An analysis method of forensic investigation for platform-as-a-service cloud storage services
Cloud computing has changed most of the ways users interact with computers and mobile devices. Every user, power-users or normal users, can take advantage of Cloud storage and in such a way that they can develop or store their data in cloud and access them anytime they want. There are three types...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
2016
|
Subjects: | |
Online Access: | http://psasir.upm.edu.my/id/eprint/69390/1/FSKTM%202016%2041%20IR.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Cloud computing has changed most of the ways users interact with computers and
mobile devices. Every user, power-users or normal users, can take advantage of Cloud
storage and in such a way that they can develop or store their data in cloud and access
them anytime they want. There are three types of cloud Platform as a Service (PaaS),
Software as a Service (SaaS) and Infrastructure as a Service (IaaS) but our focus is
PaaS. Though, PaaS has made it easier to code and develop new application for
developers, it has helped criminals to write their malicious application with minimum
trace as well. PaaS cloud client applications could be a very useful for forensics
investigators as they contain much information about the user. Although, there have
been many digital forensics researches done on SaaS and IaaS, there have been close to
none such research on PaaS. Therefore, the problem here is first there is not enough
research in PaaS and second criminals use this service to create malicious applications.
Previous researches on forensic analysis of PaaS cloud applications on Windows
machines and smartphones used present forensic analyser tools and failed to detect all
the data remnants such as file contents, email addresses, activity trails of users and
many more. Also, majority of works were done on SaaS and IaaS cloud applications.
In this research, to address the problems of lack of work on PaaS and lack of enough
forensic data after analysis we propose a new analysis method for PaaS cloud
applications to maximise the amount forensic that can be extracted in process of
analysis. The proposed analysis method is valid for examining the internal storage,
internal memory and network traffic of PC and smartphones. In the proposed analysis
method of this project, the raw data of collected images is analysed. This analysis is
done based on predefined keywords to detect login information. Upon identification of
user’s data and pattern, the keywords which are common among PaaS applications are
defined and then the raw data of images are analysed once again to find any remaining data remnants on the system. After the evidences are found and extracted then the
researcher proceeds to presenting the findings in a report form. The new analysis
method is tested on popular PaaS client applications namely Openshift and Heroku on
Windows PC and mobile platforms iOS and Android.
The outcome of this research establishes the use of the mentioned PaaS applications on
the investigated computers and smartphones and results in identification of artefacts
such as usernames, passwords, login information, application source code and
application information. The result of this research assists forensic examiners and
practitioners in understanding the types of artefacts that are likely to remain on
Windows machines and iOS and Android smartphones after using PaaS applications
and also it helps these applications’ developers to make the applications more secure
and users to know the security issues of these applications. |
---|