 5 stars0 ratingsComputer Forensics: A Pocket Guide Rating: 4 out of 5 stars4/5Cuckoo Malware Analysis Rating: 0 out of 5 stars0 ratingsContemporary Digital Forensic Investigations of Cloud and Mobile Applications Rating: 0 out of 5 stars0 ratingsWireshark Network Security Rating: 3 out of 5 stars3/5Digital Forensics: Threatscape and Best Practices Rating: 0 out of 5 stars0 ratingsProfessional Penetration Testing: Volume 1: Creating and Learning in a Hacking Lab Rating: 4 out of 5 stars4/5Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity Rating: 0 out of 5 stars0 ratingsWireless Reconnaissance in Penetration Testing Rating: 0 out of 5 stars0 ratingsPractical Digital Forensics Rating: 0 out of 5 stars0 ratingsBuilding a Digital Forensic Laboratory: Establishing and Managing a Successful Facility Rating: 3 out of 5 stars3/5Digital Triage Forensics: Processing the Digital Crime Scene Rating: 2 out of 5 stars2/5Android Forensics: Investigation, Analysis and Mobile Security for Google Android Rating: 3 out of 5 stars3/5Managing Information Security Rating: 0 out of 5 stars0 ratingsCyber Crime and Cyber Terrorism Investigator's Handbook Rating: 4 out of 5 stars4/5Cybercrime and Espionage: An Analysis of Subversive Multi-Vector Threats Rating: 3 out of 5 stars3/5Investigating Internet Crimes: An Introduction to Solving Crimes in Cyberspace Rating: 0 out of 5 stars0 ratingsCyber Warfare: Techniques, Tactics and Tools for Security Practitioners Rating: 4 out of 5 stars4/5Learning Android Forensics Rating: 4 out of 5 stars4/5Securing the Internet of Things Rating: 5 out of 5 stars5/5Hacking and Penetration Testing with Low Power Devices Rating: 2 out of 5 stars2/5Data Breach Preparation and Response: Breaches are Certain, Impact is Not Rating: 0 out of 5 stars0 ratingsSeven Deadliest Network Attacks Rating: 3 out of 5 stars3/5Unified Communications Forensics: Anatomy of Common UC Attacks Rating: 4 out of 5 stars4/5
System Administration For You
Mastering Windows PowerShell Scripting Rating: 4 out of 5 stars4/5CompTIA A+ Complete Review Guide: Core 1 Exam 220-1101 and Core 2 Exam 220-1102 Rating: 5 out of 5 stars5/5Linux: Learn in 24 Hours Rating: 5 out of 5 stars5/5Learn PowerShell in a Month of Lunches, Fourth Edition: Covers Windows, Linux, and macOS Rating: 0 out of 5 stars0 ratingsPowerShell: A Comprehensive Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Arduino: A Quick-Start Beginner's Guide Rating: 4 out of 5 stars4/5Operating Systems DeMYSTiFieD Rating: 0 out of 5 stars0 ratingsLinux: A Comprehensive Guide to Linux Operating System and Command Line Rating: 0 out of 5 stars0 ratingsWordpress 2023 A Beginners Guide : Design Your Own Website With WordPress 2023 Rating: 0 out of 5 stars0 ratingsLinux Bible Rating: 0 out of 5 stars0 ratingsNetworking for System Administrators: IT Mastery, #5 Rating: 5 out of 5 stars5/5Bash Command Line Pro Tips Rating: 5 out of 5 stars5/5Git Essentials Rating: 4 out of 5 stars4/5The Complete Powershell Training for Beginners Rating: 0 out of 5 stars0 ratingsPractical Data Analysis Rating: 4 out of 5 stars4/5Learn Windows PowerShell in a Month of Lunches Rating: 0 out of 5 stars0 ratingsLearn PowerShell Scripting in a Month of Lunches Rating: 0 out of 5 stars0 ratingsSummary of Lights Out: by Ted Koppel | Includes Analysis Rating: 0 out of 5 stars0 ratingsLinux for Beginners: Linux Command Line, Linux Programming and Linux Operating System Rating: 4 out of 5 stars4/5Learn SQL Server Administration in a Month of Lunches Rating: 3 out of 5 stars3/5Improve your skills with Google Sheets: Professional training Rating: 0 out of 5 stars0 ratingsLinux Command-Line Tips & Tricks Rating: 0 out of 5 stars0 ratingsPowerShell: A Beginner's Guide to Windows PowerShell Rating: 4 out of 5 stars4/5Learning Linux Shell Scripting Rating: 4 out of 5 stars4/5
Reviews for Cloud Storage Forensics
3 ratings0 reviews
Book preview
Cloud Storage Forensics - Darren Quick
1
Introduction
Cloud computing is a relatively recent term to describe computer resources available as a service accessible over a network, such as internally to a corporation or externally available over the Internet; and cloud storage is the storage of electronic data on remote infrastructure, rather than local storage which is attached to a computer or electronic device. Cloud storage services are increasingly used by government, businesses, and consumers to store vast amounts of information. Cloud storage services (like other networked cyber infrastructure) are subject to exploitation by criminals, who may be able to use cloud computing services for criminal purposes, thus adding to the challenge of growing volumes of digital evidence in cases under investigation as briefly explained in this chapter. This chapter also introduces and presents the overall structure of the book, as well as the main contributions of the book to the study of cloud (storage) forensics.
Keywords
Computer forensics; cloud forensics; cloud storage; cloud storage forensics; digital forensics; forensic analysis; forensic computing; forensic framework; legislative responses; law enforcement responses; Storage as a Service (StaaS)
Information in this chapter¹
• Introduction to cloud computing
• Cybercrime and cloud computing
Introduction
It is not clear when the term cloud computing was first coined. For example, Bartholomew (2009), Bogatin (2006), and several others suggested that cloud computing
terminology was, perhaps, first coined by Google™ Chief Executive Eric Schmidt in 2006. Kaufman (2009) suggests that cloud computing terminology originates from the telecommunications world of the 1990s, when providers began using virtual private network (VPN) services for data communication.
Desisto, Plummer, and Smith (2008) state that [t]he first SaaS [Software as a Service] offerings were delivered in the late 1990s…[a]lthough these offerings weren’t called cloud computing.
In this paper, we adopt the definition introduced by the National Institute of Standards and Technology (NIST): Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction
(Mell & Grance, 2011).
In recent years, there has been a marked increase in the adoption of cloud computing. Gartner’s 2011 Hype Cycle for Cloud Computing report, for example, referred to cloud computing as the most hyped concept in IT
(Smith, 2011: 3). Cloud computing
has been a trending search on Google since 2009 with continued interest (Google, 2013). Another Gartner report suggested that cloud computing could be a US$149 billion market by 2014 and by 2016 could have 100% penetration in Forbes list of the Global 2000 companies (McGee, 2011). It can be reasonably assumed that many of those top 2000 companies will provide some level of online access via cloud computing to both their internal users and their customers.
The availability of cloud storage services is becoming a popular option for consumers to store data that is accessible via a range of devices, such as personal computers, tablets, and mobile phones. There are a range of cloud storage hosting providers, and many offer free cloud storage services, such as Dropbox™, Microsoft® SkyDrive®², and Google Drive™. Due to the large number of these services available, many commentators have used the phrase Storage as a Service (StaaS) to describe this type of service (Kovar, 2009; Meky & Ali, 2011; Waters, 2011; Wipperfeld 2009). This is an addition to the traditional cloud computing architectures documented by Mell and Grance (2011) of Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS). Consumers have adopted the cloud storage paradigm in huge numbers with Gartner forecasting massive growth in the area stating that users will be storing a third of their data in the cloud by 2016 (Gartner, 2012). However, many enterprises have remained cautious in moving their data into the public cloud storage environment due to issues such as data sovereignty and security, and complying with regulatory obligations. For example, enterprises who fail to comply with data protection legislation may lead to administrative, civil, and criminal sanctions.
A number of open and closed source cloud software products have been developed and/or are in development to address the needs of the enterprises and even individuals who want to leverage the features of cloud computing while continuing to store data on-site or otherwise under the control of the data custodian. Storing data on-site and/or having the data centers physically in the jurisdiction are increasingly seen as ways to reduce some of the location risks that cloud (storage) service clients currently face. For example, it was suggested at one of the hearings of the Australian Government Parliamentary Joint Committee on Intelligence and Security that the default position should be that governments, agencies and departments ought to keep their information onshore but use cloud for providers, because there are great cost savings to government by using cloud, using digital storage and accessing the digital economy, being a model user of things like the NBN, data cente[r]s and cloud computing. We think there is a real leadership role for government, but it needs to be done within something of a risk minimi[z]ation strategy, which means that you keep the data onshore and you do not look to send it offshore to a jurisdiction that you do not know about
(Australian Government Parliamentary Joint Committee on Intelligence and Security, 2012: 16). More recently in 2013, the Australian Government has also released the National Cloud Computing Strategy (Australian Government Department of Broadband, 2013) and the policy and risk management guidelines for the storage and processing of Australian Government information in outsourced or offshore information and communications technologies (ICTs) arrangements (Australian Government Attorney-General’s Department, 2013).
Cybercrime and the cloud
ICTs, such as personal computers, laptops, smartphones and tablets, are fundamental to modern society and open the door to increased productivity, faster communication capabilities, and immeasurable convenience. However, it also changes the way criminals conduct their activities, and vulnerabilities in ICT infrastructure are fertile grounds for criminal exploitation. Few today would challenge the assertion that the era of globalization has been accompanied by an increase in the sophistication and volume of malicious cyber activities. Cyberspace can be used as an extension to facilitate and enhance traditional forms of crime as well as to create new forms of crime. In this chapter, the use of ICT as a tool for the commission of a crime or as the object of a crime (Choo, Smith, & McCusker, 2007) will be referred to as cybercrime
for the purposes of linguistic simplicity. The term is, for example, referred to in Australia’s Cybercrime Act 2001 (Cth) as well as the Council of Europe Convention on Cybercrime with different meanings. Commonly, it is understood by reference to the types of conduct to which it applies; these include offences under Part 10.7 of the Criminal Code Act 1995 (Cth) and conduct such as online fraud, cyber-bullying and using the Internet to view or store child exploitation material or for the purposes of child grooming.
While the advent of ICT has allowed for the emergence of new types of criminal behavior such as the use of malware (malicious software such as Trojan horses, viruses, and worms), there is a growing consensus that existing laws in relation to areas such as theft, forgery, and malicious damage to property are generally capable of suitable modification so as to adequately handle many of the situations envisaged by more specific laws directly targeting such behavior (Brenner, 2001). Indeed, it is possible to argue that cybercrime is best thought of as the exploitation of a new technology to commit an old crime in new ways and…to engage in a limited variety of new types of criminal activity
(Brenner, 2001: np).
Nevertheless, there is no doubt that that use of malware for the facilitation of crimes such as Internet banking and credit card fraud, identity theft, and money laundering has increased markedly in recent years (Choo, 2011; FireEye, 2013; Tendulkar, 2013). The same is true of the use of the Internet by pedophiles in connection with online child exploitation activities such as online child grooming and dissemination of child abuse and exploitative material (Choo, 2009a,