An analysis method of forensic investigation for platform-as-a-service cloud storage services

Cloud computing has changed most of the ways users interact with computers and mobile devices. Every user, power-users or normal users, can take advantage of Cloud storage and in such a way that they can develop or store their data in cloud and access them anytime they want. There are three types...

Full description

Saved in:
Bibliographic Details
Main Author: Shaerpour, Kaveh
Format: Thesis
Language:English
Published: 2016
Subjects:
Online Access:http://psasir.upm.edu.my/id/eprint/69390/1/FSKTM%202016%2041%20IR.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
id my-upm-ir.69390
record_format uketd_dc
spelling my-upm-ir.693902019-07-10T01:06:39Z An analysis method of forensic investigation for platform-as-a-service cloud storage services 2016-12 Shaerpour, Kaveh Cloud computing has changed most of the ways users interact with computers and mobile devices. Every user, power-users or normal users, can take advantage of Cloud storage and in such a way that they can develop or store their data in cloud and access them anytime they want. There are three types of cloud Platform as a Service (PaaS), Software as a Service (SaaS) and Infrastructure as a Service (IaaS) but our focus is PaaS. Though, PaaS has made it easier to code and develop new application for developers, it has helped criminals to write their malicious application with minimum trace as well. PaaS cloud client applications could be a very useful for forensics investigators as they contain much information about the user. Although, there have been many digital forensics researches done on SaaS and IaaS, there have been close to none such research on PaaS. Therefore, the problem here is first there is not enough research in PaaS and second criminals use this service to create malicious applications. Previous researches on forensic analysis of PaaS cloud applications on Windows machines and smartphones used present forensic analyser tools and failed to detect all the data remnants such as file contents, email addresses, activity trails of users and many more. Also, majority of works were done on SaaS and IaaS cloud applications. In this research, to address the problems of lack of work on PaaS and lack of enough forensic data after analysis we propose a new analysis method for PaaS cloud applications to maximise the amount forensic that can be extracted in process of analysis. The proposed analysis method is valid for examining the internal storage, internal memory and network traffic of PC and smartphones. In the proposed analysis method of this project, the raw data of collected images is analysed. This analysis is done based on predefined keywords to detect login information. Upon identification of user’s data and pattern, the keywords which are common among PaaS applications are defined and then the raw data of images are analysed once again to find any remaining data remnants on the system. After the evidences are found and extracted then the researcher proceeds to presenting the findings in a report form. The new analysis method is tested on popular PaaS client applications namely Openshift and Heroku on Windows PC and mobile platforms iOS and Android. The outcome of this research establishes the use of the mentioned PaaS applications on the investigated computers and smartphones and results in identification of artefacts such as usernames, passwords, login information, application source code and application information. The result of this research assists forensic examiners and practitioners in understanding the types of artefacts that are likely to remain on Windows machines and iOS and Android smartphones after using PaaS applications and also it helps these applications’ developers to make the applications more secure and users to know the security issues of these applications. Cloud computing Criminal investigation 2016-12 Thesis http://psasir.upm.edu.my/id/eprint/69390/ http://psasir.upm.edu.my/id/eprint/69390/1/FSKTM%202016%2041%20IR.pdf text en public masters Universiti Putra Malaysia Cloud computing Criminal investigation
institution Universiti Putra Malaysia
collection PSAS Institutional Repository
language English
topic Cloud computing
Criminal investigation

spellingShingle Cloud computing
Criminal investigation

Shaerpour, Kaveh
An analysis method of forensic investigation for platform-as-a-service cloud storage services
description Cloud computing has changed most of the ways users interact with computers and mobile devices. Every user, power-users or normal users, can take advantage of Cloud storage and in such a way that they can develop or store their data in cloud and access them anytime they want. There are three types of cloud Platform as a Service (PaaS), Software as a Service (SaaS) and Infrastructure as a Service (IaaS) but our focus is PaaS. Though, PaaS has made it easier to code and develop new application for developers, it has helped criminals to write their malicious application with minimum trace as well. PaaS cloud client applications could be a very useful for forensics investigators as they contain much information about the user. Although, there have been many digital forensics researches done on SaaS and IaaS, there have been close to none such research on PaaS. Therefore, the problem here is first there is not enough research in PaaS and second criminals use this service to create malicious applications. Previous researches on forensic analysis of PaaS cloud applications on Windows machines and smartphones used present forensic analyser tools and failed to detect all the data remnants such as file contents, email addresses, activity trails of users and many more. Also, majority of works were done on SaaS and IaaS cloud applications. In this research, to address the problems of lack of work on PaaS and lack of enough forensic data after analysis we propose a new analysis method for PaaS cloud applications to maximise the amount forensic that can be extracted in process of analysis. The proposed analysis method is valid for examining the internal storage, internal memory and network traffic of PC and smartphones. In the proposed analysis method of this project, the raw data of collected images is analysed. This analysis is done based on predefined keywords to detect login information. Upon identification of user’s data and pattern, the keywords which are common among PaaS applications are defined and then the raw data of images are analysed once again to find any remaining data remnants on the system. After the evidences are found and extracted then the researcher proceeds to presenting the findings in a report form. The new analysis method is tested on popular PaaS client applications namely Openshift and Heroku on Windows PC and mobile platforms iOS and Android. The outcome of this research establishes the use of the mentioned PaaS applications on the investigated computers and smartphones and results in identification of artefacts such as usernames, passwords, login information, application source code and application information. The result of this research assists forensic examiners and practitioners in understanding the types of artefacts that are likely to remain on Windows machines and iOS and Android smartphones after using PaaS applications and also it helps these applications’ developers to make the applications more secure and users to know the security issues of these applications.
format Thesis
qualification_level Master's degree
author Shaerpour, Kaveh
author_facet Shaerpour, Kaveh
author_sort Shaerpour, Kaveh
title An analysis method of forensic investigation for platform-as-a-service cloud storage services
title_short An analysis method of forensic investigation for platform-as-a-service cloud storage services
title_full An analysis method of forensic investigation for platform-as-a-service cloud storage services
title_fullStr An analysis method of forensic investigation for platform-as-a-service cloud storage services
title_full_unstemmed An analysis method of forensic investigation for platform-as-a-service cloud storage services
title_sort analysis method of forensic investigation for platform-as-a-service cloud storage services
granting_institution Universiti Putra Malaysia
publishDate 2016
url http://psasir.upm.edu.my/id/eprint/69390/1/FSKTM%202016%2041%20IR.pdf
_version_ 1747812691132547072