Digital forensics framework for investigating client cloud storage applications on smartphones
In today's modern world, the growing use of smartphones with the Internet access supported increasing deployment of cloud storage applications to access data anywhere, anytime. It provides a sharp increase of the possibility of malicious activities to abuse the cloud storages. One of the emergi...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2015
|
| Subjects: | |
| Online Access: | http://psasir.upm.edu.my/id/eprint/57096/1/FSKTM%202015%204RR.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my-upm-ir.57096 |
|---|---|
| record_format |
uketd_dc |
| spelling |
my-upm-ir.570962017-08-23T02:18:52Z Digital forensics framework for investigating client cloud storage applications on smartphones 2015-05 Daryabar, Farid In today's modern world, the growing use of smartphones with the Internet access supported increasing deployment of cloud storage applications to access data anywhere, anytime. It provides a sharp increase of the possibility of malicious activities to abuse the cloud storages. One of the emerging challenges regarding digital forensic research investigations is cloud storage, as well as increasing use of cloud storage applications on mobile devices. The overlap of these two growing technologies further cyber criminals opportunities to conduct malicious activities such as identity theft,piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. This has made mobile devices as an important source of evidence in digital investigation. Not knowing where the data may reside can impede the investigators, as it could take considerable time to contact all potential service providers to determine if the data is stored within their cloud service. Current mobile forensic analyzer tools, procedures and methods are able to extract valuable information from VoIP, Social Networking,Mail Applications on smartphones; however, the mobile forensic analyzer tools cannot acquire enough valuable information from cloud applications on smartphones. Therefore, there is a forensically sound need for a digital forensic framework focusing on analysis phase of smartphones to identify potential data on cloud storages. In this thesis, a framework for investigating client cloud storage applications on smartphones is proposed. Using the framework, we seek to analyze and determine the data remnants from the use of five popular cloud client Apps of OneDrive, Box, Mega, GoogleDrive, and Dropbox on the popular smartphones that use operating systems of Android and iOS. A variety of circumstances have been considered, including methods to upload, download, delete and share files in the cloud storage clients to determine residue data on client devices. Moreover, in terms of evidence preservation, possible modifications in files content and metadata that may affect preservation of evidence from these platforms are examined. A variety of artifacts were detected from different users’ activities such as login, upload, download, delete, and sharing files. Moreover, the cloud client applications in the Android device did not cause any alteration to the content of the files. However, the files’ timestamps were changed from the original sample files, and this needs to be considered when forming conclusions in relation to examination of times and dates of the files within the cloud client applications. The findings may assist forensic examiners and practitioners in real world examination of cloud client applications on Android and iOS platforms. Cloud computing - Mobile apps Mobile computing Security measures 2015-05 Thesis http://psasir.upm.edu.my/id/eprint/57096/ http://psasir.upm.edu.my/id/eprint/57096/1/FSKTM%202015%204RR.pdf application/pdf en public masters Universiti Putra Malaysia Cloud computing - Mobile apps Mobile computing Security measures |
| institution |
Universiti Putra Malaysia |
| collection |
PSAS Institutional Repository |
| language |
English |
| topic |
Cloud computing - Mobile apps Mobile computing Security measures |
| spellingShingle |
Cloud computing - Mobile apps Mobile computing Security measures Daryabar, Farid Digital forensics framework for investigating client cloud storage applications on smartphones |
| description |
In today's modern world, the growing use of smartphones with the Internet access supported increasing deployment of cloud storage applications to access data anywhere, anytime. It provides a sharp increase of the possibility of malicious activities to abuse the cloud storages. One of the emerging challenges regarding digital forensic research investigations is cloud storage, as well as increasing use of cloud storage applications on mobile devices. The overlap of these two growing technologies further cyber criminals opportunities to conduct malicious activities such as identity theft,piracy, illegal trading, sexual harassment, cyber stalking and cyber terrorism. This has made mobile devices as an important source of evidence in digital investigation. Not knowing where the data may reside can impede the investigators, as it could take considerable time to contact all potential service providers to determine if the data is stored within their cloud service. Current mobile forensic analyzer tools, procedures and methods are able to extract valuable information from VoIP, Social Networking,Mail Applications on smartphones; however, the mobile forensic analyzer tools cannot acquire enough valuable information from cloud applications on smartphones. Therefore, there is a forensically sound need for a digital forensic framework focusing on analysis phase of smartphones to identify potential data on cloud storages. In this thesis, a framework for investigating client cloud storage applications on smartphones is proposed. Using the framework, we seek to analyze and determine the data remnants from the use of five popular cloud client Apps of OneDrive, Box, Mega, GoogleDrive, and Dropbox on the popular smartphones that use operating systems of Android and iOS. A variety of circumstances have been considered, including methods to upload, download, delete and share files in the cloud storage clients to determine residue data on client devices. Moreover, in terms of evidence preservation, possible modifications in files content and metadata that may affect preservation of evidence from these platforms are examined. A variety of artifacts were detected from different users’ activities such as login, upload, download, delete, and sharing files. Moreover, the cloud client applications in the Android device did not cause any alteration to the content of the files. However, the files’ timestamps were changed from the original sample files, and this needs to be considered when forming conclusions in relation to examination of times and dates of the files within the cloud client applications. The findings may assist forensic examiners and practitioners in real world examination of cloud client applications on Android and iOS platforms. |
| format |
Thesis |
| qualification_level |
Master's degree |
| author |
Daryabar, Farid |
| author_facet |
Daryabar, Farid |
| author_sort |
Daryabar, Farid |
| title |
Digital forensics framework for investigating client cloud storage applications on smartphones |
| title_short |
Digital forensics framework for investigating client cloud storage applications on smartphones |
| title_full |
Digital forensics framework for investigating client cloud storage applications on smartphones |
| title_fullStr |
Digital forensics framework for investigating client cloud storage applications on smartphones |
| title_full_unstemmed |
Digital forensics framework for investigating client cloud storage applications on smartphones |
| title_sort |
digital forensics framework for investigating client cloud storage applications on smartphones |
| granting_institution |
Universiti Putra Malaysia |
| publishDate |
2015 |
| url |
http://psasir.upm.edu.my/id/eprint/57096/1/FSKTM%202015%204RR.pdf |
| _version_ |
1747812164118249472 |